Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/django-cms@3.0.8

Type pypi

Namespace

Name django-cms

Version 3.0.8

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.0.14

Latest_non_vulnerable_version 3.7.4

Affected_by_vulnerabilities

url VCID-8yrk-ntfb-d7e1

vulnerability_id VCID-8yrk-ntfb-d7e1

summary Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors.

references

reference_url	https://github.com/divio/django-cms/commit/f77cbc607d6e2a62e63287d37ad320109a2cc78a
reference_id
reference_type
scores
url	https://github.com/divio/django-cms/commit/f77cbc607d6e2a62e63287d37ad320109a2cc78a

reference_url	https://www.django-cms.org/en/blog/2015/06/27/311-3014-release/
reference_id
reference_type
scores
url	https://www.django-cms.org/en/blog/2015/06/27/311-3014-release/

reference_url	http://www.openwall.com/lists/oss-security/2015/06/28/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/06/28/1

fixed_packages

url	pkg:pypi/django-cms@3.0.14
purl	pkg:pypi/django-cms@3.0.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/django-cms@3.0.14

url	pkg:pypi/django-cms@3.1.1
purl	pkg:pypi/django-cms@3.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/django-cms@3.1.1

aliases CVE-2015-5081, PYSEC-2017-11

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8yrk-ntfb-d7e1

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django-cms@3.0.8

Package Instance