Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pretix@1.13.1
Typepypi
Namespace
Namepretix
Version1.13.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2023.7.2
Latest_non_vulnerable_version2026.3.1
Affected_by_vulnerabilities
0
url VCID-23sx-2a61-cqfp
vulnerability_id VCID-23sx-2a61-cqfp
summary An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application.
references
0
reference_url https://github.com/pretix/pretix
reference_id
reference_type
scores
url https://github.com/pretix/pretix
1
reference_url https://github.com/pretix/pretix/commit/ccdce2ccb8207b82501af3c03f50abc0f819b469
reference_id
reference_type
scores
url https://github.com/pretix/pretix/commit/ccdce2ccb8207b82501af3c03f50abc0f819b469
2
reference_url https://github.com/pretix/pretix/compare/v2023.7.0...v2023.7.1
reference_id
reference_type
scores
url https://github.com/pretix/pretix/compare/v2023.7.0...v2023.7.1
3
reference_url https://github.com/pretix/pretix/tags
reference_id
reference_type
scores
url https://github.com/pretix/pretix/tags
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pretix/PYSEC-2023-187.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pretix/PYSEC-2023-187.yaml
5
reference_url https://pretix.eu/about/en/blog/20230911-release-2023-7-1
reference_id
reference_type
scores
url https://pretix.eu/about/en/blog/20230911-release-2023-7-1
6
reference_url https://pretix.eu/about/en/blog/20230911-release-2023-7-1/
reference_id
reference_type
scores
url https://pretix.eu/about/en/blog/20230911-release-2023-7-1/
7
reference_url https://pretix.eu/about/en/ticketing
reference_id
reference_type
scores
url https://pretix.eu/about/en/ticketing
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-44463
reference_id CVE-2023-44463
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-44463
9
reference_url https://github.com/advisories/GHSA-j9gq-w73w-9h6c
reference_id GHSA-j9gq-w73w-9h6c
reference_type
scores
url https://github.com/advisories/GHSA-j9gq-w73w-9h6c
fixed_packages
0
url pkg:pypi/pretix@2023.7.1
purl pkg:pypi/pretix@2023.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-33va-vuxq-bbc6
1
vulnerability VCID-dvc4-fezc-gufm
2
vulnerability VCID-jh6j-yq6e-cuad
3
vulnerability VCID-wxjm-jcgw-qydn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2023.7.1
aliases CVE-2023-44463, GHSA-j9gq-w73w-9h6c, PYSEC-2023-187
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-23sx-2a61-cqfp
1
url VCID-33va-vuxq-bbc6
vulnerability_id VCID-33va-vuxq-bbc6
summary Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tags into e-mail previews on settings page. The default Content Security Policy of pretix prevents execution of attacker-provided scripts, making exploitation unlikely. However, combined with a CSP bypass (which is not currently known) the vulnerability could be used to impersonate other organizers or staff users.
references
0
reference_url https://pretix.eu/about/en/blog/20240823-release-2024-7-1/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://pretix.eu/about/en/blog/20240823-release-2024-7-1/
fixed_packages
0
url pkg:pypi/pretix@2024.7.1
purl pkg:pypi/pretix@2024.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dvc4-fezc-gufm
1
vulnerability VCID-jh6j-yq6e-cuad
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2024.7.1
aliases CVE-2024-8113, PYSEC-2024-180
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-33va-vuxq-bbc6
2
url VCID-dvc4-fezc-gufm
vulnerability_id VCID-dvc4-fezc-gufm
summary Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML in the resulting email. This way, a user could inject links or other formatted text through a maliciously formatted name. Since pretix applies a strict allow list approach to allowed HTML tags, this could not be abused for XSS or similarly dangerous attack chains. However, it can be used to manipulate emails in a way that makes user-provided content appear in a trustworthy and credible way, which can be abused for phishing.
