Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/mercurial@5.6.1-4
Typedeb
Namespacedebian
Namemercurial
Version5.6.1-4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.3.2-1+deb12u1
Latest_non_vulnerable_version6.3.2-1+deb12u1
Affected_by_vulnerabilities
0
url VCID-d2sb-fpzt-3fbm
vulnerability_id VCID-d2sb-fpzt-3fbm
summary A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument cmd leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-2361
reference_id
reference_type
scores
0
value 0.00211
scoring_system epss
scoring_elements 0.43672
published_at 2026-04-04T12:55:00Z
1
value 0.00211
scoring_system epss
scoring_elements 0.43647
published_at 2026-04-02T12:55:00Z
2
value 0.00211
scoring_system epss
scoring_elements 0.4362
published_at 2026-04-21T12:55:00Z
3
value 0.00211
scoring_system epss
scoring_elements 0.43686
published_at 2026-04-18T12:55:00Z
4
value 0.00211
scoring_system epss
scoring_elements 0.43696
published_at 2026-04-16T12:55:00Z
5
value 0.00211
scoring_system epss
scoring_elements 0.43635
published_at 2026-04-13T12:55:00Z
6
value 0.00211
scoring_system epss
scoring_elements 0.43652
published_at 2026-04-12T12:55:00Z
7
value 0.00211
scoring_system epss
scoring_elements 0.43683
published_at 2026-04-11T12:55:00Z
8
value 0.00211
scoring_system epss
scoring_elements 0.43663
published_at 2026-04-09T12:55:00Z
9
value 0.00211
scoring_system epss
scoring_elements 0.43659
published_at 2026-04-08T12:55:00Z
10
value 0.00211
scoring_system epss
scoring_elements 0.43608
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-2361
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2361
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2361
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100899
reference_id 1100899
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100899
4
reference_url https://vuldb.com/?ctiid.299860
reference_id ?ctiid.299860
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-17T13:02:17Z/
url https://vuldb.com/?ctiid.299860
5
reference_url https://vuldb.com/?id.299860
reference_id ?id.299860
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-17T13:02:17Z/
url https://vuldb.com/?id.299860
6
reference_url https://vuldb.com/?submit.514024
reference_id ?submit.514024
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-17T13:02:17Z/
url https://vuldb.com/?submit.514024
fixed_packages
0
url pkg:deb/debian/mercurial@6.3.2-1%2Bdeb12u1
purl pkg:deb/debian/mercurial@6.3.2-1%2Bdeb12u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@6.3.2-1%252Bdeb12u1
aliases CVE-2025-2361
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d2sb-fpzt-3fbm
Fixing_vulnerabilities
0
url VCID-z346-9s62-afaz
vulnerability_id VCID-z346-9s62-afaz
summary A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3902.json
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3902.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3902
reference_id
reference_type
scores
0
value 0.00531
scoring_system epss
scoring_elements 0.67291
published_at 2026-04-21T12:55:00Z
1
value 0.00531
scoring_system epss
scoring_elements 0.67281
published_at 2026-04-08T12:55:00Z
2
value 0.00531
scoring_system epss
scoring_elements 0.67313
published_at 2026-04-18T12:55:00Z
3
value 0.00531
scoring_system epss
scoring_elements 0.67265
published_at 2026-04-13T12:55:00Z
4
value 0.00531
scoring_system epss
scoring_elements 0.673
published_at 2026-04-16T12:55:00Z
5
value 0.00531
scoring_system epss
scoring_elements 0.67314
published_at 2026-04-11T12:55:00Z
6
value 0.00531
scoring_system epss
scoring_elements 0.67191
published_at 2026-04-01T12:55:00Z
7
value 0.00531
scoring_system epss
scoring_elements 0.67229
published_at 2026-04-07T12:55:00Z
8
value 0.00531
scoring_system epss
scoring_elements 0.67252
published_at 2026-04-04T12:55:00Z
9
value 0.00531
scoring_system epss
scoring_elements 0.67294
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3902
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3902
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3902
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3902
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3902
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2019-188.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2019-188.yaml
6
reference_url https://lists.debian.org/debian-lts-announce/2019/04/msg00024.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/04/msg00024.html
7
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
8
reference_url https://usn.ubuntu.com/4086-1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4086-1
9
reference_url https://usn.ubuntu.com/4086-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4086-1/
10
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1696025
reference_id 1696025
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1696025
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927674
reference_id 927674
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927674
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3902
reference_id CVE-2019-3902
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-3902
14
reference_url https://github.com/advisories/GHSA-mq66-vcfc-8246
reference_id GHSA-mq66-vcfc-8246
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mq66-vcfc-8246
15
reference_url https://usn.ubuntu.com/5102-1/
reference_id USN-5102-1
reference_type
scores
url https://usn.ubuntu.com/5102-1/
16
reference_url https://usn.ubuntu.com/USN-5102-2/
reference_id USN-USN-5102-2
reference_type
scores
url https://usn.ubuntu.com/USN-5102-2/
fixed_packages
0
url pkg:deb/debian/mercurial@5.6.1-4
purl pkg:deb/debian/mercurial@5.6.1-4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d2sb-fpzt-3fbm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@5.6.1-4
aliases CVE-2019-3902, GHSA-mq66-vcfc-8246, PYSEC-2019-188
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z346-9s62-afaz
Risk_score2.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@5.6.1-4