Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-8jfv-cqa8-7yb6

Summary python: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs

Aliases

alias	CVE-2014-4650

Fixed_packages

url	pkg:deb/debian/python2.7@2.7.8-1?distro=bullseye
purl	pkg:deb/debian/python2.7@2.7.8-1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python2.7@2.7.8-1%3Fdistro=bullseye

url pkg:deb/debian/python2.7@2.7.9-2

purl pkg:deb/debian/python2.7@2.7.9-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1taa-a9e4-tbc5

vulnerability	VCID-2czu-wy37-qugf

vulnerability	VCID-2shb-2cvn-dyd2

vulnerability	VCID-3mu8-g6x3-effb

vulnerability	VCID-4py6-hkzp-v3d4

vulnerability	VCID-4q79-666d-rygx

vulnerability	VCID-4z89-3tfk-pyge

vulnerability	VCID-57c6-hx7f-efc6

vulnerability	VCID-7jat-6ags-qbdr

vulnerability	VCID-9mcr-rmtb-mufj

vulnerability	VCID-c97c-3177-wkhx

vulnerability	VCID-dkxn-j9dr-sqbp

vulnerability	VCID-dv5v-71b5-budp

vulnerability	VCID-gfzb-b7tt-fkgz

vulnerability	VCID-gkfp-ga1r-jkag

vulnerability	VCID-hcq4-yq9k-jygb

vulnerability	VCID-hgwh-tzsf-suc1

vulnerability	VCID-j9s6-2y47-zbbt

vulnerability	VCID-k18q-3e9y-ykgf

vulnerability	VCID-ppqx-qup8-sqbz

vulnerability	VCID-tyk4-kazt-kydj

vulnerability	VCID-ugfy-dufq-hfb2

vulnerability	VCID-v84j-ugn9-w3c8

vulnerability	VCID-vpwj-d49q-1uh8

vulnerability	VCID-w6k8-js68-87g4

vulnerability	VCID-wq7w-nrar-ykde

vulnerability	VCID-wxhp-wayg-qbd1

vulnerability	VCID-x7h3-nmjt-aud5

vulnerability	VCID-xv9p-nyha-xygv

vulnerability	VCID-yqm8-fk44-4yhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python2.7@2.7.9-2

url	pkg:deb/debian/python2.7@2.7.18-8%2Bdeb11u1?distro=bullseye
purl	pkg:deb/debian/python2.7@2.7.18-8%2Bdeb11u1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python2.7@2.7.18-8%252Bdeb11u1%3Fdistro=bullseye

Affected_packages

url pkg:deb/debian/python2.7@2.7.3-6%2Bdeb7u2

purl pkg:deb/debian/python2.7@2.7.3-6%2Bdeb7u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mw1-384y-huc7

vulnerability	VCID-1taa-a9e4-tbc5

vulnerability	VCID-2czu-wy37-qugf

vulnerability	VCID-2shb-2cvn-dyd2

vulnerability	VCID-3mu8-g6x3-effb

vulnerability	VCID-4py6-hkzp-v3d4

vulnerability	VCID-4q79-666d-rygx

vulnerability	VCID-4z89-3tfk-pyge

vulnerability	VCID-57c6-hx7f-efc6

vulnerability	VCID-7jat-6ags-qbdr

vulnerability	VCID-8aq9-8cf5-qbet

vulnerability	VCID-8jfv-cqa8-7yb6

vulnerability	VCID-9jj2-hsne-mbac

vulnerability	VCID-9mcr-rmtb-mufj

vulnerability	VCID-c97c-3177-wkhx

vulnerability	VCID-dkxn-j9dr-sqbp

vulnerability	VCID-dv5v-71b5-budp

vulnerability	VCID-ez5b-fvw8-hkh3

vulnerability	VCID-f5vu-k9rc-27fz

vulnerability	VCID-g81p-pg7g-xfcf

vulnerability	VCID-gfzb-b7tt-fkgz

vulnerability	VCID-gkfp-ga1r-jkag

vulnerability	VCID-hcq4-yq9k-jygb

vulnerability	VCID-hgwh-tzsf-suc1

vulnerability	VCID-j9s6-2y47-zbbt

vulnerability	VCID-k18q-3e9y-ykgf

vulnerability	VCID-mzd5-dwty-bqhf

vulnerability	VCID-ppqx-qup8-sqbz

vulnerability	VCID-tyk4-kazt-kydj

vulnerability	VCID-ugfy-dufq-hfb2

vulnerability	VCID-v84j-ugn9-w3c8

vulnerability	VCID-vpwj-d49q-1uh8

vulnerability	VCID-w6k8-js68-87g4

vulnerability	VCID-w85n-mm5g-5yd1

vulnerability	VCID-wq7w-nrar-ykde

vulnerability	VCID-wxhp-wayg-qbd1

vulnerability	VCID-x7h3-nmjt-aud5

vulnerability	VCID-xv9p-nyha-xygv

vulnerability	VCID-yqm8-fk44-4yhk

vulnerability	VCID-z6kh-961g-duck

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python2.7@2.7.3-6%252Bdeb7u2

