Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/ezsystems/ezpublish-legacy@2013.07.0
Typecomposer
Namespaceezsystems
Nameezpublish-legacy
Version2013.07.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2017.12.7.2
Latest_non_vulnerable_version2019.03.4.2
Affected_by_vulnerabilities
0
url VCID-1q2y-ruwv-rqgr
vulnerability_id VCID-1q2y-ruwv-rqgr
summary Information disclosure in backend content tree menu.
references
0
reference_url http://share.ez.no/community-project/security-advisories/ezsa-2017-006-information-disclosure-in-backend-content-tree-menu
reference_id
reference_type
scores
url http://share.ez.no/community-project/security-advisories/ezsa-2017-006-information-disclosure-in-backend-content-tree-menu
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-legacy@2017.10.0
purl pkg:composer/ezsystems/ezpublish-legacy@2017.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2975-xhf4-ckcj
1
vulnerability VCID-bmkb-zcyd-6kdk
2
vulnerability VCID-eaqz-xw6f-6yeb
3
vulnerability VCID-ufw5-emg4-cqd6
4
vulnerability VCID-ukn1-91je-x7hw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.10.0
aliases GMS-2017-337
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1q2y-ruwv-rqgr
1
url VCID-2975-xhf4-ckcj
vulnerability_id VCID-2975-xhf4-ckcj
summary 
Improper Access Control
Passwordless login for LDAP users
references
0
reference_url http://share.ez.no/community-project/security-advisories/ezsa-2018-005-passwordless-login-for-ldap-users
reference_id
reference_type
scores
url http://share.ez.no/community-project/security-advisories/ezsa-2018-005-passwordless-login-for-ldap-users
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B1
purl pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%252B1
1
url pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%2B3
purl pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%2B3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%252B3
2
url pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4
purl pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4
aliases GMS-2018-65
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2975-xhf4-ckcj
2
url VCID-bmkb-zcyd-6kdk
vulnerability_id VCID-bmkb-zcyd-6kdk
summary 
Cross-site Scripting
Several vulnerabilities in Forgot password, Information collector, XML text, and Matrix field type features
references
0
reference_url http://share.ez.no/community-project/security-advisories/ezsa-2018-001-several-vulnerabilities-in-forgot-password-information-collector-xml-text-and-matrix-field-type-features
reference_id
reference_type
scores
url http://share.ez.no/community-project/security-advisories/ezsa-2018-001-several-vulnerabilities-in-forgot-password-information-collector-xml-text-and-matrix-field-type-features
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-legacy@2017.12.2%2B1
purl pkg:composer/ezsystems/ezpublish-legacy@2017.12.2%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.2%252B1
aliases GMS-2018-64
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bmkb-zcyd-6kdk
3
url VCID-eaqz-xw6f-6yeb
vulnerability_id VCID-eaqz-xw6f-6yeb
summary EZSA-2018-009 Do not interpret PHP/PHAR uploads
references
0
reference_url http://share.ez.no/community-project/security-advisories/ezsa-2018-009-do-not-interpret-php-phar-uploads
reference_id
reference_type
scores
url http://share.ez.no/community-project/security-advisories/ezsa-2018-009-do-not-interpret-php-phar-uploads
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B3
purl pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%252B3
1
url pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4
purl pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4
2
url pkg:composer/ezsystems/ezpublish-legacy@2019.3.0
purl pkg:composer/ezsystems/ezpublish-legacy@2019.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6cyy-uhhk-63aa
1
vulnerability VCID-qymv-b76a-2yh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2019.3.0
aliases GMS-2018-67
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eaqz-xw6f-6yeb
4
url VCID-nfdt-99kp-xydy
vulnerability_id VCID-nfdt-99kp-xydy
summary 
XSS issue in search
There's a Cross-Site Scripting (XSS) vulnerability in the content/search module in eZ Publish legacy, which allows javascript to be injected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000431
reference_id
reference_type
scores
0
value 0.00292
scoring_system epss
scoring_elements 0.52821
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000431
1
reference_url https://github.com/ezsystems/ezpublish-legacy/commit/c7174295fa0b9bd81bd4af908082464b0b80f278
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-legacy/commit/c7174295fa0b9bd81bd4af908082464b0b80f278
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/CVE-2017-1000431.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/CVE-2017-1000431.yaml
3
reference_url http://share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000431
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000431
5
reference_url https://web.archive.org/web/20210408035246/http://share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210408035246/http://share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-legacy@2017.8.0
purl pkg:composer/ezsystems/ezpublish-legacy@2017.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mcch-nd3r-1kee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.8.0
1
url pkg:composer/ezsystems/ezpublish-legacy@2017.08.0
purl pkg:composer/ezsystems/ezpublish-legacy@2017.08.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q2y-ruwv-rqgr
1
vulnerability VCID-2975-xhf4-ckcj
2
vulnerability VCID-bmkb-zcyd-6kdk
3
vulnerability VCID-eaqz-xw6f-6yeb
4
vulnerability VCID-mcch-nd3r-1kee
5
vulnerability VCID-ufw5-emg4-cqd6
6
vulnerability VCID-ukn1-91je-x7hw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.08.0
aliases CVE-2017-1000431, GHSA-m98q-p5gq-q5ff
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nfdt-99kp-xydy
5
url VCID-ufw5-emg4-cqd6
vulnerability_id VCID-ufw5-emg4-cqd6
summary EZSA-2018-006 XSS vulnerability in 'disabled module' error template
references
0
reference_url http://share.ez.no/community-project/security-advisories/ezsa-2018-006-xss-vulnerability-in-disabled-module-error-template
reference_id
reference_type
scores
url http://share.ez.no/community-project/security-advisories/ezsa-2018-006-xss-vulnerability-in-disabled-module-error-template
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B2
purl pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%252B2
1
url pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%2B4
purl pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%2B4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%252B4
2
url pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4
purl pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4
3
url pkg:composer/ezsystems/ezpublish-legacy@2019.3.0
purl pkg:composer/ezsystems/ezpublish-legacy@2019.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6cyy-uhhk-63aa
1
vulnerability VCID-qymv-b76a-2yh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2019.3.0
aliases GMS-2018-66
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ufw5-emg4-cqd6
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2013.07.0