Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/ultralytics@8.3.45
Typepypi
Namespace
Nameultralytics
Version8.3.45
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.3.47
Latest_non_vulnerable_version8.3.47
Affected_by_vulnerabilities
0
url VCID-s5xv-w8ne-nuf3
vulnerability_id VCID-s5xv-w8ne-nuf3
summary 
A number of releases of ultralytics contained malicious crypto miner software.
Ultralytics has identified a supply chain attack
affecting affecting multiple versions of the ultralytics package.
The compromised versions contained unauthorized code that
downloaded and executed cryptocurrency mining software
when instantiating YOLO models.
This code was injected into the PyPI release artifacts and was not present
in the public GitHub repository.
references
0
reference_url https://blog.yossarian.net/2024/12/06/zizmor-ultralytics-injection
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
url https://blog.yossarian.net/2024/12/06/zizmor-ultralytics-injection
1
reference_url https://github.com/ultralytics/ultralytics/issues/18027
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
url https://github.com/ultralytics/ultralytics/issues/18027
2
reference_url https://github.com/ultralytics/ultralytics/pull/18020#issuecomment-2525180194
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
url https://github.com/ultralytics/ultralytics/pull/18020#issuecomment-2525180194
3
reference_url https://github.com/ultralytics/ultralytics/pull/18052
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
url https://github.com/ultralytics/ultralytics/pull/18052
4
reference_url https://github.com/ultralytics/ultralytics/pull/18111
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
url https://github.com/ultralytics/ultralytics/pull/18111
5
reference_url https://github.com/ultralytics/ultralytics/releases/tag/v8.3.48
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
url https://github.com/ultralytics/ultralytics/releases/tag/v8.3.48
6
reference_url https://inspector.pypi.io/project/ultralytics/8.3.41/packages/d0/99/13d92174aa6a470d348a95e31164769f2cdf77838ea3c3e3fd476285777d/ultralytics-8.3.41-py3-none-any.whl/ultralytics/utils/downloads.py#line.284
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
url https://inspector.pypi.io/project/ultralytics/8.3.41/packages/d0/99/13d92174aa6a470d348a95e31164769f2cdf77838ea3c3e3fd476285777d/ultralytics-8.3.41-py3-none-any.whl/ultralytics/utils/downloads.py#line.284
fixed_packages
0
url pkg:pypi/ultralytics@8.3.47
purl pkg:pypi/ultralytics@8.3.47
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ultralytics@8.3.47
aliases PYSEC-2024-154
risk_score 3.9
exploitability 0.5
weighted_severity 7.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s5xv-w8ne-nuf3
Fixing_vulnerabilities
Risk_score3.9
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/ultralytics@8.3.45