Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-an5a-3u2z-bqck
SummaryA Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a second path resolution to create the target file, neither of which is anchored to a directory file descriptor. An attacker with concurrent write access can replace a path component with a symbolic link between these operations, redirecting the privileged write to an arbitrary file system location.
Aliases
0
alias CVE-2026-35356
1
alias GHSA-m26v-hjq3-x245
Fixed_packages
0
url pkg:cargo/coreutils@0.7.0
purl pkg:cargo/coreutils@0.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/coreutils@0.7.0
1
url pkg:deb/debian/rust-coreutils@0.7.0-1?distro=trixie
purl pkg:deb/debian/rust-coreutils@0.7.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-coreutils@0.7.0-1%3Fdistro=trixie
2
url pkg:deb/debian/rust-coreutils@0.9.0-3?distro=trixie
purl pkg:deb/debian/rust-coreutils@0.9.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-coreutils@0.9.0-3%3Fdistro=trixie
3
url pkg:deb/debian/rust-coreutils@0.9.0-3
purl pkg:deb/debian/rust-coreutils@0.9.0-3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-coreutils@0.9.0-3
Affected_packages
0
url pkg:deb/debian/rust-coreutils@0.0.17-2
purl pkg:deb/debian/rust-coreutils@0.0.17-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xma-bq3c-u3h9
1
vulnerability VCID-3npq-hj69-cygg
2
vulnerability VCID-45py-d4z2-33eh
3
vulnerability VCID-4asg-vgfk-n7av
4
vulnerability VCID-7agw-m43h-pkb1
5
vulnerability VCID-868e-a9h5-vuc7
6
vulnerability VCID-8wnr-wkj1-n3fw
7
vulnerability VCID-9wd6-ma2f-dfar
8
vulnerability VCID-aghn-83cb-rbf2
9
vulnerability VCID-an5a-3u2z-bqck
10
vulnerability VCID-cz18-jcfj-ruc9
11
vulnerability VCID-f86r-a3zm-3bcd
12
vulnerability VCID-fagp-1t6k-vffu
13
vulnerability VCID-fmgt-fwj4-wqdu
14
vulnerability VCID-g5yr-q2gm-tkhk
15
vulnerability VCID-gtvr-x9jh-w7gk
16
vulnerability VCID-jfqg-n8g4-y7e3
17
vulnerability VCID-jkhc-vvqy-uygx
18
vulnerability VCID-jkma-75vp-xyck
19
vulnerability VCID-ka1w-rgg3-c3hn
20
vulnerability VCID-mfjq-bkgq-yycg
21
vulnerability VCID-q9pt-1vcd-37bg
22
vulnerability VCID-rkja-wb14-m3hw
23
vulnerability VCID-rn89-dxgw-bue8
24
vulnerability VCID-rze6-x7s8-2fb1
25
vulnerability VCID-s1us-54av-gfhb
26
vulnerability VCID-szfn-p4u1-k3bp
27
vulnerability VCID-x173-jyfw-1ued
28
vulnerability VCID-xp6n-t68q-93dv
29
vulnerability VCID-xves-5auj-yqdg
30
vulnerability VCID-yaxf-65d5-7qck
31
vulnerability VCID-ztuq-wank-67fe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-coreutils@0.0.17-2
1
url pkg:deb/debian/rust-coreutils@0.0.17-2?distro=trixie
purl pkg:deb/debian/rust-coreutils@0.0.17-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xma-bq3c-u3h9
1
vulnerability VCID-3npq-hj69-cygg
2
vulnerability VCID-45py-d4z2-33eh
3
vulnerability VCID-4asg-vgfk-n7av
4
vulnerability VCID-7agw-m43h-pkb1
5
vulnerability VCID-868e-a9h5-vuc7
6
vulnerability VCID-8wnr-wkj1-n3fw
7
vulnerability VCID-9wd6-ma2f-dfar
8
vulnerability VCID-aghn-83cb-rbf2
9
vulnerability VCID-an5a-3u2z-bqck
10
vulnerability VCID-cz18-jcfj-ruc9
11
vulnerability VCID-f86r-a3zm-3bcd
12
vulnerability VCID-fagp-1t6k-vffu
13
vulnerability VCID-fmgt-fwj4-wqdu
14
vulnerability VCID-g5yr-q2gm-tkhk
15
vulnerability VCID-gtvr-x9jh-w7gk
16
vulnerability VCID-jfqg-n8g4-y7e3
17
vulnerability VCID-jkhc-vvqy-uygx
18
vulnerability VCID-jkma-75vp-xyck
19
vulnerability VCID-ka1w-rgg3-c3hn
20
vulnerability VCID-mfjq-bkgq-yycg
21
vulnerability VCID-q9pt-1vcd-37bg
22
vulnerability VCID-rkja-wb14-m3hw
23
vulnerability VCID-rn89-dxgw-bue8
24
vulnerability VCID-rze6-x7s8-2fb1
25
vulnerability VCID-s1us-54av-gfhb
26
vulnerability VCID-szfn-p4u1-k3bp
27
vulnerability VCID-x173-jyfw-1ued
28
vulnerability VCID-xp6n-t68q-93dv
29
vulnerability VCID-xves-5auj-yqdg
30
vulnerability VCID-yaxf-65d5-7qck
31
vulnerability VCID-ztuq-wank-67fe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-coreutils@0.0.17-2%3Fdistro=trixie
2
url pkg:deb/debian/rust-coreutils@0.0.30-2?distro=trixie
purl pkg:deb/debian/rust-coreutils@0.0.30-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xma-bq3c-u3h9
1
