Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/f2e-server@1.9.10

Type npm

Namespace

Name f2e-server

Version 1.9.10

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.12.12

Latest_non_vulnerable_version 1.12.12

Affected_by_vulnerabilities

url VCID-mvgp-v4sp-sfh6

vulnerability_id VCID-mvgp-v4sp-sfh6

summary Directory Traversal in f2e-server

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-16038

reference_id

reference_type

scores

value	0.00862
scoring_system	epss
scoring_elements	0.75511
published_at	2026-06-11T12:55:00Z

value	0.00862
scoring_system	epss
scoring_elements	0.75582
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-16038

reference_url

https://github.com/shy2850/node-server

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/shy2850/node-server

reference_url

https://github.com/shy2850/node-server/issues/10

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/shy2850/node-server/issues/10

reference_url

https://github.com/shy2850/node-server/pull/12/files

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/shy2850/node-server/pull/12/files

reference_url

https://www.npmjs.com/advisories/346

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/advisories/346

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-16038

reference_id

CVE-2017-16038

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-16038

reference_url

https://github.com/advisories/GHSA-g7j3-p357-cw8p

reference_id

GHSA-g7j3-p357-cw8p

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-g7j3-p357-cw8p

fixed_packages

url	pkg:npm/f2e-server@1.12.12
purl	pkg:npm/f2e-server@1.12.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/f2e-server@1.12.12

aliases CVE-2017-16038, GHSA-g7j3-p357-cw8p

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mvgp-v4sp-sfh6

url VCID-y95v-cv6a-uqcm

vulnerability_id VCID-y95v-cv6a-uqcm

summary

Directory Traversal
f2e-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. This is compounded by f2e-server requiring elevated privileges to run.

references

reference_url	https://github.com/shy2850/node-server/issues/10
reference_id
reference_type
scores
url	https://github.com/shy2850/node-server/issues/10

reference_url	https://github.com/shy2850/node-server/pull/12
reference_id
reference_type
scores
url	https://github.com/shy2850/node-server/pull/12

fixed_packages

url	pkg:npm/f2e-server@1.12.12
purl	pkg:npm/f2e-server@1.12.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/f2e-server@1.12.12

aliases GMS-2017-138

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y95v-cv6a-uqcm

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/f2e-server@1.9.10

Package Instance