Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/ezsystems/ezpublish-kernel@6.6.0-beta2
Typecomposer
Namespaceezsystems
Nameezpublish-kernel
Version6.6.0-beta2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.13.8.2
Latest_non_vulnerable_version8.0.0-beta1
Affected_by_vulnerabilities
0
url VCID-5jc4-962r-6kez
vulnerability_id VCID-5jc4-962r-6kez
summary 
Information Exposure
REST API returns list of all site accesses.
references
0
reference_url http://share.ez.no/community-project/security-advisories/ezsa-2018-008-rest-api-returns-list-of-all-siteaccesses
reference_id
reference_type
scores
url http://share.ez.no/community-project/security-advisories/ezsa-2018-008-rest-api-returns-list-of-all-siteaccesses
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-kernel@6.7.9%2B1
purl pkg:composer/ezsystems/ezpublish-kernel@6.7.9%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.7.9%252B1
1
url pkg:composer/ezsystems/ezpublish-kernel@6.7.9.1
purl pkg:composer/ezsystems/ezpublish-kernel@6.7.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n9ba-bdr7-vkfg
1
vulnerability VCID-ukn1-91je-x7hw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.7.9.1
2
url pkg:composer/ezsystems/ezpublish-kernel@6.13.5%2B1
purl pkg:composer/ezsystems/ezpublish-kernel@6.13.5%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.5%252B1
3
url pkg:composer/ezsystems/ezpublish-kernel@6.13.6-rc1
purl pkg:composer/ezsystems/ezpublish-kernel@6.13.6-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7k4g-s55n-zba3
1
vulnerability VCID-8cdb-zjbz-1kdv
2
vulnerability VCID-m6hv-1sz4-mfff
3
vulnerability VCID-n9ba-bdr7-vkfg
4
vulnerability VCID-ukn1-91je-x7hw
5
vulnerability VCID-vpbp-kn99-hygk
6
vulnerability VCID-y2r5-sqjj-f3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.6-rc1
4
url pkg:composer/ezsystems/ezpublish-kernel@7.2.4%2B1
purl pkg:composer/ezsystems/ezpublish-kernel@7.2.4%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.2.4%252B1
5
url pkg:composer/ezsystems/ezpublish-kernel@7.2.4.1
purl pkg:composer/ezsystems/ezpublish-kernel@7.2.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n9ba-bdr7-vkfg
1
vulnerability VCID-ukn1-91je-x7hw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.2.4.1
6
url pkg:composer/ezsystems/ezpublish-kernel@7.3.2%2B1
purl pkg:composer/ezsystems/ezpublish-kernel@7.3.2%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.3.2%252B1
7
url pkg:composer/ezsystems/ezpublish-kernel@7.4.3-rc1
purl pkg:composer/ezsystems/ezpublish-kernel@7.4.3-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n9ba-bdr7-vkfg
1
vulnerability VCID-ukn1-91je-x7hw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.4.3-rc1
aliases GMS-2018-63
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5jc4-962r-6kez
1
url VCID-a9x3-rx3e-8kbj
vulnerability_id VCID-a9x3-rx3e-8kbj
summary 
eZ Platform REST API returns list of all SiteAccesses
This security advisory fixes a vulnerability in eZ Platform, and we recommend that you install it as soon as possible. The issue is that the REST API may be made to disclose the names of all available site accesses. The severity of this depends on your installation, please consider your response accordingly.

