Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-3paj-fqdp-yyg3

Summary 389-ds-base: using dscreate in verbose mode results in information disclosure

Aliases

alias	CVE-2019-10224

Fixed_packages

url	pkg:deb/debian/389-ds-base@1.4.1.5-1?distro=trixie
purl	pkg:deb/debian/389-ds-base@1.4.1.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.1.5-1%3Fdistro=trixie

url pkg:deb/debian/389-ds-base@1.4.4.11-2

purl pkg:deb/debian/389-ds-base@1.4.4.11-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tdy-umt6-4ubr

vulnerability	VCID-63rm-mq1r-5fbz

vulnerability	VCID-6f2q-qatg-kucr

vulnerability	VCID-77rw-db6h-hya9

vulnerability	VCID-bpw5-xeju-93f3

vulnerability	VCID-hjvf-3mm8-xfhq

vulnerability	VCID-kbvd-dfmn-buat

vulnerability	VCID-knxk-357y-efhh

vulnerability	VCID-pqe1-ewjj-uqbn

vulnerability	VCID-qkca-awn5-hfas

vulnerability	VCID-qv4g-5kzs-9kfa

vulnerability	VCID-rffx-mwhe-tqe5

vulnerability	VCID-vx15-pahy-ufbn

vulnerability	VCID-x8k9-na1n-8fgj

vulnerability	VCID-xs3r-chc9-27dr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2

url pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie

purl pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-63rm-mq1r-5fbz

vulnerability	VCID-6f2q-qatg-kucr

vulnerability	VCID-bpw5-xeju-93f3

vulnerability	VCID-kbvd-dfmn-buat

vulnerability	VCID-pqe1-ewjj-uqbn

vulnerability	VCID-xs3r-chc9-27dr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie

url pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2q-qatg-kucr

vulnerability	VCID-bpw5-xeju-93f3

vulnerability	VCID-kbvd-dfmn-buat

vulnerability	VCID-pqe1-ewjj-uqbn

vulnerability	VCID-xs3r-chc9-27dr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-pqe1-ewjj-uqbn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-1?distro=trixie
purl	pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-1%3Fdistro=trixie

url	pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie
purl	pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/389-ds-base@1.3.3.5-4

purl pkg:deb/debian/389-ds-base@1.3.3.5-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cnv-xra9-d7fw

vulnerability	VCID-1emx-jre5-v7dm

vulnerability	VCID-34te-4xhe-17h2

vulnerability	VCID-3paj-fqdp-yyg3

vulnerability	VCID-4tdy-umt6-4ubr

vulnerability	VCID-4tn2-her5-6fe1

vulnerability	VCID-77rw-db6h-hya9

vulnerability	VCID-7teh-3vk4-a7du

vulnerability	VCID-ewv4-4dk9-8bew

vulnerability	VCID-f3t3-vxrz-8uew

vulnerability	VCID-gmg8-mepq-87ez

vulnerability	VCID-gmpt-rg5q-n3dk

vulnerability	VCID-hjvf-3mm8-xfhq

vulnerability	VCID-hvag-zpvk-vqbw

vulnerability	VCID-jge6-uqra-yba1

vulnerability	VCID-kkeh-mm7b-quc4

vulnerability	VCID-knxk-357y-efhh

vulnerability	VCID-n9jd-zew1-77d7

vulnerability	VCID-pexr-smr8-gbhh

vulnerability	VCID-qkca-awn5-hfas

vulnerability	VCID-qv4g-5kzs-9kfa

vulnerability	VCID-rffx-mwhe-tqe5

vulnerability	VCID-s9es-be9s-t3h3

vulnerability	VCID-vu7g-kqpe-83hq

vulnerability	VCID-vx15-pahy-ufbn

vulnerability	VCID-wcyy-45hw-2fc6

vulnerability	VCID-wk61-n55m-j3fg

vulnerability	VCID-wqg4-uer5-u3fd

vulnerability	VCID-x8k9-na1n-8fgj

vulnerability	VCID-xq1g-upbu-x7dp

vulnerability	VCID-yaw8-dzr7-hyha

vulnerability	VCID-z7kp-3dwk-wkgr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.3.5-4

url pkg:deb/debian/389-ds-base@1.3.5.17-2

purl pkg:deb/debian/389-ds-base@1.3.5.17-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cnv-xra9-d7fw