url pkg:rpm/redhat/python@2.6.6-64?arch=el6

purl pkg:rpm/redhat/python@2.6.6-64?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jfv-cqa8-7yb6

vulnerability	VCID-ez5b-fvw8-hkh3

vulnerability	VCID-mzd5-dwty-bqhf

vulnerability	VCID-p57a-y8r3-qucc

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python@2.6.6-64%3Farch=el6

url pkg:rpm/redhat/python@2.7.5-34?arch=el7

purl pkg:rpm/redhat/python@2.7.5-34?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jfv-cqa8-7yb6

vulnerability	VCID-f5vu-k9rc-27fz

vulnerability	VCID-mzd5-dwty-bqhf

vulnerability	VCID-p57a-y8r3-qucc

vulnerability	VCID-w85n-mm5g-5yd1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python@2.7.5-34%3Farch=el7

url pkg:rpm/redhat/python27@1.1-17?arch=el6

purl pkg:rpm/redhat/python27@1.1-17?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jfv-cqa8-7yb6

vulnerability	VCID-ez5b-fvw8-hkh3

vulnerability	VCID-f5vu-k9rc-27fz

vulnerability	VCID-mzd5-dwty-bqhf

vulnerability	VCID-p57a-y8r3-qucc

vulnerability	VCID-w85n-mm5g-5yd1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python27@1.1-17%3Farch=el6

url pkg:rpm/redhat/python27@1.1-20?arch=el7

purl pkg:rpm/redhat/python27@1.1-20?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jfv-cqa8-7yb6

vulnerability	VCID-ez5b-fvw8-hkh3

vulnerability	VCID-f5vu-k9rc-27fz

vulnerability	VCID-mzd5-dwty-bqhf

vulnerability	VCID-p57a-y8r3-qucc

vulnerability	VCID-w85n-mm5g-5yd1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python27@1.1-20%3Farch=el7

url pkg:rpm/redhat/python27-python@2.7.8-3?arch=el7

purl pkg:rpm/redhat/python27-python@2.7.8-3?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jfv-cqa8-7yb6

vulnerability	VCID-ez5b-fvw8-hkh3

vulnerability	VCID-f5vu-k9rc-27fz

vulnerability	VCID-mzd5-dwty-bqhf

vulnerability	VCID-p57a-y8r3-qucc

vulnerability	VCID-w85n-mm5g-5yd1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python27-python@2.7.8-3%3Farch=el7

url pkg:rpm/redhat/python27-python@2.7.8-3?arch=el6

purl pkg:rpm/redhat/python27-python@2.7.8-3?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jfv-cqa8-7yb6

vulnerability	VCID-ez5b-fvw8-hkh3

vulnerability	VCID-f5vu-k9rc-27fz

vulnerability	VCID-mzd5-dwty-bqhf

vulnerability	VCID-p57a-y8r3-qucc

vulnerability	VCID-w85n-mm5g-5yd1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python27-python@2.7.8-3%3Farch=el6

url pkg:rpm/redhat/python27-python-pip@1.5.6-5?arch=el6

purl pkg:rpm/redhat/python27-python-pip@1.5.6-5?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jfv-cqa8-7yb6

vulnerability	VCID-ez5b-fvw8-hkh3

vulnerability	VCID-f5vu-k9rc-27fz

vulnerability	VCID-mzd5-dwty-bqhf

vulnerability	VCID-p57a-y8r3-qucc

vulnerability	VCID-w85n-mm5g-5yd1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python27-python-pip@1.5.6-5%3Farch=el6

url pkg:rpm/redhat/python27-python-pip@1.5.6-5?arch=el7

purl pkg:rpm/redhat/python27-python-pip@1.5.6-5?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jfv-cqa8-7yb6

vulnerability	VCID-ez5b-fvw8-hkh3

vulnerability	VCID-f5vu-k9rc-27fz

vulnerability	VCID-mzd5-dwty-bqhf

vulnerability	VCID-p57a-y8r3-qucc

vulnerability	VCID-w85n-mm5g-5yd1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python27-python-pip@1.5.6-5%3Farch=el7

url pkg:rpm/redhat/python27-python-setuptools@0.9.8-3?arch=el6

purl pkg:rpm/redhat/python27-python-setuptools@0.9.8-3?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jfv-cqa8-7yb6

vulnerability	VCID-ez5b-fvw8-hkh3

vulnerability	VCID-f5vu-k9rc-27fz

vulnerability	VCID-mzd5-dwty-bqhf

vulnerability	VCID-p57a-y8r3-qucc

vulnerability	VCID-w85n-mm5g-5yd1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python27-python-setuptools@0.9.8-3%3Farch=el6

url pkg:rpm/redhat/python27-python-setuptools@0.9.8-5?arch=el7

purl pkg:rpm/redhat/python27-python-setuptools@0.9.8-5?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jfv-cqa8-7yb6

vulnerability	VCID-ez5b-fvw8-hkh3

vulnerability	VCID-f5vu-k9rc-27fz

vulnerability	VCID-mzd5-dwty-bqhf

vulnerability	VCID-p57a-y8r3-qucc

vulnerability	VCID-w85n-mm5g-5yd1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python27-python-setuptools@0.9.8-5%3Farch=el7

