Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/camaleon_cms@2.4.3.11
Typegem
Namespace
Namecamaleon_cms
Version2.4.3.11
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-2fb5-j67a-1qd4
vulnerability_id VCID-2fb5-j67a-1qd4
summary In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25971
reference_id
reference_type
scores
0
value 0.00281
scoring_system epss
scoring_elements 0.51787
published_at 2026-06-11T12:55:00Z
1
value 0.00281
scoring_system epss
scoring_elements 0.51914
published_at 2026-06-14T12:55:00Z
2
value 0.00281
scoring_system epss
scoring_elements 0.51929
published_at 2026-06-13T12:55:00Z
3
value 0.00281
scoring_system epss
scoring_elements 0.51917
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25971
1
reference_url https://github.com/owen2345/camaleon-cms/commit/ab89584ab32b98a0af3d711e3f508a1d048147d2
reference_id ab89584ab32b98a0af3d711e3f508a1d048147d2
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:50:03Z/
url https://github.com/owen2345/camaleon-cms/commit/ab89584ab32b98a0af3d711e3f508a1d048147d2
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25971
reference_id CVE-2021-25971
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25971
3
reference_url https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25971
reference_id CVE-2021-25971
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:50:03Z/
url https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25971
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2021-25971.yml
reference_id CVE-2021-25971.YML
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2021-25971.yml
5
reference_url https://github.com/advisories/GHSA-r2w2-h6r8-3r53
reference_id GHSA-r2w2-h6r8-3r53
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r2w2-h6r8-3r53
fixed_packages
0
url pkg:gem/camaleon_cms@2.6.0.1
purl pkg:gem/camaleon_cms@2.6.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fb5-j67a-1qd4
1
vulnerability VCID-5b2p-u2bg-h7dq
2
vulnerability VCID-5gks-ge3p-tya5
3
vulnerability VCID-6vu4-jbn6-mqh9
4
vulnerability VCID-9pwj-kwvj-rkdf
5
vulnerability VCID-9wt5-cqus-d3bm
6
vulnerability VCID-a557-bzmu-pyes
7
vulnerability VCID-ct7g-eb5v-sbcg
8
vulnerability VCID-jcrg-ej53-zfeg
9
vulnerability VCID-jqb3-jybp-nbfn
10
vulnerability VCID-m6vs-j86s-dud3
11
vulnerability VCID-n9wa-nusj-kba5
12
vulnerability VCID-s4kg-6wpn-fke4
13
vulnerability VCID-tq4s-2hvk-7ydh
14
vulnerability VCID-v1vd-3v7v-8qht
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@2.6.0.1
aliases CVE-2021-25971, GHSA-r2w2-h6r8-3r53
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2fb5-j67a-1qd4
1
url VCID-5b2p-u2bg-h7dq
vulnerability_id VCID-5b2p-u2bg-h7dq
summary Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
references
0
reference_url https://github.com/owen2345/camaleon-cms/commit/b18fbc74f3ecd98a1f781d015f5466ef16b1425b
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/owen2345/camaleon-cms/commit/b18fbc74f3ecd98a1f781d015f5466ef16b1425b
1
reference_url https://github.com/advisories/GHSA-r9cr-qmfw-pmrc
reference_id GHSA-r9cr-qmfw-pmrc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r9cr-qmfw-pmrc
2
reference_url https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-r9cr-qmfw-pmrc
reference_id GHSA-r9cr-qmfw-pmrc
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-r9cr-qmfw-pmrc
fixed_packages
0
url pkg:gem/camaleon_cms@2.8.1
purl pkg:gem/camaleon_cms@2.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5gks-ge3p-tya5
1
vulnerability VCID-6vu4-jbn6-mqh9
2
vulnerability VCID-9wt5-cqus-d3bm
3
vulnerability VCID-jcrg-ej53-zfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@2.8.1
aliases GHSA-r9cr-qmfw-pmrc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5b2p-u2bg-h7dq
2
url VCID-5gks-ge3p-tya5
vulnerability_id VCID-5gks-ge3p-tya5
summary 
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS

When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-2304
reference_id
reference_type
scores
0
value 0.00201
scoring_system epss
scoring_elements 0.42338
published_at 2026-06-13T12:55:00Z
1
value 0.00201
scoring_system epss
scoring_elements 0.42327
published_at 2026-06-14T12:55:00Z
2
value 0.00201
scoring_system epss
scoring_elements 0.42315
published_at 2026-06-12T12:55:00Z
3
value 0.00201
scoring_system epss
scoring_elements 0.4215
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-2304
1
reference_url https://github.com/advisories/GHSA-rp28-mvq3-wf8j
reference_id
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rp28-mvq3-wf8j
2
reference_url https://github.com/owen2345/camaleon-cms/commit/179fd6b1ecf258d3e214aebfa87ac4a322ea4db4
