Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/prestashop/prestashop@1.7.0%2B0
Typecomposer
Namespaceprestashop
Nameprestashop
Version1.7.0+0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.2.4
Latest_non_vulnerable_version9.1.0
Affected_by_vulnerabilities
0
url VCID-ghu1-c6e6-pudm
vulnerability_id VCID-ghu1-c6e6-pudm
summary 
Improper Control of Generation of Code ('Code Injection')
PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-21686
reference_id
reference_type
scores
0
value 0.0051
scoring_system epss
scoring_elements 0.66352
published_at 2026-04-02T12:55:00Z
1
value 0.0051
scoring_system epss
scoring_elements 0.66425
published_at 2026-04-21T12:55:00Z
2
value 0.0051
scoring_system epss
scoring_elements 0.6644
published_at 2026-04-18T12:55:00Z
3
value 0.0051
scoring_system epss
scoring_elements 0.66423
published_at 2026-04-16T12:55:00Z
4
value 0.0051
scoring_system epss
scoring_elements 0.66387
published_at 2026-04-13T12:55:00Z
5
value 0.0051
scoring_system epss
scoring_elements 0.66418
published_at 2026-04-12T12:55:00Z
6
value 0.0051
scoring_system epss
scoring_elements 0.6643
published_at 2026-04-11T12:55:00Z
7
value 0.0051
scoring_system epss
scoring_elements 0.6641
published_at 2026-04-09T12:55:00Z
8
value 0.0051
scoring_system epss
scoring_elements 0.66396
published_at 2026-04-08T12:55:00Z
9
value 0.0051
scoring_system epss
scoring_elements 0.66348
published_at 2026-04-07T12:55:00Z
10
value 0.0051
scoring_system epss
scoring_elements 0.66379
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-21686
1
reference_url https://github.com/PrestaShop/PrestaShop
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop
2
reference_url https://github.com/PrestaShop/PrestaShop/commit/d02b469ec365822e6a9f017e57f588966248bf21
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/commit/d02b469ec365822e6a9f017e57f588966248bf21
3
reference_url https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.3
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.3
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-21686
reference_id CVE-2022-21686
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-21686
5
reference_url https://github.com/advisories/GHSA-mrq4-7ch7-2465
reference_id GHSA-mrq4-7ch7-2465
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mrq4-7ch7-2465
6
reference_url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mrq4-7ch7-2465
reference_id GHSA-mrq4-7ch7-2465
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mrq4-7ch7-2465
fixed_packages
0
url pkg:composer/prestashop/prestashop@1.7.8%2B3
purl pkg:composer/prestashop/prestashop@1.7.8%2B3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8%252B3
1
url pkg:composer/prestashop/prestashop@1.7.8.3
purl pkg:composer/prestashop/prestashop@1.7.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1trs-ajxn-jkhk
1
vulnerability VCID-22v3-9qr1-pyfg
2
vulnerability VCID-2kkx-8ucb-7ucj
3
vulnerability VCID-45hk-m7uv-zqfe
4
vulnerability VCID-7wj5-37ma-hbhg
5
vulnerability VCID-8beq-8rca-mbhd
6
vulnerability VCID-9n6p-8b89-63c6
7
vulnerability VCID-c4g5-t8vx-syax
8
vulnerability VCID-cf1h-m5xj-mfc5
9
vulnerability VCID-ey36-u4qn-gbge
10
vulnerability VCID-f4m9-pgg8-nqa3
11
vulnerability VCID-gggb-dges-qke1
12
vulnerability VCID-htkt-tj6d-hydx
13
vulnerability VCID-keyj-v83x-nkck
14
vulnerability VCID-mb3x-p2d7-gqdx
15
vulnerability VCID-vcuy-9cdj-uyhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8.3
aliases CVE-2022-21686, GHSA-mrq4-7ch7-2465
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ghu1-c6e6-pudm
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.0%252B0