vulnerability VCID-3npq-hj69-cygg
2
vulnerability VCID-45py-d4z2-33eh
3
vulnerability VCID-4asg-vgfk-n7av
4
vulnerability VCID-7agw-m43h-pkb1
5
vulnerability VCID-868e-a9h5-vuc7
6
vulnerability VCID-8wnr-wkj1-n3fw
7
vulnerability VCID-9wd6-ma2f-dfar
8
vulnerability VCID-aghn-83cb-rbf2
9
vulnerability VCID-an5a-3u2z-bqck
10
vulnerability VCID-cz18-jcfj-ruc9
11
vulnerability VCID-f86r-a3zm-3bcd
12
vulnerability VCID-fagp-1t6k-vffu
13
vulnerability VCID-fmgt-fwj4-wqdu
14
vulnerability VCID-g5yr-q2gm-tkhk
15
vulnerability VCID-gtvr-x9jh-w7gk
16
vulnerability VCID-jfqg-n8g4-y7e3
17
vulnerability VCID-jkhc-vvqy-uygx
18
vulnerability VCID-jkma-75vp-xyck
19
vulnerability VCID-ka1w-rgg3-c3hn
20
vulnerability VCID-mfjq-bkgq-yycg
21
vulnerability VCID-q9pt-1vcd-37bg
22
vulnerability VCID-rkja-wb14-m3hw
23
vulnerability VCID-rn89-dxgw-bue8
24
vulnerability VCID-rze6-x7s8-2fb1
25
vulnerability VCID-s1us-54av-gfhb
26
vulnerability VCID-szfn-p4u1-k3bp
27
vulnerability VCID-x173-jyfw-1ued
28
vulnerability VCID-xp6n-t68q-93dv
29
vulnerability VCID-xves-5auj-yqdg
30
vulnerability VCID-yaxf-65d5-7qck
31
vulnerability VCID-ztuq-wank-67fe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-coreutils@0.0.30-2%3Fdistro=trixie
3
url pkg:deb/debian/rust-coreutils@0.0.30-2
purl pkg:deb/debian/rust-coreutils@0.0.30-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xma-bq3c-u3h9
1
vulnerability VCID-3npq-hj69-cygg
2
vulnerability VCID-45py-d4z2-33eh
3
vulnerability VCID-4asg-vgfk-n7av
4
vulnerability VCID-7agw-m43h-pkb1
5
vulnerability VCID-868e-a9h5-vuc7
6
vulnerability VCID-8wnr-wkj1-n3fw
7
vulnerability VCID-9wd6-ma2f-dfar
8
vulnerability VCID-aghn-83cb-rbf2
9
vulnerability VCID-an5a-3u2z-bqck
10
vulnerability VCID-cz18-jcfj-ruc9
11
vulnerability VCID-f86r-a3zm-3bcd
12
vulnerability VCID-fagp-1t6k-vffu
13
vulnerability VCID-fmgt-fwj4-wqdu
14
vulnerability VCID-g5yr-q2gm-tkhk
15
vulnerability VCID-gtvr-x9jh-w7gk
16
vulnerability VCID-jfqg-n8g4-y7e3
17
vulnerability VCID-jkhc-vvqy-uygx
18
vulnerability VCID-jkma-75vp-xyck
19
vulnerability VCID-ka1w-rgg3-c3hn
20
vulnerability VCID-mfjq-bkgq-yycg
21
vulnerability VCID-q9pt-1vcd-37bg
22
vulnerability VCID-rkja-wb14-m3hw
23
vulnerability VCID-rn89-dxgw-bue8
24
vulnerability VCID-rze6-x7s8-2fb1
25
vulnerability VCID-s1us-54av-gfhb
26
vulnerability VCID-szfn-p4u1-k3bp
27
vulnerability VCID-x173-jyfw-1ued
28
vulnerability VCID-xp6n-t68q-93dv
29
vulnerability VCID-xves-5auj-yqdg
30
vulnerability VCID-yaxf-65d5-7qck
31
vulnerability VCID-ztuq-wank-67fe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-coreutils@0.0.30-2
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35356
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02765
published_at 2026-06-13T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02781
published_at 2026-06-12T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02773
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35356
1
reference_url https://github.com/uutils/coreutils
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/uutils/coreutils
2
reference_url https://github.com/uutils/coreutils/commit/0c41299975f3c1e21cf5ca968d42cad55ceb42a1
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/uutils/coreutils/commit/0c41299975f3c1e21cf5ca968d42cad55ceb42a1
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35356
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35356
4
reference_url https://github.com/uutils/coreutils/releases/tag/0.7.0
reference_id 0.7.0
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:59:48Z/
url https://github.com/uutils/coreutils/releases/tag/0.7.0
5
reference_url https://github.com/uutils/coreutils/pull/10140
reference_id 10140
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:59:48Z/
url https://github.com/uutils/coreutils/pull/10140
6
reference_url https://github.com/advisories/GHSA-m26v-hjq3-x245
reference_id GHSA-m26v-hjq3-x245
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m26v-hjq3-x245
Weaknesses
0
cwe_id 367
name Time-of-check Time-of-use (TOCTOU) Race Condition
description The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-an5a-3u2z-bqck