Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/ezsystems/ezpublish-legacy@2014.01.2
Typecomposer
Namespaceezsystems
Nameezpublish-legacy
Version2014.01.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-1q2y-ruwv-rqgr
vulnerability_id VCID-1q2y-ruwv-rqgr
summary Information disclosure in backend content tree menu.
references
0
reference_url http://share.ez.no/community-project/security-advisories/ezsa-2017-006-information-disclosure-in-backend-content-tree-menu
reference_id
reference_type
scores
url http://share.ez.no/community-project/security-advisories/ezsa-2017-006-information-disclosure-in-backend-content-tree-menu
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-legacy@2017.10.0
purl pkg:composer/ezsystems/ezpublish-legacy@2017.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2975-xhf4-ckcj
1
vulnerability VCID-29ju-364n-qkch
2
vulnerability VCID-bmkb-zcyd-6kdk
3
vulnerability VCID-eaqz-xw6f-6yeb
4
vulnerability VCID-ufw5-emg4-cqd6
5
vulnerability VCID-ukn1-91je-x7hw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.10.0
aliases GMS-2017-337
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1q2y-ruwv-rqgr
1
url VCID-2975-xhf4-ckcj
vulnerability_id VCID-2975-xhf4-ckcj
summary 
Improper Access Control
Passwordless login for LDAP users
references
0
reference_url http://share.ez.no/community-project/security-advisories/ezsa-2018-005-passwordless-login-for-ldap-users
reference_id
reference_type
scores
url http://share.ez.no/community-project/security-advisories/ezsa-2018-005-passwordless-login-for-ldap-users
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B1
purl pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%252B1
1
url pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%2B3
purl pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%2B3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%252B3
2
url pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4
purl pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29ju-364n-qkch
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4
aliases GMS-2018-65
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2975-xhf4-ckcj
2
url VCID-29ju-364n-qkch
vulnerability_id VCID-29ju-364n-qkch
summary 
Content object state fetch functions open to SQL injection
### Impact
This Security Update is about a vulnerability in eZ Publish Legacy. The content object state code could be vulnerable to SQL injection. There is no known exploit, but one might be possible. If you use Legacy in any way, we strongly recommend that you install this update as soon as possible.

### Patches
The fix is distributed via Composer, see "Patched versions".
references
0
reference_url https://developers.ibexa.co/security-advisories/ibexa-sa-2021-005-content-object-state-fetch-functions-open-to-sql-injection
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://developers.ibexa.co/security-advisories/ibexa-sa-2021-005-content-object-state-fetch-functions-open-to-sql-injection
1
reference_url https://github.com/ezsystems/ezpublish-legacy
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-legacy
2
reference_url https://github.com/ezsystems/ezpublish-legacy/commit/f8e3a97afd92efb9148134a4bacb35a875777a42
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-legacy/commit/f8e3a97afd92efb9148134a4bacb35a875777a42
3
reference_url https://github.com/advisories/GHSA-jpwx-ffjq-wr4w
reference_id GHSA-jpwx-ffjq-wr4w
reference_type
scores
url https://github.com/advisories/GHSA-jpwx-ffjq-wr4w
4
reference_url https://github.com/ezsystems/ezpublish-legacy/security/advisories/GHSA-jpwx-ffjq-wr4w
reference_id GHSA-jpwx-ffjq-wr4w
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-legacy/security/advisories/GHSA-jpwx-ffjq-wr4w
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-legacy@2017.12.7.4
purl pkg:composer/ezsystems/ezpublish-legacy@2017.12.7.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.7.4
1
url pkg:composer/ezsystems/ezpublish-legacy@2019.03.6
purl pkg:composer/ezsystems/ezpublish-legacy@2019.03.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2019.03.6
2
url pkg:composer/ezsystems/ezpublish-legacy@2017.12.7%2B4
purl pkg:composer/ezsystems/ezpublish-legacy@2017.12.7%2B4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.7%252B4
3
url pkg:composer/ezsystems/ezpublish-legacy@2019.3.6%2B1
purl pkg:composer/ezsystems/ezpublish-legacy@2019.3.6%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2019.3.6%252B1
aliases GHSA-jpwx-ffjq-wr4w, GMS-2021-112
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-29ju-364n-qkch
3
url VCID-bmkb-zcyd-6kdk
vulnerability_id VCID-bmkb-zcyd-6kdk
summary 
Cross-site Scripting
Several vulnerabilities in Forgot password, Information collector, XML text, and Matrix field type features
references
0
reference_url http://share.ez.no/community-project/security-advisories/ezsa-2018-001-several-vulnerabilities-in-forgot-password-information-collector-xml-text-and-matrix-field-type-features
reference_id
reference_type
scores
