Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/lektor@3.2.1
Typepypi
Namespace
Namelektor
Version3.2.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.3.11
Latest_non_vulnerable_version3.4.0b11
Affected_by_vulnerabilities
0
url VCID-7468-syfj-gkgg
vulnerability_id VCID-7468-syfj-gkgg
summary Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is running on the same machine as the "lektor server" command.
references
0
reference_url https://brave.com/privacy-updates/27-localhost-permission
reference_id
reference_type
scores
url https://brave.com/privacy-updates/27-localhost-permission
1
reference_url https://brave.com/privacy-updates/27-localhost-permission/
reference_id
reference_type
scores
url https://brave.com/privacy-updates/27-localhost-permission/
2
reference_url https://cxsecurity.com/issue/WLB-2024030043
reference_id
reference_type
scores
url https://cxsecurity.com/issue/WLB-2024030043
3
reference_url https://getlektor.com/docs/quickstart
reference_id
reference_type
scores
url https://getlektor.com/docs/quickstart
4
reference_url https://github.com/lektor/lektor/commit/7393d87bd354e43120937789956175064e4610a0
reference_id
reference_type
scores
url https://github.com/lektor/lektor/commit/7393d87bd354e43120937789956175064e4610a0
5
reference_url https://github.com/lektor/lektor/pull/1179/commits/8f38b9713d152622b69ff5e3b1e6a0d7bb7fa800
reference_id
reference_type
scores
url https://github.com/lektor/lektor/pull/1179/commits/8f38b9713d152622b69ff5e3b1e6a0d7bb7fa800
6
reference_url https://github.com/lektor/lektor/releases/tag/v3.3.11
reference_id
reference_type
scores
url https://github.com/lektor/lektor/releases/tag/v3.3.11
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/lektor/PYSEC-2024-49.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/lektor/PYSEC-2024-49.yaml
8
reference_url https://packetstormsecurity.com/files/177708/Lektor-Static-CMS-3.3.10-Arbitrary-File-Upload-Remote-Code-Execution.html
reference_id
reference_type
scores
url https://packetstormsecurity.com/files/177708/Lektor-Static-CMS-3.3.10-Arbitrary-File-Upload-Remote-Code-Execution.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28335
reference_id CVE-2024-28335
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-28335
10
reference_url https://github.com/advisories/GHSA-wv28-7fpw-fj49
reference_id GHSA-wv28-7fpw-fj49
reference_type
scores
url https://github.com/advisories/GHSA-wv28-7fpw-fj49
fixed_packages
0
url pkg:pypi/lektor@3.3.11
purl pkg:pypi/lektor@3.3.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/lektor@3.3.11
1
url pkg:pypi/lektor@3.4.0b11
purl pkg:pypi/lektor@3.4.0b11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/lektor@3.4.0b11
aliases CVE-2024-28335, GHSA-wv28-7fpw-fj49, PYSEC-2024-49
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7468-syfj-gkgg
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/lektor@3.2.1