Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/guake@3.4.0
Typepypi
Namespace
Nameguake
Version3.4.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.8.5
Latest_non_vulnerable_version3.8.5
Affected_by_vulnerabilities
0
url VCID-t1w4-nrhn-yya3
vulnerability_id VCID-t1w4-nrhn-yya3
summary The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of execute_command and execute_command_by_uuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. **Note:** Exploitation requires the user to have installed another malicious program that will be able to send dbus signals or run terminal commands.
references
0
reference_url https://github.com/advisories/GHSA-7x48-7466-3g33
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-7x48-7466-3g33
1
reference_url https://github.com/Guake/guake
reference_id
reference_type
scores
url https://github.com/Guake/guake
2
reference_url https://github.com/Guake/guake/commit/b769b3a5fd71a107c58679d217cccc971b4196b4
reference_id
reference_type
scores
url https://github.com/Guake/guake/commit/b769b3a5fd71a107c58679d217cccc971b4196b4
3
reference_url https://github.com/Guake/guake/issues/1796
reference_id
reference_type
scores
url https://github.com/Guake/guake/issues/1796
4
reference_url https://github.com/Guake/guake/pull/2017
reference_id
reference_type
scores
url https://github.com/Guake/guake/pull/2017
5
reference_url https://github.com/Guake/guake/pull/2017/commits/e3d671120bfe7ba28f50e256cc5e8a629781b888
reference_id
reference_type
scores
url https://github.com/Guake/guake/pull/2017/commits/e3d671120bfe7ba28f50e256cc5e8a629781b888
6
reference_url https://github.com/Guake/guake/releases
reference_id
reference_type
scores
url https://github.com/Guake/guake/releases
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/guake/PYSEC-2022-165.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/guake/PYSEC-2022-165.yaml
8
reference_url https://snyk.io/vuln/SNYK-PYTHON-GUAKE-2386334
reference_id
reference_type
scores
url https://snyk.io/vuln/SNYK-PYTHON-GUAKE-2386334
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23556
reference_id CVE-2021-23556
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-23556
fixed_packages
0
url pkg:pypi/guake@3.8.5
purl pkg:pypi/guake@3.8.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/guake@3.8.5
aliases CVE-2021-23556, GHSA-7x48-7466-3g33, PYSEC-2022-165, SNYK-PYTHON-GUAKE-2386334
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t1w4-nrhn-yya3
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/guake@3.4.0