Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/remarshal@0.11.2
Typepypi
Namespace
Nameremarshal
Version0.11.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.17.1
Latest_non_vulnerable_version0.17.1
Affected_by_vulnerabilities
0
url VCID-xsxy-eu7e-k3cq
vulnerability_id VCID-xsxy-eu7e-k3cq
summary Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition.
references
0
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/remarshal/PYSEC-2023-236.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/remarshal/PYSEC-2023-236.yaml
1
reference_url https://github.com/remarshal-project/remarshal
reference_id
reference_type
scores
url https://github.com/remarshal-project/remarshal
2
reference_url https://github.com/remarshal-project/remarshal/commit/fd6ac799a02f533c3fc243b49cdd6d21aa7ee494
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/remarshal-project/remarshal/commit/fd6ac799a02f533c3fc243b49cdd6d21aa7ee494
3
reference_url https://github.com/remarshal-project/remarshal/releases/tag/v0.17.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/remarshal-project/remarshal/releases/tag/v0.17.1
4
reference_url https://jvn.jp/en/jp/JVN86156389
reference_id
reference_type
scores
url https://jvn.jp/en/jp/JVN86156389
5
reference_url https://jvn.jp/en/jp/JVN86156389/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://jvn.jp/en/jp/JVN86156389/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-47163
reference_id CVE-2023-47163
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-47163
7
reference_url https://github.com/advisories/GHSA-gw7g-qr8w-3448
reference_id GHSA-gw7g-qr8w-3448
reference_type
scores
url https://github.com/advisories/GHSA-gw7g-qr8w-3448
fixed_packages
0
url pkg:pypi/remarshal@0.17.1
purl pkg:pypi/remarshal@0.17.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/remarshal@0.17.1
aliases CVE-2023-47163, GHSA-gw7g-qr8w-3448, PYSEC-2023-236
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xsxy-eu7e-k3cq
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/remarshal@0.11.2