Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/craftcms/cms@2.3.2618
Typecomposer
Namespacecraftcms
Namecms
Version2.3.2618
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.3.0
Latest_non_vulnerable_version5.9.18
Affected_by_vulnerabilities
0
url VCID-3n7p-999s-r3f3
vulnerability_id VCID-3n7p-999s-r3f3
summary 
File and Directory Information Exposure
Craft CMS does not properly restrict viewing the contents of files in the `craft/app/` folder.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-8383
reference_id
reference_type
scores
0
value 0.00316
scoring_system epss
scoring_elements 0.54998
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-8383
1
reference_url https://craftcms.com/changelog#2-6-2976
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://craftcms.com/changelog#2-6-2976
2
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
3
reference_url https://twitter.com/CraftCMS/status/857743080224473088
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://twitter.com/CraftCMS/status/857743080224473088
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-8383
reference_id CVE-2017-8383
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-8383
fixed_packages
0
url pkg:composer/craftcms/cms@2.6.2975
purl pkg:composer/craftcms/cms@2.6.2975
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3twn-e7up-2ugq
1
vulnerability VCID-dgvz-qam7-23c1
2
vulnerability VCID-xv52-rc7v-yba8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@2.6.2975
1
url pkg:composer/craftcms/cms@2.6.2976
purl pkg:composer/craftcms/cms@2.6.2976
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3twn-e7up-2ugq
1
vulnerability VCID-dgvz-qam7-23c1
2
vulnerability VCID-xv52-rc7v-yba8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@2.6.2976
aliases CVE-2017-8383, GHSA-7qq6-fgpw-xw45
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3n7p-999s-r3f3
1
url VCID-3twn-e7up-2ugq
vulnerability_id VCID-3twn-e7up-2ugq
summary 
Missing Encryption of Sensitive Data
Craft CMS allows remote authenticated administrators to read sensitive information via server-side template injection which causes a cleartext username and password to be displayed in a URI field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20465
reference_id
reference_type
scores
0
value 0.00664
scoring_system epss
scoring_elements 0.71581
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20465
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/craftcms/cms/blob/master/CHANGELOG-v3.md
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/master/CHANGELOG-v3.md
3
reference_url https://github.com/phuctam/Server-Side-Template-Injection-in-CraftCMS-/issues/1
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phuctam/Server-Side-Template-Injection-in-CraftCMS-/issues/1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-20465
reference_id CVE-2018-20465
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-20465
fixed_packages
0
url pkg:composer/craftcms/cms@3.0.35
purl pkg:composer/craftcms/cms@3.0.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xv52-rc7v-yba8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.0.35
aliases CVE-2018-20465, GHSA-j7fx-v37j-v3w7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3twn-e7up-2ugq
2
url VCID-97zb-4cxh-7yah
vulnerability_id VCID-97zb-4cxh-7yah
summary 
Weak Password Recovery Mechanism for Forgotten Password
Craft CMS does not prevent modification of the URL in a forgot-password email message.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-8385
reference_id
reference_type
scores
0
value 0.00284
scoring_system epss
scoring_elements 0.52046
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-8385
1
reference_url https://craftcms.com/changelog#2-6-2976
reference_id
reference_type
scores
url https://craftcms.com/changelog#2-6-2976
2
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
3
reference_url https://github.com/craftcms/cms/blob/2.6.2976/CHANGELOG.md#security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/2.6.2976/CHANGELOG.md#security
4
reference_url https://github.com/craftcms/cms/commit/38c594badc8efc468b6162ec921d645011a50d35
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/38c594badc8efc468b6162ec921d645011a50d35
5
reference_url https://twitter.com/CraftCMS/status/857743080224473088
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://twitter.com/CraftCMS/status/857743080224473088
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-8385
reference_id CVE-2017-8385
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-8385
fixed_packages
0
url pkg:composer/craftcms/cms@2.6.2975
purl pkg:composer/craftcms/cms@2.6.2975
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3twn-e7up-2ugq
1
vulnerability VCID-dgvz-qam7-23c1
2
vulnerability VCID-xv52-rc7v-yba8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@2.6.2975
1
url pkg:composer/craftcms/cms@2.6.2976
purl pkg:composer/craftcms/cms@2.6.2976
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3twn-e7up-2ugq
1
vulnerability VCID-dgvz-qam7-23c1
2
vulnerability VCID-xv52-rc7v-yba8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@2.6.2976
aliases CVE-2017-8385, GHSA-j27g-r58q-624w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-97zb-4cxh-7yah
3
url VCID-dgvz-qam7-23c1
vulnerability_id VCID-dgvz-qam7-23c1
summary 
Cross-site Scripting
Craft CMS allows for a potential XSS attack vector by uploading a malicious SVG file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-9516
reference_id
reference_type
scores
0
value 0.00791
scoring_system epss
scoring_elements 0.74253
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-9516
1
reference_url https://craftcms.com/changelog#2-6-2982
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://craftcms.com/changelog#2-6-2982
2
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
3
reference_url https://packetstormsecurity.com/files/142851/Craft-CMS-2.6-Cross-Site-Scripting-File-Upload.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packetstormsecurity.com/files/142851/Craft-CMS-2.6-Cross-Site-Scripting-File-Upload.html
4
reference_url https://twitter.com/CraftCMS/status/872599894912937984
