{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7111?format=json","vulnerability_id":"VCID-ycr2-sg99-cfc5","summary":"Information Exposure\nThe tab switching cookie is not properly escaped.","aliases":[{"alias":"GMS-2015-12"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13509?format=json","purl":"pkg:pypi/djangorestframework@2.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-az5u-1a5w-9ffa"},{"vulnerability":"VCID-exen-v4sg-mudc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@2.4.5"},{"url":"http://public2.vulnerablecode.io/api/packages/13520?format=json","purl":"pkg:pypi/djangorestframework@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-az5u-1a5w-9ffa"},{"vulnerability":"VCID-exen-v4sg-mudc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@3.1.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13504?format=json","purl":"pkg:pypi/djangorestframework@2.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-az5u-1a5w-9ffa"},{"vulnerability":"VCID-exen-v4sg-mudc"},{"vulnerability":"VCID-ycr2-sg99-cfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@2.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/13505?format=json","purl":"pkg:pypi/djangorestframework@2.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-az5u-1a5w-9ffa"},{"vulnerability":"VCID-exen-v4sg-mudc"},{"vulnerability":"VCID-ycr2-sg99-cfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@2.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/13506?format=json","purl":"pkg:pypi/djangorestframework@2.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-az5u-1a5w-9ffa"},{"vulnerability":"VCID-exen-v4sg-mudc"},{"vulnerability":"VCID-ycr2-sg99-cfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@2.4.2"},{"url":"http://public2.vulnerablecode.io/api/packages/13507?format=json","purl":"pkg:pypi/djangorestframework@2.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-az5u-1a5w-9ffa"},{"vulnerability":"VCID-exen-v4sg-mudc"},{"vulnerability":"VCID-ycr2-sg99-cfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@2.4.3"},{"url":"http://public2.vulnerablecode.io/api/packages/13508?format=json","purl":"pkg:pypi/djangorestframework@2.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-az5u-1a5w-9ffa"},{"vulnerability":"VCID-exen-v4sg-mudc"},{"vulnerability":"VCID-ycr2-sg99-cfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@2.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/13513?format=json","purl":"pkg:pypi/djangorestframework@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-az5u-1a5w-9ffa"},{"vulnerability":"VCID-exen-v4sg-mudc"},{"vulnerability":"VCID-ycr2-sg99-cfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@3.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/13514?format=json","purl":"pkg:pypi/djangorestframework@3.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-az5u-1a5w-9ffa"},{"vulnerability":"VCID-exen-v4sg-mudc"},{"vulnerability":"VCID-ycr2-sg99-cfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@3.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/13515?format=json","purl":"pkg:pypi/djangorestframework@3.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-az5u-1a5w-9ffa"},{"vulnerability":"VCID-exen-v4sg-mudc"},{"vulnerability":"VCID-ycr2-sg99-cfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@3.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/13516?format=json","purl":"pkg:pypi/djangorestframework@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-az5u-1a5w-9ffa"},{"vulnerability":"VCID-exen-v4sg-mudc"},{"vulnerability":"VCID-ycr2-sg99-cfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@3.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/13517?format=json","purl":"pkg:pypi/djangorestframework@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-az5u-1a5w-9ffa"},{"vulnerability":"VCID-exen-v4sg-mudc"},{"vulnerability":"VCID-ycr2-sg99-cfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@3.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/13518?format=json","purl":"pkg:pypi/djangorestframework@3.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-az5u-1a5w-9ffa"},{"vulnerability":"VCID-exen-v4sg-mudc"},{"vulnerability":"VCID-ycr2-sg99-cfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@3.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/13519?format=json","purl":"pkg:pypi/djangorestframework@3.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-az5u-1a5w-9ffa"},{"vulnerability":"VCID-exen-v4sg-mudc"},{"vulnerability":"VCID-ycr2-sg99-cfc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@3.1.0"}],"references":[{"reference_url":"https://github.com/encode/django-rest-framework/blob/3.6.4/docs/topics/release-notes.md#311","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/encode/django-rest-framework/blob/3.6.4/docs/topics/release-notes.md#311"},{"reference_url":"https://github.com/encode/django-rest-framework/commit/58f9603f703138cbd6749c64dd7da2d41468fc99","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/encode/django-rest-framework/commit/58f9603f703138cbd6749c64dd7da2d41468fc99"},{"reference_url":"https://github.com/encode/django-rest-framework/commit/7872d0acbffeea5f4420aae5627f8767c6418ba3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/encode/django-rest-framework/commit/7872d0acbffeea5f4420aae5627f8767c6418ba3"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":"0.5","weighted_severity":"0.0","risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ycr2-sg99-cfc5"}