vulnerability	VCID-1emx-jre5-v7dm

vulnerability	VCID-3paj-fqdp-yyg3

vulnerability	VCID-4tdy-umt6-4ubr

vulnerability	VCID-4tn2-her5-6fe1

vulnerability	VCID-77rw-db6h-hya9

vulnerability	VCID-7teh-3vk4-a7du

vulnerability	VCID-f3t3-vxrz-8uew

vulnerability	VCID-gmg8-mepq-87ez

vulnerability	VCID-hjvf-3mm8-xfhq

vulnerability	VCID-hvag-zpvk-vqbw

vulnerability	VCID-jge6-uqra-yba1

vulnerability	VCID-kkeh-mm7b-quc4

vulnerability	VCID-knxk-357y-efhh

vulnerability	VCID-pexr-smr8-gbhh

vulnerability	VCID-qkca-awn5-hfas

vulnerability	VCID-qv4g-5kzs-9kfa

vulnerability	VCID-rffx-mwhe-tqe5

vulnerability	VCID-s9es-be9s-t3h3

vulnerability	VCID-vu7g-kqpe-83hq

vulnerability	VCID-vx15-pahy-ufbn

vulnerability	VCID-wcyy-45hw-2fc6

vulnerability	VCID-x8k9-na1n-8fgj

vulnerability	VCID-yaw8-dzr7-hyha

vulnerability	VCID-z7kp-3dwk-wkgr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.5.17-2

url pkg:deb/debian/389-ds-base@1.4.0.21-1

purl pkg:deb/debian/389-ds-base@1.4.0.21-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3paj-fqdp-yyg3

vulnerability	VCID-4tdy-umt6-4ubr

vulnerability	VCID-4tn2-her5-6fe1

vulnerability	VCID-77rw-db6h-hya9

vulnerability	VCID-hjvf-3mm8-xfhq

vulnerability	VCID-knxk-357y-efhh

vulnerability	VCID-pexr-smr8-gbhh

vulnerability	VCID-qkca-awn5-hfas

vulnerability	VCID-qv4g-5kzs-9kfa

vulnerability	VCID-rffx-mwhe-tqe5

vulnerability	VCID-vx15-pahy-ufbn

vulnerability	VCID-wcyy-45hw-2fc6

vulnerability	VCID-x8k9-na1n-8fgj

vulnerability	VCID-z7kp-3dwk-wkgr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.0.21-1

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10224.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10224.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10224

reference_id

reference_type

scores

value	0.00052
scoring_system	epss
scoring_elements	0.16239
published_at	2026-04-01T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16368
published_at	2026-04-12T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.1642
published_at	2026-04-02T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16483
published_at	2026-04-04T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.1628
published_at	2026-04-07T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16365
published_at	2026-04-08T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16423
published_at	2026-04-09T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16407
published_at	2026-04-11T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16304
published_at	2026-04-13T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16242
published_at	2026-04-16T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16263
published_at	2026-04-18T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16299
published_at	2026-04-21T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16189
published_at	2026-04-24T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18993
published_at	2026-04-26T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.33882
published_at	2026-05-12T12:55:00Z

value	0.00142
scoring_system	epss
scoring_elements	0.33857
published_at	2026-05-11T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.34877
published_at	2026-05-05T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.3495
published_at	2026-05-07T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.34987
published_at	2026-05-09T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.34998
published_at	2026-04-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10224

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10224
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10224

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html

reference_url	https://pagure.io/389-ds-base/issue/50251
reference_id
reference_type
scores
url	https://pagure.io/389-ds-base/issue/50251

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1677147
reference_id	1677147
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1677147

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:389_directory_server::::::::
reference_id	cpe:2.3:a:fedoraproject:389_directory_server::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:389_directory_server::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10224

reference_id

CVE-2019-10224

reference_type

scores

value	2.1
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:P/I:N/A:N

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10224

reference_url	https://access.redhat.com/errata/RHSA-2019:3401
reference_id	RHSA-2019:3401
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3401

Weaknesses

cwe_id	538
name	Insertion of Sensitive Information into Externally-Accessible File or Directory
description	The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

cwe_id	522
name	Insufficiently Protected Credentials
description	The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

cwe_id	200
name	Exposure of Sensitive Information to an Unauthorized Actor
description	The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Exploits

Severity_range_score 2.1 - 4.6

Exploitability 0.5

Weighted_severity 4.1

Risk_score 2.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3paj-fqdp-yyg3

Vulnerability Instance