To install, use Composer to update "ezsystems/ezpublish-kernel" to one of the "Resolving versions" mentioned above, or apply this patch manually:
https://github.com/ezsystems/ezpublish-kernel/commit/1551723ec134878a4cb598bfc5d900ba6164117a
references
0
reference_url https://github.com/ezsystems/ezpublish-kernel
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel
1
reference_url https://github.com/ezsystems/ezpublish-kernel/commit/1551723ec134878a4cb598bfc5d900ba6164117a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel/commit/1551723ec134878a4cb598bfc5d900ba6164117a
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-kernel/2018-11-21-1.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-kernel/2018-11-21-1.yaml
3
reference_url http://share.ez.no/community-project/security-advisories/ezsa-2018-008-rest-api-returns-list-of-all-siteaccesses
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://share.ez.no/community-project/security-advisories/ezsa-2018-008-rest-api-returns-list-of-all-siteaccesses
4
reference_url https://web.archive.org/web/20210614181629/https://share.ez.no/community-project/security-advisories/ezsa-2018-008-rest-api-returns-list-of-all-siteaccesses
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210614181629/https://share.ez.no/community-project/security-advisories/ezsa-2018-008-rest-api-returns-list-of-all-siteaccesses
5
reference_url https://github.com/advisories/GHSA-9wwx-c723-vm8x
reference_id GHSA-9wwx-c723-vm8x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9wwx-c723-vm8x
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-kernel@6.7.9%2B1
purl pkg:composer/ezsystems/ezpublish-kernel@6.7.9%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.7.9%252B1
1
url pkg:composer/ezsystems/ezpublish-kernel@6.7.9.1
purl pkg:composer/ezsystems/ezpublish-kernel@6.7.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n9ba-bdr7-vkfg
1
vulnerability VCID-ukn1-91je-x7hw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.7.9.1
2
url pkg:composer/ezsystems/ezpublish-kernel@6.13.5%2B1
purl pkg:composer/ezsystems/ezpublish-kernel@6.13.5%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.5%252B1
3
url pkg:composer/ezsystems/ezpublish-kernel@6.13.5.1
purl pkg:composer/ezsystems/ezpublish-kernel@6.13.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7k4g-s55n-zba3
1
vulnerability VCID-8cdb-zjbz-1kdv
2
vulnerability VCID-m6hv-1sz4-mfff
3
vulnerability VCID-n9ba-bdr7-vkfg
4
vulnerability VCID-ukn1-91je-x7hw
5
vulnerability VCID-vpbp-kn99-hygk
6
vulnerability VCID-y2r5-sqjj-f3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.5.1
4
url pkg:composer/ezsystems/ezpublish-kernel@7.2.4%2B1
purl pkg:composer/ezsystems/ezpublish-kernel@7.2.4%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.2.4%252B1
5
url pkg:composer/ezsystems/ezpublish-kernel@7.2.4.1
purl pkg:composer/ezsystems/ezpublish-kernel@7.2.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n9ba-bdr7-vkfg
1
vulnerability VCID-ukn1-91je-x7hw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.2.4.1
6
url pkg:composer/ezsystems/ezpublish-kernel@7.3.2%2B1
purl pkg:composer/ezsystems/ezpublish-kernel@7.3.2%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.3.2%252B1
7
url pkg:composer/ezsystems/ezpublish-kernel@7.3.2.1
purl pkg:composer/ezsystems/ezpublish-kernel@7.3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n9ba-bdr7-vkfg
1
vulnerability VCID-ukn1-91je-x7hw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.3.2.1
aliases GHSA-9wwx-c723-vm8x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a9x3-rx3e-8kbj
2
url VCID-n9ba-bdr7-vkfg
vulnerability_id VCID-n9ba-bdr7-vkfg
summary 
Cross-site scripting in eZ Platform Kernel
In file upload it is possible by certain means to upload files like .html and .js. These may contain XSS exploits which will be run when links to them are accessed by victims.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-46875
reference_id
reference_type
scores
0
value 0.00542
scoring_system epss
scoring_elements 0.6805
published_at 2026-06-04T12:55:00Z
1
value 0.00542
scoring_system epss
scoring_elements 0.68089
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-46875
1
reference_url https://github.com/ezsystems/ezpublish-kernel
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel
2
reference_url https://github.com/ezsystems/ezpublish-kernel/commit/29fecd2afe86f763510f10c02f14962d028f311b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T21:15:05Z/
url https://github.com/ezsystems/ezpublish-kernel/commit/29fecd2afe86f763510f10c02f14962d028f311b
3
