Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/sprockets@2.3
Typegem
Namespace
Namesprockets
Version2.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.12.5
Latest_non_vulnerable_version4.0.0.beta8
Affected_by_vulnerabilities
0
url VCID-g8de-56gr-37cf
vulnerability_id VCID-g8de-56gr-37cf
summary 
Arbitrary file existence disclosure
Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside an application's root directory. The files will not be served, but attackers can determine whether the file exists.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html
4
reference_url https://access.redhat.com/errata/RHBA-2015:1100
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2015:1100
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7819.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7819.json
6
reference_url https://access.redhat.com/security/cve/CVE-2014-7819
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-7819
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-7819
reference_id
reference_type
scores
0
value 0.00748
scoring_system epss
scoring_elements 0.73153
published_at 2026-04-18T12:55:00Z
1
value 0.00748
scoring_system epss
scoring_elements 0.73052
published_at 2026-04-07T12:55:00Z
2
value 0.00748
scoring_system epss
scoring_elements 0.73089
published_at 2026-04-08T12:55:00Z
3
value 0.00748
scoring_system epss
scoring_elements 0.73102
published_at 2026-04-09T12:55:00Z
4
value 0.00748
scoring_system epss
scoring_elements 0.73127
published_at 2026-04-11T12:55:00Z
5
value 0.00748
scoring_system epss
scoring_elements 0.73106
published_at 2026-04-12T12:55:00Z
6
value 0.00748
scoring_system epss
scoring_elements 0.731
published_at 2026-04-13T12:55:00Z
7
value 0.00748
scoring_system epss
scoring_elements 0.73143
published_at 2026-04-16T12:55:00Z
8
value 0.00748
scoring_system epss
scoring_elements 0.73048
published_at 2026-04-01T12:55:00Z
9
value 0.00748
scoring_system epss
scoring_elements 0.73058
published_at 2026-04-02T12:55:00Z
10
value 0.00748
scoring_system epss
scoring_elements 0.73078
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-7819
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1161527
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1161527
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7819
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7819
10
reference_url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ
11
reference_url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ
12
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-7819
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-7819
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sprockets_project:sprockets:2.6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:sprockets_project:sprockets:2.6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sprockets_project:sprockets:2.6.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sprockets_project:sprockets:3.0.0:beta1:*:*:*:*:*:*
reference_id cpe:2.3:a:sprockets_project:sprockets:3.0.0:beta1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sprockets_project:sprockets:3.0.0:beta1:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sprockets_project:sprockets:3.0.0:beta2:*:*:*:*:*:*
reference_id cpe:2.3:a:sprockets_project:sprockets:3.0.0:beta2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sprockets_project:sprockets:3.0.0:beta2:*:*:*:*:*:*
18
reference_url https://github.com/advisories/GHSA-33pp-3763-mrfp
reference_id GHSA-33pp-3763-mrfp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-33pp-3763-mrfp
fixed_packages
0
url pkg:gem/sprockets@2.3.3
purl pkg:gem/sprockets@2.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-s6cp-dk5r-v3aw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sprockets@2.3.3
1
url pkg:gem/sprockets@2.4.6
purl pkg:gem/sprockets@2.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-s6cp-dk5r-v3aw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sprockets@2.4.6
2
url pkg:gem/sprockets@2.5.1
purl pkg:gem/sprockets@2.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-s6cp-dk5r-v3aw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sprockets@2.5.1
3
url pkg:gem/sprockets@2.7.1
purl pkg:gem/sprockets@2.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-s6cp-dk5r-v3aw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sprockets@2.7.1
4
url pkg:gem/sprockets@2.8.3
purl pkg:gem/sprockets@2.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-s6cp-dk5r-v3aw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sprockets@2.8.3
5
url pkg:gem/sprockets@2.9.4
purl pkg:gem/sprockets@2.9.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-s6cp-dk5r-v3aw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sprockets@2.9.4
6
url pkg:gem/sprockets@2.10.2
purl pkg:gem/sprockets@2.10.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-s6cp-dk5r-v3aw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sprockets@2.10.2
7
url pkg:gem/sprockets@2.11.3
purl pkg:gem/sprockets@2.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-s6cp-dk5r-v3aw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sprockets@2.11.3
8
url pkg:gem/sprockets@2.12.3
purl pkg:gem/sprockets@2.12.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-s6cp-dk5r-v3aw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sprockets@2.12.3
9
url pkg:gem/sprockets@3.0.0.beta.3
purl pkg:gem/sprockets@3.0.0.beta.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sprockets@3.0.0.beta.3
aliases CVE-2014-7819, GHSA-33pp-3763-mrfp, OSV-113965
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g8de-56gr-37cf
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/sprockets@2.3