Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/ezsystems/ezplatform@2.5.18
Typecomposer
Namespaceezsystems
Nameezplatform
Version2.5.18
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.0.0-beta1
Latest_non_vulnerable_version3.0.0-beta1
Affected_by_vulnerabilities
0
url VCID-a2s5-4bsk-mugp
vulnerability_id VCID-a2s5-4bsk-mugp
summary 
Any storage file can be downloaded from p.sh if full server path is known
The default configuration for platform.sh (.platform.app.yaml) allows access to uploaded files if you know or can guess their location, regardless of whether roles grant content read access to the content containing those files. If you're using Legacy Bridge, the default configuration also allows access to certain legacy files that should not be readable, including the legacy var directory and extension directories.
references
0
reference_url https://developers.ibexa.co/security-advisories/ibexa-sa-2021-006-storage-and-legacy-files-accessible-if-path-is-known
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://developers.ibexa.co/security-advisories/ibexa-sa-2021-006-storage-and-legacy-files-accessible-if-path-is-known
1
reference_url https://github.com/ezsystems/ezplatform
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform
2
reference_url https://github.com/ezsystems/ezplatform/security/advisories/GHSA-2rh5-jvgx-pgw3
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform/security/advisories/GHSA-2rh5-jvgx-pgw3
3
reference_url https://github.com/advisories/GHSA-2rh5-jvgx-pgw3
reference_id GHSA-2rh5-jvgx-pgw3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2rh5-jvgx-pgw3
fixed_packages
0
url pkg:composer/ezsystems/ezplatform@2.5.24%2B1
purl pkg:composer/ezsystems/ezplatform@2.5.24%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform@2.5.24%252B1
1
url pkg:composer/ezsystems/ezplatform@3.0.0-beta1
purl pkg:composer/ezsystems/ezplatform@3.0.0-beta1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform@3.0.0-beta1
aliases GHSA-2rh5-jvgx-pgw3, GMS-2021-46
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a2s5-4bsk-mugp
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform@2.5.18