references
0
reference_url https://pretix.eu/about/en/blog/20251126-release-2025-9-1/
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://pretix.eu/about/en/blog/20251126-release-2025-9-1/
fixed_packages
0
url pkg:pypi/pretix@2025.7.2
purl pkg:pypi/pretix@2025.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jh6j-yq6e-cuad
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.7.2
aliases CVE-2025-13742, PYSEC-2025-154
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dvc4-fezc-gufm
3
url VCID-v9fw-cvvw-jkcw
vulnerability_id VCID-v9fw-cvvw-jkcw
summary rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1.
references
0
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pretix/PYSEC-2023-42.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pretix/PYSEC-2023-42.yaml
1
reference_url https://github.com/thufschmitt/pretix-nix
reference_id
reference_type
scores
url https://github.com/thufschmitt/pretix-nix
2
reference_url https://pretix.eu/about/en/blog/20230306-release-4171
reference_id
reference_type
scores
url https://pretix.eu/about/en/blog/20230306-release-4171
3
reference_url https://pretix.eu/about/en/blog/20230306-release-4171/
reference_id
reference_type
scores
url https://pretix.eu/about/en/blog/20230306-release-4171/
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27891
reference_id CVE-2023-27891
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-27891
5
reference_url https://github.com/advisories/GHSA-r76w-3wwq-jv6v
reference_id GHSA-r76w-3wwq-jv6v
reference_type
scores
url https://github.com/advisories/GHSA-r76w-3wwq-jv6v
fixed_packages
0
url pkg:pypi/pretix@4.15.1
purl pkg:pypi/pretix@4.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23sx-2a61-cqfp
1
vulnerability VCID-33va-vuxq-bbc6
2
vulnerability VCID-dvc4-fezc-gufm
3
vulnerability VCID-v9fw-cvvw-jkcw
4
vulnerability VCID-wxjm-jcgw-qydn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@4.15.1
1
url pkg:pypi/pretix@4.16.1
purl pkg:pypi/pretix@4.16.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23sx-2a61-cqfp
1
vulnerability VCID-33va-vuxq-bbc6
2
vulnerability VCID-dvc4-fezc-gufm
3
vulnerability VCID-jh6j-yq6e-cuad
4
vulnerability VCID-v9fw-cvvw-jkcw
5
vulnerability VCID-wxjm-jcgw-qydn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@4.16.1
2
url pkg:pypi/pretix@4.17.1
purl pkg:pypi/pretix@4.17.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23sx-2a61-cqfp
1
vulnerability VCID-33va-vuxq-bbc6
2
vulnerability VCID-dvc4-fezc-gufm
3
vulnerability VCID-jh6j-yq6e-cuad
4
vulnerability VCID-wxjm-jcgw-qydn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@4.17.1
aliases CVE-2023-27891, GHSA-r76w-3wwq-jv6v, PYSEC-2023-42
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v9fw-cvvw-jkcw
4
url VCID-wxjm-jcgw-qydn
vulnerability_id VCID-wxjm-jcgw-qydn
summary pretix before 2024.1.1 mishandles file validation.
references
0
reference_url https://github.com/pretix/pretix
reference_id
reference_type
scores
url https://github.com/pretix/pretix
1
reference_url https://github.com/pretix/pretix/compare/v2023.10.2...v2024.1.1
reference_id
reference_type
scores
url https://github.com/pretix/pretix/compare/v2023.10.2...v2024.1.1
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pretix/PYSEC-2024-253.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pretix/PYSEC-2024-253.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27447
reference_id CVE-2024-27447
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-27447
4
reference_url https://github.com/advisories/GHSA-672r-97r7-vx2q
reference_id GHSA-672r-97r7-vx2q
reference_type
scores
url https://github.com/advisories/GHSA-672r-97r7-vx2q
fixed_packages
0
url pkg:pypi/pretix@2024.1.1
purl pkg:pypi/pretix@2024.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-33va-vuxq-bbc6
1
vulnerability VCID-dvc4-fezc-gufm
2
vulnerability VCID-jh6j-yq6e-cuad
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2024.1.1
aliases CVE-2024-27447, GHSA-672r-97r7-vx2q, PYSEC-2024-253
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wxjm-jcgw-qydn
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pretix@1.13.1