Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ycr2-sg99-cfc5
Summary
Information Exposure
The tab switching cookie is not properly escaped.
Aliases
0
alias GMS-2015-12
Fixed_packages
0
url pkg:pypi/djangorestframework@2.4.5
purl pkg:pypi/djangorestframework@2.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-az5u-1a5w-9ffa
1
vulnerability VCID-exen-v4sg-mudc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@2.4.5
1
url pkg:pypi/djangorestframework@3.1.1
purl pkg:pypi/djangorestframework@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-az5u-1a5w-9ffa
1
vulnerability VCID-exen-v4sg-mudc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@3.1.1
Affected_packages
0
url pkg:pypi/djangorestframework@2.4.0
purl pkg:pypi/djangorestframework@2.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-az5u-1a5w-9ffa
1
vulnerability VCID-exen-v4sg-mudc
2
vulnerability VCID-ycr2-sg99-cfc5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@2.4.0
1
url pkg:pypi/djangorestframework@2.4.1
purl pkg:pypi/djangorestframework@2.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-az5u-1a5w-9ffa
1
vulnerability VCID-exen-v4sg-mudc
2
vulnerability VCID-ycr2-sg99-cfc5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@2.4.1
2
url pkg:pypi/djangorestframework@2.4.2
purl pkg:pypi/djangorestframework@2.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-az5u-1a5w-9ffa
1
vulnerability VCID-exen-v4sg-mudc
2
vulnerability VCID-ycr2-sg99-cfc5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@2.4.2
3
url pkg:pypi/djangorestframework@2.4.3
purl pkg:pypi/djangorestframework@2.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-az5u-1a5w-9ffa
1
vulnerability VCID-exen-v4sg-mudc
2
vulnerability VCID-ycr2-sg99-cfc5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@2.4.3
4
url pkg:pypi/djangorestframework@2.4.4
purl pkg:pypi/djangorestframework@2.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-az5u-1a5w-9ffa
1
vulnerability VCID-exen-v4sg-mudc
2
vulnerability VCID-ycr2-sg99-cfc5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@2.4.4
5
url pkg:pypi/djangorestframework@3.0.0
purl pkg:pypi/djangorestframework@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-az5u-1a5w-9ffa
1
vulnerability VCID-exen-v4sg-mudc
2
vulnerability VCID-ycr2-sg99-cfc5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@3.0.0
6
url pkg:pypi/djangorestframework@3.0.1
purl pkg:pypi/djangorestframework@3.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-az5u-1a5w-9ffa
1
vulnerability VCID-exen-v4sg-mudc
2
vulnerability VCID-ycr2-sg99-cfc5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@3.0.1
7
url pkg:pypi/djangorestframework@3.0.2
purl pkg:pypi/djangorestframework@3.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-az5u-1a5w-9ffa
1
vulnerability VCID-exen-v4sg-mudc
2
vulnerability VCID-ycr2-sg99-cfc5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@3.0.2
8
url pkg:pypi/djangorestframework@3.0.3
purl pkg:pypi/djangorestframework@3.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-az5u-1a5w-9ffa
1
vulnerability VCID-exen-v4sg-mudc
2
vulnerability VCID-ycr2-sg99-cfc5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@3.0.3
9
url pkg:pypi/djangorestframework@3.0.4
purl pkg:pypi/djangorestframework@3.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-az5u-1a5w-9ffa
1
vulnerability VCID-exen-v4sg-mudc
2
vulnerability VCID-ycr2-sg99-cfc5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@3.0.4
10
url pkg:pypi/djangorestframework@3.0.5
purl pkg:pypi/djangorestframework@3.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-az5u-1a5w-9ffa
1
vulnerability VCID-exen-v4sg-mudc
2
vulnerability VCID-ycr2-sg99-cfc5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@3.0.5
11
url pkg:pypi/djangorestframework@3.1.0
purl pkg:pypi/djangorestframework@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-az5u-1a5w-9ffa
1
vulnerability VCID-exen-v4sg-mudc
2
vulnerability VCID-ycr2-sg99-cfc5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@3.1.0
References
0
reference_url https://github.com/encode/django-rest-framework/blob/3.6.4/docs/topics/release-notes.md#311
reference_id
reference_type
scores
url https://github.com/encode/django-rest-framework/blob/3.6.4/docs/topics/release-notes.md#311
1
reference_url https://github.com/encode/django-rest-framework/commit/58f9603f703138cbd6749c64dd7da2d41468fc99
reference_id
reference_type
scores
url https://github.com/encode/django-rest-framework/commit/58f9603f703138cbd6749c64dd7da2d41468fc99
2
reference_url https://github.com/encode/django-rest-framework/commit/7872d0acbffeea5f4420aae5627f8767c6418ba3
reference_id
reference_type
scores
url https://github.com/encode/django-rest-framework/commit/7872d0acbffeea5f4420aae5627f8767c6418ba3
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitability0.5
Weighted_severity0.0
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ycr2-sg99-cfc5