Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/tendenci@12.0.8
Typepypi
Namespace
Nametendenci
Version12.0.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version15.3.12
Latest_non_vulnerable_version15.3.12
Affected_by_vulnerabilities
0
url VCID-exk1-8mpv-w7hs
vulnerability_id VCID-exk1-8mpv-w7hs
summary Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14942
reference_id
reference_type
scores
0
value 0.00405
scoring_system epss
scoring_elements 0.61392
published_at 2026-06-05T12:55:00Z
1
value 0.00405
scoring_system epss
scoring_elements 0.61344
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14942
1
reference_url https://github.com/advisories/GHSA-jqmc-fxxp-r589
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-jqmc-fxxp-r589
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/tendenci/PYSEC-2020-112.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/tendenci/PYSEC-2020-112.yaml
3
reference_url https://github.com/tendenci/tendenci/issues/867
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/tendenci/tendenci/issues/867
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14942
reference_id CVE-2020-14942
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-14942
fixed_packages
0
url pkg:pypi/tendenci@12.0.11
purl pkg:pypi/tendenci@12.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jmjs-mzs7-efgw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tendenci@12.0.11
aliases CVE-2020-14942, GHSA-jqmc-fxxp-r589, PYSEC-2020-112
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-exk1-8mpv-w7hs
1
url VCID-jmjs-mzs7-efgw
vulnerability_id VCID-jmjs-mzs7-efgw
summary 
Tendenci Affected by Authenticated Remote Code Execution via Pickle Deserialization
A critical deserialization vulnerability exists in Tendenci Helpdesk module (NOTE, by default, Helpdesk is NOT enabled), affecting the version 15.3.11 and earlier. This vulnerability allows remote code execution (RCE) by an authenticated user with staff security level due to using Python's pickle module on the helpdesk /reports/. The damage is contained to the user that your Tendenci application runs.

**Key Finding:** The original CVE-2020-14942 was incompletely patched. While `ticket_list()` was fixed to use safe JSON deserialization, the `run_report()` function still uses unsafe `pickle.loads()`.

**Permission Scoping:** The impact is limited to the permissions of the user running the application, typically www-data, which generally lacks write (except for upload directories) and execute permissions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23946
reference_id
reference_type
scores
0
value 0.00658
scoring_system epss
scoring_elements 0.71487
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23946
1
reference_url https://docs.python.org/3/library/pickle.html#restricting-globals
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T21:50:36Z/
url https://docs.python.org/3/library/pickle.html#restricting-globals
2
reference_url https://github.com/advisories/GHSA-jqmc-fxxp-r589
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T21:50:36Z/
url https://github.com/advisories/GHSA-jqmc-fxxp-r589
3
reference_url https://github.com/tendenci/tendenci
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/tendenci/tendenci
4
reference_url https://github.com/tendenci/tendenci/commit/23d9fd85ab7654e9c83cfc86cb4175c0bd7a77f1
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T21:50:36Z/
url https://github.com/tendenci/tendenci/commit/23d9fd85ab7654e9c83cfc86cb4175c0bd7a77f1
5
reference_url https://github.com/tendenci/tendenci/commit/2ff0a457614944a1b417081c543ea4c5bb95d636
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T21:50:36Z/
url https://github.com/tendenci/tendenci/commit/2ff0a457614944a1b417081c543ea4c5bb95d636
6
reference_url https://github.com/tendenci/tendenci/commit/63e1b84a5b163466d1d8d811d35e7021a7ca0d0e
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T21:50:36Z/
url https://github.com/tendenci/tendenci/commit/63e1b84a5b163466d1d8d811d35e7021a7ca0d0e
7
reference_url https://github.com/tendenci/tendenci/issues/867
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T21:50:36Z/
url https://github.com/tendenci/tendenci/issues/867
8
reference_url https://github.com/tendenci/tendenci/releases/tag/v15.3.12
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T21:50:36Z/
url https://github.com/tendenci/tendenci/releases/tag/v15.3.12
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14942
reference_id CVE-2020-14942
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-14942
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-23946
reference_id CVE-2026-23946
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-23946
11
reference_url https://github.com/advisories/GHSA-339m-4qw5-j2g3
reference_id GHSA-339m-4qw5-j2g3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-339m-4qw5-j2g3
12
reference_url https://github.com/tendenci/tendenci/security/advisories/GHSA-339m-4qw5-j2g3
reference_id GHSA-339m-4qw5-j2g3
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T21:50:36Z/
url https://github.com/tendenci/tendenci/security/advisories/GHSA-339m-4qw5-j2g3
fixed_packages
0
url pkg:pypi/tendenci@15.3.12
purl pkg:pypi/tendenci@15.3.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tendenci@15.3.12
aliases CVE-2026-23946, GHSA-339m-4qw5-j2g3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jmjs-mzs7-efgw
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/tendenci@12.0.8