Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pretix@2023.7.1
Typepypi
Namespace
Namepretix
Version2023.7.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2026.1.2
Latest_non_vulnerable_version2026.3.1
Affected_by_vulnerabilities
0
url VCID-5n41-d77m-hyae
vulnerability_id VCID-5n41-d77m-hyae
summary pretix before 2024.1.1 mishandles file validation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27447
reference_id
reference_type
scores
0
value 0.00232
scoring_system epss
scoring_elements 0.46152
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27447
1
reference_url https://github.com/pretix/pretix
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pretix/pretix
2
reference_url https://github.com/pretix/pretix/compare/v2023.10.2...v2024.1.1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-05T14:46:15Z/
url https://github.com/pretix/pretix/compare/v2023.10.2...v2024.1.1
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pretix/PYSEC-2024-253.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pretix/PYSEC-2024-253.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27447
reference_id CVE-2024-27447
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27447
5
reference_url https://github.com/advisories/GHSA-672r-97r7-vx2q
reference_id GHSA-672r-97r7-vx2q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-672r-97r7-vx2q
fixed_packages
0
url pkg:pypi/pretix@2024.1.1
purl pkg:pypi/pretix@2024.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bwvg-dag1-euak
1
vulnerability VCID-u5jv-2hhr-t7ej
2
vulnerability VCID-ygfz-y22t-3yab
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2024.1.1
aliases CVE-2024-27447, GHSA-672r-97r7-vx2q, PYSEC-2024-253
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5n41-d77m-hyae
1
url VCID-bwvg-dag1-euak
vulnerability_id VCID-bwvg-dag1-euak
summary Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML in the resulting email. This way, a user could inject links or other formatted text through a maliciously formatted name. Since pretix applies a strict allow list approach to allowed HTML tags, this could not be abused for XSS or similarly dangerous attack chains. However, it can be used to manipulate emails in a way that makes user-provided content appear in a trustworthy and credible way, which can be abused for phishing.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13742
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.08488
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13742
1
reference_url https://pretix.eu/about/en/blog/20251126-release-2025-9-1/
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 2.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:L/SA:L/E:U
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-28T15:20:23Z/
url https://pretix.eu/about/en/blog/20251126-release-2025-9-1/
fixed_packages
0
url pkg:pypi/pretix@2025.7.2
purl pkg:pypi/pretix@2025.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-u5jv-2hhr-t7ej
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.7.2
aliases CVE-2025-13742, PYSEC-2025-154
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bwvg-dag1-euak
2
url VCID-u5jv-2hhr-t7ej
vulnerability_id VCID-u5jv-2hhr-t7ej
summary 
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name}
 is used in an email template, it will  be replaced with the buyer's 
name for the final email. This mechanism contained two security-relevant
 bugs:



  *  
It was possible to exfiltrate information about the pretix system through specially crafted placeholder names such as {{event.__init__.__code__.co_filename}}.
 This way, an attacker with the ability to control email templates 
(usually every user of the pretix backend) could retrieve sensitive 
information from the system configuration, including even database 
passwords or API keys. pretix does include mechanisms to prevent the usage of such 
malicious placeholders, however due to a mistake in the code, they were 
not fully effective for the email subject.




  *  
Placeholders in subjects and plain text bodies of emails were 
wrongfully evaluated twice. Therefore, if the first evaluation of a 
placeholder again contains a placeholder, this second placeholder was 
rendered. This allows the rendering of placeholders controlled by the 
ticket buyer, and therefore the exploitation of the first issue as a 
ticket buyer. Luckily, the only buyer-controlled placeholder available 
in pretix by default (that is not validated in a way that prevents the 
issue) is {invoice_company}, which is very unusual (but not
 impossible) to be contained in an email subject template. In addition 
to broadening the attack surface of the first issue, this could 
theoretically also leak information about an order to one of the 
attendees within that order. However, we also consider this scenario 
very unlikely under typical conditions.


