Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/message_bus@3.2.0
Typegem
Namespace
Namemessage_bus
Version3.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.3.7
Latest_non_vulnerable_version3.3.7
Affected_by_vulnerabilities
0
url VCID-z2en-8hv2-xuam
vulnerability_id VCID-z2en-8hv2-xuam
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
message_bus is a messaging bus for Ruby processes and web clients. users who deployed message bus with diagnostics features enabled (default off) is vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user were to gain access to the diagnostic route. The impact is also greater if there is no proxy for your web application as the number of steps up the directories is not bounded. For deployments which uses a proxy, the impact varies. For example, If a request goes through a proxy like Nginx with `merge_slashes` enabled, the number of steps up the directories that can be read is limited to 3 levels. This issue has been patched Users unable to upgrade should ensure that MessageBus::Diagnostics is disabled.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-43840
reference_id
reference_type
scores
0
value 0.00232
scoring_system epss
scoring_elements 0.46041
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-43840
1
reference_url https://github.com/discourse/message_bus
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/discourse/message_bus
2
reference_url https://github.com/discourse/message_bus/commit/9b6deee01ed474c7e9b5ff65a06bb0447b4db2ba
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/discourse/message_bus/commit/9b6deee01ed474c7e9b5ff65a06bb0447b4db2ba
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-43840
reference_id CVE-2021-43840
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-43840
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/message_bus/CVE-2021-43840.yml
reference_id CVE-2021-43840.YML
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/message_bus/CVE-2021-43840.yml
5
reference_url https://github.com/advisories/GHSA-xmgj-5fh3-xjmm
reference_id GHSA-xmgj-5fh3-xjmm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xmgj-5fh3-xjmm
6
reference_url https://github.com/discourse/message_bus/security/advisories/GHSA-xmgj-5fh3-xjmm
reference_id GHSA-xmgj-5fh3-xjmm
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements
1
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/discourse/message_bus/security/advisories/GHSA-xmgj-5fh3-xjmm
fixed_packages
0
url pkg:gem/message_bus@3.3.7
purl pkg:gem/message_bus@3.3.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/message_bus@3.3.7
aliases CVE-2021-43840, GHSA-xmgj-5fh3-xjmm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z2en-8hv2-xuam
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/message_bus@3.2.0