Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/papaparse@5.0.2
Typenpm
Namespace
Namepapaparse
Version5.0.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.2.0
Latest_non_vulnerable_version5.2.0
Affected_by_vulnerabilities
0
url VCID-3qbh-852e-13h1
vulnerability_id VCID-3qbh-852e-13h1
summary 
Duplicate Advisory: PapaParse Inefficient Regular Expression Complexity vulnerability
## Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-qvjc-g5vr-mfgr. This link is maintained to preserve external references.

## Original Description
A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004.
references
0
reference_url https://github.com/mholt/PapaParse
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mholt/PapaParse
1
reference_url https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621
2
reference_url https://github.com/mholt/PapaParse/issues/777
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mholt/PapaParse/issues/777
3
reference_url https://github.com/mholt/PapaParse/pull/779
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mholt/PapaParse/pull/779
4
reference_url https://github.com/mholt/PapaParse/releases/tag/5.2.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mholt/PapaParse/releases/tag/5.2.0
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36649
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36649
6
reference_url https://vuldb.com/?ctiid.218004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://vuldb.com/?ctiid.218004
7
reference_url https://vuldb.com/?id.218004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://vuldb.com/?id.218004
8
reference_url https://github.com/advisories/GHSA-798h-g4j5-5537
reference_id GHSA-798h-g4j5-5537
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-798h-g4j5-5537
fixed_packages
0
url pkg:npm/papaparse@5.2.0
purl pkg:npm/papaparse@5.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/papaparse@5.2.0
aliases GHSA-798h-g4j5-5537
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3qbh-852e-13h1
1
url VCID-9g1g-z7d8-c7ah
vulnerability_id VCID-9g1g-z7d8-c7ah
summary 
Regular Expression Denial of Service in papaparse
Versions of `papaparse` prior to 5.2.0 are vulnerable to Regular Expression Denial of Service (ReDos). The `parse` function contains a malformed regular expression that takes exponentially longer to process non-numerical inputs. This allows attackers to stall systems and lead to Denial of Service.


## Recommendation

Upgrade to version 5.2.0 or later.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36649.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36649.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36649
reference_id
reference_type
scores
0
value 0.00427
scoring_system epss
scoring_elements 0.62474
published_at 2026-04-18T12:55:00Z
1
value 0.00427
scoring_system epss
scoring_elements 0.6237
published_at 2026-04-07T12:55:00Z
2
value 0.00427
scoring_system epss
scoring_elements 0.62467
published_at 2026-04-16T12:55:00Z
3
value 0.00427
scoring_system epss
scoring_elements 0.62423
published_at 2026-04-13T12:55:00Z
4
value 0.00427
scoring_system epss
scoring_elements 0.62445
published_at 2026-04-12T12:55:00Z
5
value 0.00427
scoring_system epss
scoring_elements 0.62455
published_at 2026-04-11T12:55:00Z
6
value 0.00427
scoring_system epss
scoring_elements 0.62436
published_at 2026-04-09T12:55:00Z
7
value 0.00427
scoring_system epss
scoring_elements 0.62419
published_at 2026-04-08T12:55:00Z
8
value 0.00427
scoring_system epss
scoring_elements 0.62317
published_at 2026-04-01T12:55:00Z
9
value 0.00427
scoring_system epss
scoring_elements 0.62375
published_at 2026-04-02T12:55:00Z
10
value 0.00427
scoring_system epss
scoring_elements 0.62405
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36649
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36649
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36649
3
reference_url https://github.com/mholt/PapaParse
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mholt/PapaParse
4
reference_url https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621
5
reference_url https://github.com/mholt/PapaParse/issues/777
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mholt/PapaParse/issues/777
6
reference_url https://github.com/mholt/PapaParse/pull/779
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mholt/PapaParse/pull/779
7
reference_url https://github.com/mholt/PapaParse/releases/tag/5.2.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mholt/PapaParse/releases/tag/5.2.0
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36649
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36649
9
reference_url https://snyk.io/vuln/SNYK-JS-PAPAPARSE-564258
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-PAPAPARSE-564258
10
reference_url https://vuldb.com/?ctiid.218004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://vuldb.com/?ctiid.218004
11
reference_url https://vuldb.com/?id.218004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://vuldb.com/?id.218004
12
reference_url https://www.npmjs.com/advisories/1515
reference_id
reference_type
scores
url https://www.npmjs.com/advisories/1515
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2160359
reference_id 2160359
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2160359
14
reference_url https://github.com/advisories/GHSA-qvjc-g5vr-mfgr
reference_id GHSA-qvjc-g5vr-mfgr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qvjc-g5vr-mfgr
fixed_packages
0
url pkg:npm/papaparse@5.2.0
purl pkg:npm/papaparse@5.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/papaparse@5.2.0
aliases CVE-2020-36649, GHSA-qvjc-g5vr-mfgr, GMS-2020-421
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9g1g-z7d8-c7ah
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/papaparse@5.0.2