url pkg:rpm/redhat/python27-python-simplejson@3.2.0-2?arch=el6

purl pkg:rpm/redhat/python27-python-simplejson@3.2.0-2?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jfv-cqa8-7yb6

vulnerability	VCID-ez5b-fvw8-hkh3

vulnerability	VCID-f5vu-k9rc-27fz

vulnerability	VCID-mzd5-dwty-bqhf

vulnerability	VCID-p57a-y8r3-qucc

vulnerability	VCID-w85n-mm5g-5yd1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python27-python-simplejson@3.2.0-2%3Farch=el6

url pkg:rpm/redhat/python27-python-simplejson@3.2.0-3?arch=el7

purl pkg:rpm/redhat/python27-python-simplejson@3.2.0-3?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jfv-cqa8-7yb6

vulnerability	VCID-ez5b-fvw8-hkh3

vulnerability	VCID-f5vu-k9rc-27fz

vulnerability	VCID-mzd5-dwty-bqhf

vulnerability	VCID-p57a-y8r3-qucc

vulnerability	VCID-w85n-mm5g-5yd1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python27-python-simplejson@3.2.0-3%3Farch=el7

url pkg:rpm/redhat/python27-python-wheel@0.24.0-2?arch=el7

purl pkg:rpm/redhat/python27-python-wheel@0.24.0-2?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jfv-cqa8-7yb6

vulnerability	VCID-ez5b-fvw8-hkh3

vulnerability	VCID-f5vu-k9rc-27fz

vulnerability	VCID-mzd5-dwty-bqhf

vulnerability	VCID-p57a-y8r3-qucc

vulnerability	VCID-w85n-mm5g-5yd1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python27-python-wheel@0.24.0-2%3Farch=el7

url pkg:rpm/redhat/python27-python-wheel@0.24.0-2?arch=el6

purl pkg:rpm/redhat/python27-python-wheel@0.24.0-2?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8jfv-cqa8-7yb6

vulnerability	VCID-ez5b-fvw8-hkh3

vulnerability	VCID-f5vu-k9rc-27fz

vulnerability	VCID-mzd5-dwty-bqhf

vulnerability	VCID-p57a-y8r3-qucc

vulnerability	VCID-w85n-mm5g-5yd1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python27-python-wheel@0.24.0-2%3Farch=el6

References

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4650.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4650.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-4650

reference_id

reference_type

scores

value	0.06019
scoring_system	epss
scoring_elements	0.90685
published_at	2026-04-04T12:55:00Z

value	0.06019
scoring_system	epss
scoring_elements	0.9067
published_at	2026-04-01T12:55:00Z

value	0.06019
scoring_system	epss
scoring_elements	0.90675
published_at	2026-04-02T12:55:00Z

value	0.07232
scoring_system	epss
scoring_elements	0.91619
published_at	2026-04-09T12:55:00Z

value	0.07232
scoring_system	epss
scoring_elements	0.91623
published_at	2026-04-11T12:55:00Z

value	0.07232
scoring_system	epss
scoring_elements	0.91626
published_at	2026-04-12T12:55:00Z

value	0.07232
scoring_system	epss
scoring_elements	0.91622
published_at	2026-04-13T12:55:00Z

value	0.07232
scoring_system	epss
scoring_elements	0.916
published_at	2026-04-07T12:55:00Z

value	0.07232
scoring_system	epss
scoring_elements	0.91613
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-4650

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4650
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4650

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1113527
reference_id	1113527
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1113527

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/33894.txt
reference_id	CVE-2014-4650;OSVDB-108369
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/33894.txt

reference_url	https://www.redteam-pentesting.de/advisories/rt-sa-2014-008
reference_id	CVE-2014-4650;OSVDB-108369
reference_type	exploit
scores
url	https://www.redteam-pentesting.de/advisories/rt-sa-2014-008

reference_url	https://access.redhat.com/errata/RHSA-2015:1064
reference_id	RHSA-2015:1064
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:1064

reference_url	https://access.redhat.com/errata/RHSA-2015:1330
reference_id	RHSA-2015:1330
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:1330

reference_url	https://access.redhat.com/errata/RHSA-2015:2101
reference_id	RHSA-2015:2101
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2101

reference_url	https://usn.ubuntu.com/2653-1/
reference_id	USN-2653-1
reference_type
scores
url	https://usn.ubuntu.com/2653-1/

Weaknesses

cwe_id	138
name	Improper Neutralization of Special Elements
description	The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as control elements or syntactic markers when they are sent to a downstream component.

Exploits

date_added	2014-06-27
description	Python CGIHTTPServer - Encoded Directory Traversal
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`true`
source_date_published	2014-06-27
exploit_type	webapps
platform	multiple
source_date_updated	2014-06-27
data_source	Exploit-DB
source_url	https://www.redteam-pentesting.de/advisories/rt-sa-2014-008

Severity_range_score 5.3 - 5.3

Exploitability 2.0

Weighted_severity 2.6

Risk_score 5.2

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8jfv-cqa8-7yb6

Vulnerability Instance