url http://share.ez.no/community-project/security-advisories/ezsa-2018-001-several-vulnerabilities-in-forgot-password-information-collector-xml-text-and-matrix-field-type-features
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-legacy@2017.12.2%2B1
purl pkg:composer/ezsystems/ezpublish-legacy@2017.12.2%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.2%252B1
aliases GMS-2018-64
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bmkb-zcyd-6kdk
4
url VCID-eaqz-xw6f-6yeb
vulnerability_id VCID-eaqz-xw6f-6yeb
summary EZSA-2018-009 Do not interpret PHP/PHAR uploads
references
0
reference_url http://share.ez.no/community-project/security-advisories/ezsa-2018-009-do-not-interpret-php-phar-uploads
reference_id
reference_type
scores
url http://share.ez.no/community-project/security-advisories/ezsa-2018-009-do-not-interpret-php-phar-uploads
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B3
purl pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%252B3
1
url pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4
purl pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29ju-364n-qkch
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4
2
url pkg:composer/ezsystems/ezpublish-legacy@2019.3.0
purl pkg:composer/ezsystems/ezpublish-legacy@2019.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6cyy-uhhk-63aa
1
vulnerability VCID-8zn2-ztg4-s3ex
2
vulnerability VCID-qymv-b76a-2yh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2019.3.0
aliases GMS-2018-67
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eaqz-xw6f-6yeb
5
url VCID-nfdt-99kp-xydy
vulnerability_id VCID-nfdt-99kp-xydy
summary 
XSS issue in search
There's a Cross-Site Scripting (XSS) vulnerability in the content/search module in eZ Publish legacy, which allows javascript to be injected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000431
reference_id
reference_type
scores
0
value 0.00292
scoring_system epss
scoring_elements 0.52821
published_at 2026-06-04T12:55:00Z
1
value 0.00292
scoring_system epss
scoring_elements 0.52881
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000431
1
reference_url https://github.com/ezsystems/ezpublish-legacy/commit/c7174295fa0b9bd81bd4af908082464b0b80f278
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-legacy/commit/c7174295fa0b9bd81bd4af908082464b0b80f278
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/CVE-2017-1000431.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/CVE-2017-1000431.yaml
3
reference_url http://share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000431
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000431
5
reference_url https://web.archive.org/web/20210408035246/http://share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210408035246/http://share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-legacy@2017.8.0
purl pkg:composer/ezsystems/ezpublish-legacy@2017.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mcch-nd3r-1kee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.8.0
1
url pkg:composer/ezsystems/ezpublish-legacy@2017.08.0
purl pkg:composer/ezsystems/ezpublish-legacy@2017.08.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q2y-ruwv-rqgr
1
vulnerability VCID-2975-xhf4-ckcj
2
vulnerability VCID-29ju-364n-qkch
3
vulnerability VCID-bmkb-zcyd-6kdk
4
vulnerability VCID-eaqz-xw6f-6yeb
5
vulnerability VCID-mcch-nd3r-1kee
6
vulnerability VCID-ufw5-emg4-cqd6
7
vulnerability VCID-ukn1-91je-x7hw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.08.0
aliases CVE-2017-1000431, GHSA-m98q-p5gq-q5ff
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nfdt-99kp-xydy
6
url VCID-ufw5-emg4-cqd6
vulnerability_id VCID-ufw5-emg4-cqd6
summary EZSA-2018-006 XSS vulnerability in 'disabled module' error template
references
0
reference_url http://share.ez.no/community-project/security-advisories/ezsa-2018-006-xss-vulnerability-in-disabled-module-error-template
reference_id
reference_type
scores
url http://share.ez.no/community-project/security-advisories/ezsa-2018-006-xss-vulnerability-in-disabled-module-error-template
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B2
purl pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%252B2
1
url pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%2B4
purl pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%2B4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%252B4
2
url pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4
purl pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29ju-364n-qkch
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4
3
url pkg:composer/ezsystems/ezpublish-legacy@2019.3.0
purl pkg:composer/ezsystems/ezpublish-legacy@2019.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6cyy-uhhk-63aa
1
vulnerability VCID-8zn2-ztg4-s3ex
2
vulnerability VCID-qymv-b76a-2yh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2019.3.0
aliases GMS-2018-66
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ufw5-emg4-cqd6
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2014.01.2