reference_url https://packagist.org/packages/ezsystems/ezplatform-kernel#v1.2.5.1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/ezsystems/ezplatform-kernel#v1.2.5.1
4
reference_url https://packagist.org/packages/ezsystems/ezpublish-kernel#v7.5.15.2
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/ezsystems/ezpublish-kernel#v7.5.15.2
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-46875
reference_id CVE-2021-46875
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-46875
6
reference_url https://github.com/advisories/GHSA-mrvj-7q4f-5p42
reference_id GHSA-mrvj-7q4f-5p42
reference_type
scores
url https://github.com/advisories/GHSA-mrvj-7q4f-5p42
7
reference_url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42
reference_id GHSA-mrvj-7q4f-5p42
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T21:15:05Z/
url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-kernel@6.13.8%2B2
purl pkg:composer/ezsystems/ezpublish-kernel@6.13.8%2B2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.8%252B2
1
url pkg:composer/ezsystems/ezpublish-kernel@6.13.8.2
purl pkg:composer/ezsystems/ezpublish-kernel@6.13.8.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.8.2
2
url pkg:composer/ezsystems/ezpublish-kernel@7.5.15%2B2
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.15%2B2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.15%252B2
3
url pkg:composer/ezsystems/ezpublish-kernel@7.5.15.2
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.15.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1eex-e332-37e8
1
vulnerability VCID-3pbx-gwd6-jyfs
2
vulnerability VCID-86hr-ej2a-ubbw
3
vulnerability VCID-hhfp-81fr-zkhn
4
vulnerability VCID-jz3f-vywm-v7a7
5
vulnerability VCID-q58t-76x6-mqgp
6
vulnerability VCID-tw5w-dvc4-gfh4
7
vulnerability VCID-ueng-9gm9-4qb2
8
vulnerability VCID-veax-u5rr-4kbv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.15.2
aliases CVE-2021-46875, GHSA-mrvj-7q4f-5p42, GMS-2021-111, GMS-2021-47
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9ba-bdr7-vkfg
3
url VCID-ukn1-91je-x7hw
vulnerability_id VCID-ukn1-91je-x7hw
summary 
Unrestricted Upload of File with Dangerous Type
eZ Publish Legacy allow remote attackers to execute arbitrary code by uploading PHP code, unless the vhost configuration permits only `app.php` execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10806
reference_id
reference_type
scores
0
value 0.02833
scoring_system epss
scoring_elements 0.86454
published_at 2026-06-04T12:55:00Z
1
value 0.02833
scoring_system epss
scoring_elements 0.86477
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10806
1
reference_url https://ezplatform.com/security-advisories/ezsa-2020-001-remote-code-execution-in-file-uploads
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://ezplatform.com/security-advisories/ezsa-2020-001-remote-code-execution-in-file-uploads
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10806
reference_id CVE-2020-10806
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10806
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-kernel@6.13.6%2B2
purl pkg:composer/ezsystems/ezpublish-kernel@6.13.6%2B2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.6%252B2
1
url pkg:composer/ezsystems/ezpublish-kernel@6.13.6.2
purl pkg:composer/ezsystems/ezpublish-kernel@6.13.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7k4g-s55n-zba3
1
vulnerability VCID-8cdb-zjbz-1kdv
2
vulnerability VCID-m6hv-1sz4-mfff
3
vulnerability VCID-n9ba-bdr7-vkfg
4
vulnerability VCID-vpbp-kn99-hygk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.6.2
2
url pkg:composer/ezsystems/ezpublish-kernel@7.5.6%2B2
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.6%2B2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.6%252B2
3
url pkg:composer/ezsystems/ezpublish-kernel@7.5.6.2
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1eex-e332-37e8
1
vulnerability VCID-3pbx-gwd6-jyfs
2
vulnerability VCID-7k4g-s55n-zba3
3
vulnerability VCID-86hr-ej2a-ubbw
4
vulnerability VCID-8cdb-zjbz-1kdv
5
vulnerability VCID-hhfp-81fr-zkhn
6
vulnerability VCID-jz3f-vywm-v7a7
7
vulnerability VCID-m6hv-1sz4-mfff
8
vulnerability VCID-n9ba-bdr7-vkfg
9
vulnerability VCID-q58t-76x6-mqgp
10
vulnerability VCID-tw5w-dvc4-gfh4
11
vulnerability VCID-ueng-9gm9-4qb2
12
vulnerability VCID-veax-u5rr-4kbv
13
vulnerability VCID-vpbp-kn99-hygk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.6.2
aliases CVE-2020-10806, GHSA-54p5-gxq6-j98g
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ukn1-91je-x7hw
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.6.0-beta2