Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/ezsystems/ezpublish-kernel@6.9.1-rc1
Typecomposer
Namespaceezsystems
Nameezpublish-kernel
Version6.9.1-rc1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.13.8.2
Latest_non_vulnerable_version7.5.31
Affected_by_vulnerabilities
0
url VCID-5jc4-962r-6kez
vulnerability_id VCID-5jc4-962r-6kez
summary 
Information Exposure
REST API returns list of all site accesses.
references
0
reference_url http://share.ez.no/community-project/security-advisories/ezsa-2018-008-rest-api-returns-list-of-all-siteaccesses
reference_id
reference_type
scores
url http://share.ez.no/community-project/security-advisories/ezsa-2018-008-rest-api-returns-list-of-all-siteaccesses
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-kernel@6.13.5%2B1
purl pkg:composer/ezsystems/ezpublish-kernel@6.13.5%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.5%252B1
1
url pkg:composer/ezsystems/ezpublish-kernel@6.13.6-rc1
purl pkg:composer/ezsystems/ezpublish-kernel@6.13.6-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7k4g-s55n-zba3
1
vulnerability VCID-n9ba-bdr7-vkfg
2
vulnerability VCID-ukn1-91je-x7hw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.6-rc1
2
url pkg:composer/ezsystems/ezpublish-kernel@7.2.4%2B1
purl pkg:composer/ezsystems/ezpublish-kernel@7.2.4%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.2.4%252B1
3
url pkg:composer/ezsystems/ezpublish-kernel@7.2.4.1
purl pkg:composer/ezsystems/ezpublish-kernel@7.2.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n9ba-bdr7-vkfg
1
vulnerability VCID-ukn1-91je-x7hw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.2.4.1
4
url pkg:composer/ezsystems/ezpublish-kernel@7.3.2%2B1
purl pkg:composer/ezsystems/ezpublish-kernel@7.3.2%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.3.2%252B1
5
url pkg:composer/ezsystems/ezpublish-kernel@7.4.3-rc1
purl pkg:composer/ezsystems/ezpublish-kernel@7.4.3-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n9ba-bdr7-vkfg
1
vulnerability VCID-ukn1-91je-x7hw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.4.3-rc1
aliases GMS-2018-63
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5jc4-962r-6kez
1
url VCID-n9ba-bdr7-vkfg
vulnerability_id VCID-n9ba-bdr7-vkfg
summary 
Cross-site scripting in eZ Platform Kernel
In file upload it is possible by certain means to upload files like .html and .js. These may contain XSS exploits which will be run when links to them are accessed by victims.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-46875
reference_id
reference_type
scores
0
value 0.00542
scoring_system epss
scoring_elements 0.6805
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-46875
1
reference_url https://github.com/ezsystems/ezpublish-kernel
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel
2
reference_url https://github.com/ezsystems/ezpublish-kernel/commit/29fecd2afe86f763510f10c02f14962d028f311b
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel/commit/29fecd2afe86f763510f10c02f14962d028f311b
3
reference_url https://packagist.org/packages/ezsystems/ezplatform-kernel#v1.2.5.1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/ezsystems/ezplatform-kernel#v1.2.5.1
4
reference_url https://packagist.org/packages/ezsystems/ezpublish-kernel#v7.5.15.2
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/ezsystems/ezpublish-kernel#v7.5.15.2
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-46875
reference_id CVE-2021-46875
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-46875
6
reference_url https://github.com/advisories/GHSA-mrvj-7q4f-5p42
reference_id GHSA-mrvj-7q4f-5p42
reference_type
scores
url https://github.com/advisories/GHSA-mrvj-7q4f-5p42
7
reference_url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42
reference_id GHSA-mrvj-7q4f-5p42
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-kernel@6.13.8%2B2
purl pkg:composer/ezsystems/ezpublish-kernel@6.13.8%2B2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.8%252B2
1
url pkg:composer/ezsystems/ezpublish-kernel@6.13.8.2
purl pkg:composer/ezsystems/ezpublish-kernel@6.13.8.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.8.2
2
url pkg:composer/ezsystems/ezpublish-kernel@7.5.15%2B2
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.15%2B2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.15%252B2
3
url pkg:composer/ezsystems/ezpublish-kernel@7.5.15.2
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.15.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.15.2
aliases CVE-2021-46875, GHSA-mrvj-7q4f-5p42, GMS-2021-111, GMS-2021-47
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9ba-bdr7-vkfg
2
url VCID-ukn1-91je-x7hw
vulnerability_id VCID-ukn1-91je-x7hw
summary 
Unrestricted Upload of File with Dangerous Type
eZ Publish Legacy allow remote attackers to execute arbitrary code by uploading PHP code, unless the vhost configuration permits only `app.php` execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10806
reference_id
reference_type
scores
0
value 0.02833
scoring_system epss
scoring_elements 0.86454
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10806
1
reference_url https://ezplatform.com/security-advisories/ezsa-2020-001-remote-code-execution-in-file-uploads
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://ezplatform.com/security-advisories/ezsa-2020-001-remote-code-execution-in-file-uploads
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10806
reference_id CVE-2020-10806
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10806
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-kernel@6.13.6%2B2
purl pkg:composer/ezsystems/ezpublish-kernel@6.13.6%2B2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.6%252B2
1
url pkg:composer/ezsystems/ezpublish-kernel@6.13.6.2
purl pkg:composer/ezsystems/ezpublish-kernel@6.13.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7k4g-s55n-zba3
1
vulnerability VCID-n9ba-bdr7-vkfg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.6.2
2
url pkg:composer/ezsystems/ezpublish-kernel@7.5.6%2B2
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.6%2B2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.6%252B2
3
url pkg:composer/ezsystems/ezpublish-kernel@7.5.6.2
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7k4g-s55n-zba3
1
vulnerability VCID-n9ba-bdr7-vkfg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.6.2
aliases CVE-2020-10806, GHSA-54p5-gxq6-j98g
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ukn1-91je-x7hw
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.9.1-rc1