Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/acorn@7.0.0
Typenpm
Namespace
Nameacorn
Version7.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.1.1
Latest_non_vulnerable_version7.1.1
Affected_by_vulnerabilities
0
url VCID-4t4e-47cq-2ffx
vulnerability_id VCID-4t4e-47cq-2ffx
summary 
Withdrawn: ESLint dependencies are vulnerable (ReDoS and Prototype Pollution)
**Withdrawn**
GitHub has withdrawn this advisory in place of GHSA-vh95-rmgr-6w4m and GHSA-6chw-6frg-f759.
The reason for withdrawing is that some mistakes were made during the ingestion of CVE-2020-7598
which caused this advisory to be published with incorrect information.

In order to provide accurate advisory information, new advisories were created:

- minimist: https://github.com/advisories/GHSA-vh95-rmgr-6w4m
- acorn: https://github.com/advisories/GHSA-6chw-6frg-f759
references
0
reference_url https://github.com/advisories/GHSA-6chw-6frg-f759
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6chw-6frg-f759
1
reference_url https://github.com/advisories/GHSA-vh95-rmgr-6w4m
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-vh95-rmgr-6w4m
2
reference_url https://github.com/advisories/GHSA-7fhm-mqm4-2wp7
reference_id GHSA-7fhm-mqm4-2wp7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7fhm-mqm4-2wp7
fixed_packages
0
url pkg:npm/acorn@7.1.1
purl pkg:npm/acorn@7.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/acorn@7.1.1
aliases GHSA-7fhm-mqm4-2wp7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4t4e-47cq-2ffx
1
url VCID-9eyp-2a6k-xya4
vulnerability_id VCID-9eyp-2a6k-xya4
summary 
Regular Expression Denial of Service in Acorn
Affected versions of acorn are vulnerable to Regular Expression Denial of Service.
A regex in the form of /[x-\ud800]/u causes the parser to enter an infinite loop.
The string is not valid UTF16 which usually results in it being sanitized before reaching the parser.
If an application processes untrusted input and passes it directly to acorn,
attackers may leverage the vulnerability leading to Denial of Service.
references
0
reference_url https://github.com/acornjs/acorn/commit/793c0e569ed1158672e3a40aeed1d8518832b802
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/acornjs/acorn/commit/793c0e569ed1158672e3a40aeed1d8518832b802
1
reference_url https://github.com/acornjs/acorn/issues/929
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/acornjs/acorn/issues/929
2
reference_url https://snyk.io/vuln/SNYK-JS-ACORN-559469
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-ACORN-559469
3
reference_url https://www.npmjs.com/advisories/1488
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1488
fixed_packages
0
url pkg:npm/acorn@7.1.1
purl pkg:npm/acorn@7.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/acorn@7.1.1
aliases GHSA-6chw-6frg-f759, GMS-2020-702
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9eyp-2a6k-xya4
2
url VCID-znj9-9zem-s3c9
vulnerability_id VCID-znj9-9zem-s3c9
summary 
Regular Expression Denial of Service
A regex in the form of `/[x-\ud800]/u` causes the parser to enter an infinite loop. The string is not valid UTF16 which usually results in it being sanitized before reaching the parser.
references
0
reference_url https://github.com/acornjs/acorn/commit/793c0e569ed1158672e3a40aeed1d8518832b802
reference_id
reference_type
scores
url https://github.com/acornjs/acorn/commit/793c0e569ed1158672e3a40aeed1d8518832b802
1
reference_url https://snyk.io/vuln/SNYK-JS-ACORN-559469
reference_id
reference_type
scores
url https://snyk.io/vuln/SNYK-JS-ACORN-559469
2
reference_url https://www.npmjs.com/advisories/1488
reference_id
reference_type
scores
url https://www.npmjs.com/advisories/1488
fixed_packages
0
url pkg:npm/acorn@7.1.1
purl pkg:npm/acorn@7.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/acorn@7.1.1
aliases GMS-2020-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-znj9-9zem-s3c9
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/acorn@7.0.0