Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/amphp/artax@2.0.6
Typecomposer
Namespaceamphp
Nameartax
Version2.0.6
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-48c5-a36e-dbfd
vulnerability_id VCID-48c5-a36e-dbfd
summary 
amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance
In artax version before 1.0.6 and 2 before 2.0.6, cookies of `foo.bar.example.com` were leaked to `foo.bar`. Additionally, any site could set cookies for any other site. 
Artax fixed this issue by following newer browser implementations now. Cookies can only be set on domains higher or equal to the current domain, but not on any public suffixes.
references
0
reference_url https://github.com/amphp/artax
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/amphp/artax
1
reference_url https://github.com/amphp/artax/commit/25668b891d2bced567bd69611c7d18b6a93d5fc4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/amphp/artax/commit/25668b891d2bced567bd69611c7d18b6a93d5fc4
2
reference_url https://github.com/amphp/artax/commit/accdadaf78f7a43305c3a97d6a964bbc550a555d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/amphp/artax/commit/accdadaf78f7a43305c3a97d6a964bbc550a555d
3
reference_url https://github.com/amphp/artax/releases/tag/v2.0.6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/amphp/artax/releases/tag/v2.0.6
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/artax/2017-05-09.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/artax/2017-05-09.yaml
5
reference_url https://github.com/advisories/GHSA-gm98-g2wf-7c68
reference_id GHSA-gm98-g2wf-7c68
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gm98-g2wf-7c68
fixed_packages
0
url pkg:composer/amphp/artax@1.0.6
purl pkg:composer/amphp/artax@1.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.6
1
url pkg:composer/amphp/artax@2.0.6
purl pkg:composer/amphp/artax@2.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.6
aliases GHSA-gm98-g2wf-7c68
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48c5-a36e-dbfd
1
url VCID-j1u4-14p9-9fdn
vulnerability_id VCID-j1u4-14p9-9fdn
summary Cookie leakage to wrong origins and non-restricted cookie acceptance
references
0
reference_url https://github.com/amphp/artax/releases/tag/v2.0.6
reference_id
reference_type
scores
url https://github.com/amphp/artax/releases/tag/v2.0.6
fixed_packages
0
url pkg:composer/amphp/artax@1.0.6
purl pkg:composer/amphp/artax@1.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.6
1
url pkg:composer/amphp/artax@2.0.6
purl pkg:composer/amphp/artax@2.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.6
aliases 2017-05-09
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j1u4-14p9-9fdn
2
url VCID-t4d6-pvhk-mfaw
vulnerability_id VCID-t4d6-pvhk-mfaw
summary 
Cookie leakage, non-restricted cookie acceptance
Cookies of `foo.bar.example.com` are leaked to foo.bar. Additionally, any site can set cookies for any other site.
references
0
reference_url https://github.com/amphp/artax/releases/tag/v2.0.6
reference_id
reference_type
scores
url https://github.com/amphp/artax/releases/tag/v2.0.6
fixed_packages
0
url pkg:composer/amphp/artax@2.0.6
purl pkg:composer/amphp/artax@2.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.6
aliases GMS-2017-131
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t4d6-pvhk-mfaw
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.6