Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/puppeteer@1.4.0-next.1527891760955
Typenpm
Namespace
Namepuppeteer
Version1.4.0-next.1527891760955
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.13.0
Latest_non_vulnerable_version1.13.0
Affected_by_vulnerabilities
0
url VCID-rru7-kb7m-y3e9
vulnerability_id VCID-rru7-kb7m-y3e9
summary 
Use-After-Free in puppeteer
Versions of `puppeteer` prior to 1.13.0 are vulnerable to the Use-After-Free vulnerability in Chromium (CVE-2019-5786). The Chromium FileReader API is vulnerable to Use-After-Free which may lead to Remote Code Execution.


## Recommendation

Upgrade to version 1.13.0 or later.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5786.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5786.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-5786
reference_id
reference_type
scores
0
value 0.89384
scoring_system epss
scoring_elements 0.99548
published_at 2026-04-18T12:55:00Z
1
value 0.89384
scoring_system epss
scoring_elements 0.99544
published_at 2026-04-12T12:55:00Z
2
value 0.89384
scoring_system epss
scoring_elements 0.99545
published_at 2026-04-13T12:55:00Z
3
value 0.89453
scoring_system epss
scoring_elements 0.99548
published_at 2026-04-11T12:55:00Z
4
value 0.89453
scoring_system epss
scoring_elements 0.99549
published_at 2026-04-09T12:55:00Z
5
value 0.89482
scoring_system epss
scoring_elements 0.99554
published_at 2026-04-21T12:55:00Z
6
value 0.8955
scoring_system epss
scoring_elements 0.99552
published_at 2026-04-02T12:55:00Z
7
value 0.8955
scoring_system epss
scoring_elements 0.99553
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-5786
2
reference_url https://blog.exodusintel.com/2019/03/20/cve-2019-5786-analysis-and-exploitation
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://blog.exodusintel.com/2019/03/20/cve-2019-5786-analysis-and-exploitation
3
reference_url https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:09:14Z/
url https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html
4
reference_url https://crbug.com/936448
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:09:14Z/
url https://crbug.com/936448
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5786
6
reference_url https://electronjs.org/blog/filereader-fix
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3
scoring_elements
url https://electronjs.org/blog/filereader-fix
7
reference_url https://github.com/GoogleChrome/puppeteer
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/GoogleChrome/puppeteer
8
reference_url https://github.com/GoogleChrome/puppeteer/issues/4141
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/GoogleChrome/puppeteer/issues/4141
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-5786
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-5786
10
reference_url https://security.googleblog.com/2019/03/disclosing-vulnerabilities-to-protect.html
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3
scoring_elements
url https://security.googleblog.com/2019/03/disclosing-vulnerabilities-to-protect.html
11
reference_url https://snyk.io/vuln/SNYK-JS-PUPPETEER-174321
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-PUPPETEER-174321
12
reference_url https://www.cisecurity.org/advisory/a-vulnerability-in-google-chrome-could-allow-for-arbitrary-code-execution_2019-026/
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3
scoring_elements
url https://www.cisecurity.org/advisory/a-vulnerability-in-google-chrome-could-allow-for-arbitrary-code-execution_2019-026/
13
reference_url https://www.npmjs.com/advisories/824
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/824
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1685162
reference_id 1685162
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1685162
15
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/495.json
reference_id 495
reference_type
scores
0
value 10.0
scoring_system cvssv3
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/495.json
16
reference_url https://security.archlinux.org/ASA-201903-1
reference_id ASA-201903-1
reference_type
scores
url https://security.archlinux.org/ASA-201903-1
17
reference_url https://security.archlinux.org/AVG-916
reference_id AVG-916
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-916
18
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows_x86/remote/46812.rb
reference_id CVE-2019-5786
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows_x86/remote/46812.rb
19
reference_url https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/chrome_filereader_uaf.rb
reference_id CVE-2019-5786
reference_type exploit
scores
url https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/chrome_filereader_uaf.rb
20
reference_url https://blog.exodusintel.com/2019/03/20/cve-2019-5786-analysis-and-exploitation/
reference_id CVE-2019-5786-ANALYSIS-AND-EXPLOITATION
reference_type
scores
url https://blog.exodusintel.com/2019/03/20/cve-2019-5786-analysis-and-exploitation/
21
reference_url https://github.com/advisories/GHSA-c2gp-86p4-5935
reference_id GHSA-c2gp-86p4-5935
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c2gp-86p4-5935
22
reference_url https://security.gentoo.org/glsa/201903-23
reference_id GLSA-201903-23
reference_type
scores
url https://security.gentoo.org/glsa/201903-23
23
reference_url https://access.redhat.com/errata/RHSA-2019:0481
reference_id RHSA-2019:0481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0481
fixed_packages
0
url pkg:npm/puppeteer@1.13.0
purl pkg:npm/puppeteer@1.13.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/puppeteer@1.13.0
aliases CVE-2019-5786, GHSA-c2gp-86p4-5935
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rru7-kb7m-y3e9
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/puppeteer@1.4.0-next.1527891760955