Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/gollum@2.7.0
Typegem
Namespace
Namegollum
Version2.7.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.0.1
Latest_non_vulnerable_version5.1.2
Affected_by_vulnerabilities
0
url VCID-7tha-sfe1-nfdy
vulnerability_id VCID-7tha-sfe1-nfdy
summary 
Remote Code Execution
In vulnerable versions of the gem, searching for the string `-O<arbitrary command>` or `--open-files-in-pager <arbritary command>` in the wiki's search field will execute an arbitrary shell command. However, this will only work if the string "master" (or more precisely, the name of the git branch that gollum is using) is found in one of the wiki's files: "master" is then interpreted as the search query, `-O<arbitary code>` as a command line option to `git grep`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-9489
reference_id
reference_type
scores
0
value 0.01195
scoring_system epss
scoring_elements 0.79229
published_at 2026-06-05T12:55:00Z
1
value 0.01195
scoring_system epss
scoring_elements 0.79204
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-9489
1
reference_url https://github.com/gollum/gollum
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/gollum/gollum
2
reference_url https://github.com/gollum/gollum/issues/913
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/gollum/gollum/issues/913
3
reference_url https://github.com/gollum/grit_adapter/commit/4520d973c81fecfebbeacd2ef2f1849d763951c7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/gollum/grit_adapter/commit/4520d973c81fecfebbeacd2ef2f1849d763951c7
4
reference_url https://web.archive.org/web/20200229041306/http://www.securityfocus.com/bid/71499
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200229041306/http://www.securityfocus.com/bid/71499
5
reference_url http://www.openwall.com/lists/oss-security/2015/01/03/19
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/01/03/19
6
reference_url http://www.securityfocus.com/bid/71499
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/71499
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-9489
reference_id CVE-2014-9489
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-9489
8
reference_url https://github.com/advisories/GHSA-q97v-764g-r2rp
reference_id GHSA-q97v-764g-r2rp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q97v-764g-r2rp
fixed_packages
0
url pkg:gem/gollum@3.1.1
purl pkg:gem/gollum@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mjjs-t5cq-ebeq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/gollum@3.1.1
aliases CVE-2014-9489, GHSA-q97v-764g-r2rp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7tha-sfe1-nfdy
1
url VCID-mjjs-t5cq-ebeq
vulnerability_id VCID-mjjs-t5cq-ebeq
summary 
Information disclosure vulnerability
A vulnerability allows attackers to gain read access to arbitrary files on the system.
references
0
reference_url http://jvndb.jvn.jp/jvndb/JVNDB-2015-000149
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvndb.jvn.jp/jvndb/JVNDB-2015-000149
1
reference_url http://jvn.jp/en/jp/JVN27548431/index.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN27548431/index.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7314
reference_id
reference_type
scores
0
value 0.00472
scoring_system epss
scoring_elements 0.65029
published_at 2026-06-05T12:55:00Z
1
value 0.00472
scoring_system epss
scoring_elements 0.64986
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7314
3
reference_url https://github.com/gollum/gollum
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/gollum/gollum
4
reference_url https://github.com/gollum/gollum/commit/ce68a88293ce3b18c261312392ad33a88bb69ea1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/gollum/gollum/commit/ce68a88293ce3b18c261312392ad33a88bb69ea1
5
reference_url https://github.com/gollum/gollum/issues/1070
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/gollum/gollum/issues/1070
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7314
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7314
7
reference_url http://www.openwall.com/lists/oss-security/2015/09/22/12
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/09/22/12
8
reference_url https://github.com/advisories/GHSA-m2q3-53fq-7h66
reference_id GHSA-m2q3-53fq-7h66
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m2q3-53fq-7h66
fixed_packages
0
url pkg:gem/gollum@4.0.1
purl pkg:gem/gollum@4.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/gollum@4.0.1
aliases CVE-2015-7314, GHSA-m2q3-53fq-7h66, OSV-127779
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mjjs-t5cq-ebeq
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/gollum@2.7.0