Out of caution, we recommend that you rotate all passwords and API keys contained in your  pretix.cfg https://docs.pretix.eu/self-hosting/config/  file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2415
reference_id
reference_type
scores
0
value 0.00048
scoring_system epss
scoring_elements 0.15377
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2415
1
reference_url https://github.com/pretix/pretix
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/RE:L/U:Red
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pretix/pretix
2
reference_url https://github.com/pretix/pretix/commit/ba11d24f8dfa4e9d8f03493e56fd8b43983fe297
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/RE:L/U:Red
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pretix/pretix/commit/ba11d24f8dfa4e9d8f03493e56fd8b43983fe297
3
reference_url https://github.com/pretix/pretix/commit/c85afbc621b5f0b1afa618627c45f89323eb0154
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/RE:L/U:Red
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pretix/pretix/commit/c85afbc621b5f0b1afa618627c45f89323eb0154
4
reference_url https://github.com/pretix/pretix/commit/edac35ed4c5466eb63a202575c337d117ddf1c8e
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/RE:L/U:Red
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pretix/pretix/commit/edac35ed4c5466eb63a202575c337d117ddf1c8e
5
reference_url https://pretix.eu/about/en/blog/20260216-release-2026-1-1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/RE:L/U:Red
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pretix.eu/about/en/blog/20260216-release-2026-1-1
6
reference_url https://pretix.eu/about/en/blog/20260216-release-2026-1-1/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/RE:L/U:Red
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-17T16:43:12Z/
url https://pretix.eu/about/en/blog/20260216-release-2026-1-1/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2415
reference_id CVE-2026-2415
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/RE:L/U:Red
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2415
8
reference_url https://github.com/advisories/GHSA-r8p8-qw9w-j9qv
reference_id GHSA-r8p8-qw9w-j9qv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r8p8-qw9w-j9qv
fixed_packages
0
url pkg:pypi/pretix@2025.9.4
purl pkg:pypi/pretix@2025.9.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-u5jv-2hhr-t7ej
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.9.4
1
url pkg:pypi/pretix@2025.10.2
purl pkg:pypi/pretix@2025.10.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n324-n55w-uyet
1
vulnerability VCID-u5jv-2hhr-t7ej
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2025.10.2
2
url pkg:pypi/pretix@2026.1.1
purl pkg:pypi/pretix@2026.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n324-n55w-uyet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2026.1.1
aliases CVE-2026-2415, GHSA-r8p8-qw9w-j9qv, PYSEC-2026-110
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u5jv-2hhr-t7ej
3
url VCID-ygfz-y22t-3yab
vulnerability_id VCID-ygfz-y22t-3yab
summary Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tags into e-mail previews on settings page. The default Content Security Policy of pretix prevents execution of attacker-provided scripts, making exploitation unlikely. However, combined with a CSP bypass (which is not currently known) the vulnerability could be used to impersonate other organizers or staff users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-8113
reference_id
reference_type
scores
0
value 0.00151
scoring_system epss
scoring_elements 0.35474
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-8113
1
reference_url https://github.com/pretix/pretix
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:L/U:Green
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pretix/pretix
2
reference_url https://github.com/pretix/pretix/commit/0f44a2ad4e170882dbe6b9d95dba6c36e4e181cf
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:L/U:Green
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pretix/pretix/commit/0f44a2ad4e170882dbe6b9d95dba6c36e4e181cf
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pretix/PYSEC-2024-180.yaml
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:L/U:Green
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pretix/PYSEC-2024-180.yaml
4
reference_url https://pretix.eu/about/en/blog/20240823-release-2024-7-1
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:L/U:Green
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pretix.eu/about/en/blog/20240823-release-2024-7-1
5
reference_url https://pretix.eu/about/en/blog/20240823-release-2024-7-1/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/R:U/RE:L/U:Green
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T18:23:56Z/
url https://pretix.eu/about/en/blog/20240823-release-2024-7-1/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-8113
reference_id CVE-2024-8113
reference_type
scores
0
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:L/U:Green
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-8113
7
reference_url https://github.com/advisories/GHSA-45rp-q25w-4426
reference_id GHSA-45rp-q25w-4426
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-45rp-q25w-4426
fixed_packages
0
url pkg:pypi/pretix@2024.7.1
purl pkg:pypi/pretix@2024.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bwvg-dag1-euak
1
vulnerability VCID-u5jv-2hhr-t7ej
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2024.7.1
aliases CVE-2024-8113, GHSA-45rp-q25w-4426, PYSEC-2024-180
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ygfz-y22t-3yab
Fixing_vulnerabilities
0
url VCID-kccz-jzea-gqh2
vulnerability_id VCID-kccz-jzea-gqh2
summary An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-44463
reference_id
reference_type
scores
0
value 0.00157
scoring_system epss
scoring_elements 0.36232
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-44463
1
reference_url https://github.com/pretix/pretix
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pretix/pretix
2
reference_url https://github.com/pretix/pretix/commit/ccdce2ccb8207b82501af3c03f50abc0f819b469
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:17:16Z/
url https://github.com/pretix/pretix/commit/ccdce2ccb8207b82501af3c03f50abc0f819b469
3
reference_url https://github.com/pretix/pretix/compare/v2023.7.0...v2023.7.1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:17:16Z/
url https://github.com/pretix/pretix/compare/v2023.7.0...v2023.7.1
4
reference_url https://github.com/pretix/pretix/tags
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:17:16Z/
url https://github.com/pretix/pretix/tags
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pretix/PYSEC-2023-187.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pretix/PYSEC-2023-187.yaml
6
reference_url https://pretix.eu/about/en/blog/20230911-release-2023-7-1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pretix.eu/about/en/blog/20230911-release-2023-7-1
7
reference_url https://pretix.eu/about/en/blog/20230911-release-2023-7-1/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:17:16Z/
url https://pretix.eu/about/en/blog/20230911-release-2023-7-1/
8
reference_url https://pretix.eu/about/en/ticketing
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:17:16Z/
url https://pretix.eu/about/en/ticketing
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-44463
reference_id CVE-2023-44463
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-44463
10
reference_url https://github.com/advisories/GHSA-j9gq-w73w-9h6c
reference_id GHSA-j9gq-w73w-9h6c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j9gq-w73w-9h6c
fixed_packages
0
url pkg:pypi/pretix@2023.7.1
purl pkg:pypi/pretix@2023.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5n41-d77m-hyae
1
vulnerability VCID-bwvg-dag1-euak
2
vulnerability VCID-u5jv-2hhr-t7ej
3
vulnerability VCID-ygfz-y22t-3yab
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2023.7.1
aliases CVE-2023-44463, GHSA-j9gq-w73w-9h6c, PYSEC-2023-187
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kccz-jzea-gqh2
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pretix@2023.7.1