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://twitter.com/CraftCMS/status/872599894912937984
5
reference_url https://www.exploit-db.com/exploits/42143
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/42143
6
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/42143.txt
reference_id CVE-2017-9516
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/42143.txt
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-9516
reference_id CVE-2017-9516
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-9516
fixed_packages
0
url pkg:composer/craftcms/cms@2.6.2982
purl pkg:composer/craftcms/cms@2.6.2982
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3twn-e7up-2ugq
1
vulnerability VCID-xv52-rc7v-yba8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@2.6.2982
aliases CVE-2017-9516, GHSA-6pvw-hh48-jx7p
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dgvz-qam7-23c1
4
url VCID-hz6m-gqvb-6kae
vulnerability_id VCID-hz6m-gqvb-6kae
summary 
Cross-site Scripting
Craft CMS allows XSS attacks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-8052
reference_id
reference_type
scores
0
value 0.00353
scoring_system epss
scoring_elements 0.57931
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-8052
1
reference_url https://craftcms.com/changelog#2-6-2974
reference_id
reference_type
scores
url https://craftcms.com/changelog#2-6-2974
2
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
3
reference_url https://github.com/craftcms/cms/blob/2.6.2974/CHANGELOG.md#security
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/2.6.2974/CHANGELOG.md#security
4
reference_url https://github.com/craftcms/cms/commit/f7e57018ff487d1ebbe375f6cb1852f4d79767ff
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/f7e57018ff487d1ebbe375f6cb1852f4d79767ff
5
reference_url https://twitter.com/CraftCMS/status/855535309878112256
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://twitter.com/CraftCMS/status/855535309878112256
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-8052
reference_id CVE-2017-8052
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-8052
fixed_packages
0
url pkg:composer/craftcms/cms@2.6.2974
purl pkg:composer/craftcms/cms@2.6.2974
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3n7p-999s-r3f3
1
vulnerability VCID-3twn-e7up-2ugq
2
vulnerability VCID-97zb-4cxh-7yah
3
vulnerability VCID-dgvz-qam7-23c1
4
vulnerability VCID-mkab-fw34-ekh9
5
vulnerability VCID-xv52-rc7v-yba8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@2.6.2974
aliases CVE-2017-8052, GHSA-xv5f-2997-qhrq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hz6m-gqvb-6kae
5
url VCID-mkab-fw34-ekh9
vulnerability_id VCID-mkab-fw34-ekh9
summary 
Cross-site Scripting
Craft CMS allows XSS attacks because an array returned by `HttpRequestService::getSegments()` and `getActionSegments()` need not be zero-based.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-8384
reference_id
reference_type
scores
0
value 0.00307
scoring_system epss
scoring_elements 0.54195
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-8384
1
reference_url https://craftcms.com/changelog#2-6-2976
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://craftcms.com/changelog#2-6-2976
2
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
3
reference_url https://twitter.com/CraftCMS/status/857743080224473088
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://twitter.com/CraftCMS/status/857743080224473088
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-8384
reference_id CVE-2017-8384
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-8384
fixed_packages
0
url pkg:composer/craftcms/cms@2.6.2975
purl pkg:composer/craftcms/cms@2.6.2975
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3twn-e7up-2ugq
1
vulnerability VCID-dgvz-qam7-23c1
2
vulnerability VCID-xv52-rc7v-yba8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@2.6.2975
1
url pkg:composer/craftcms/cms@2.6.2976
purl pkg:composer/craftcms/cms@2.6.2976
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3twn-e7up-2ugq
1
vulnerability VCID-dgvz-qam7-23c1
2
vulnerability VCID-xv52-rc7v-yba8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@2.6.2976
aliases CVE-2017-8384, GHSA-9mcw-mwxv-grwj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mkab-fw34-ekh9
6
url VCID-xv52-rc7v-yba8
vulnerability_id VCID-xv52-rc7v-yba8
summary 
Injection Vulnerability
The `SEOmatic` component for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the `metacontainers` controller.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9757
reference_id
reference_type
scores
0
value 0.94276
scoring_system epss
scoring_elements 0.99941
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9757
1
reference_url https://github.com/giany/CVE/blob/master/CVE-2020-9757.txt
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/giany/CVE/blob/master/CVE-2020-9757.txt
2
reference_url https://github.com/nystudio107/craft-seomatic
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic
3
reference_url https://github.com/nystudio107/craft-seomatic/blob/v3/CHANGELOG.md
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/blob/v3/CHANGELOG.md
4
reference_url https://github.com/nystudio107/craft-seomatic/commit/65ab659cb6c914c7ad671af1e417c0da2431f79b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/commit/65ab659cb6c914c7ad671af1e417c0da2431f79b
5
reference_url https://github.com/nystudio107/craft-seomatic/commit/a1c2cad7e126132d2442ec8ec8e9ab43df02cc0f
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nystudio107/craft-seomatic/commit/a1c2cad7e126132d2442ec8ec8e9ab43df02cc0f
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9757
reference_id CVE-2020-9757
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9757
7
reference_url https://github.com/advisories/GHSA-6q4j-8pjm-5mgc
reference_id GHSA-6q4j-8pjm-5mgc
reference_type
scores
url https://github.com/advisories/GHSA-6q4j-8pjm-5mgc
fixed_packages
0
url pkg:composer/craftcms/cms@3.3.0
purl pkg:composer/craftcms/cms@3.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.3.0
aliases CVE-2020-9757, GHSA-6q4j-8pjm-5mgc
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xv52-rc7v-yba8
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@2.3.2618