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/owen2345/camaleon-cms/commit/179fd6b1ecf258d3e214aebfa87ac4a322ea4db4
3
reference_url https://github.com/owen2345/camaleon-cms/pull/1109
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/owen2345/camaleon-cms/pull/1109
4
reference_url https://github.com/owen2345/camaleon-cms/releases/tag/2.9.1
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/owen2345/camaleon-cms/releases/tag/2.9.1
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2025-2304.yml
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2025-2304.yml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-2304
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-2304
7
reference_url https://github.com/owen2345/camaleon-cms
reference_id camaleon-cms
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-14T13:38:20Z/
url https://github.com/owen2345/camaleon-cms
8
reference_url https://www.tenable.com/security/research/tra-2025-09
reference_id tra-2025-09
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-14T13:38:20Z/
url https://www.tenable.com/security/research/tra-2025-09
fixed_packages
0
url pkg:gem/camaleon_cms@2.9.1
purl pkg:gem/camaleon_cms@2.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jcrg-ej53-zfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@2.9.1
aliases CVE-2025-2304, GHSA-rp28-mvq3-wf8j
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5gks-ge3p-tya5
3
url VCID-6vu4-jbn6-mqh9
vulnerability_id VCID-6vu4-jbn6-mqh9
summary Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-46986
reference_id
reference_type
scores
0
value 0.92294
scoring_system epss
scoring_elements 0.99738
published_at 2026-06-14T12:55:00Z
1
value 0.92294
scoring_system epss
scoring_elements 0.99736
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-46986
1
reference_url https://github.com/owen2345/camaleon-cms/commit/b3b12b1e4a9e3fccaf5bb4330820fa7f8744e6bd
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/owen2345/camaleon-cms/commit/b3b12b1e4a9e3fccaf5bb4330820fa7f8744e6bd
2
reference_url https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released
reference_id camaleon_cms_281_has_been_released
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-18T19:00:17Z/
url https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-46986
reference_id CVE-2024-46986
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-46986
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2024-46986.yml
reference_id CVE-2024-46986.YML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2024-46986.yml
5
reference_url https://github.com/advisories/GHSA-wmjg-vqhv-q5p5
reference_id GHSA-wmjg-vqhv-q5p5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wmjg-vqhv-q5p5
6
reference_url https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-wmjg-vqhv-q5p5
reference_id GHSA-wmjg-vqhv-q5p5
reference_type
scores
0
value 9.9
scoring_system cvssv3
scoring_elements
1
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
4
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
5
value HIGH
scoring_system generic_textual
scoring_elements
6
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-18T19:00:17Z/
url https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-wmjg-vqhv-q5p5
7
reference_url https://owasp.org/www-community/attacks/Path_Traversal
reference_id Path_Traversal
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-18T19:00:17Z/
url https://owasp.org/www-community/attacks/Path_Traversal
8
reference_url https://codeql.github.com/codeql-query-help/ruby/rb-path-injection
reference_id rb-path-injection
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-18T19:00:17Z/
url https://codeql.github.com/codeql-query-help/ruby/rb-path-injection
fixed_packages
0
url pkg:gem/camaleon_cms@2.8.1
purl pkg:gem/camaleon_cms@2.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5gks-ge3p-tya5
1
vulnerability VCID-6vu4-jbn6-mqh9
2
vulnerability VCID-9wt5-cqus-d3bm
3
vulnerability VCID-jcrg-ej53-zfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@2.8.1
aliases CVE-2024-46986, GHSA-wmjg-vqhv-q5p5
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6vu4-jbn6-mqh9
4
url VCID-9pwj-kwvj-rkdf
vulnerability_id VCID-9pwj-kwvj-rkdf
summary Duplicate Advisory: Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)
references
0
reference_url https://github.com/advisories/GHSA-3hp8-6j24-m5gm
reference_id GHSA-3hp8-6j24-m5gm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3hp8-6j24-m5gm
1
reference_url https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-7x4w-cj9r-h4v9
reference_id GHSA-7x4w-cj9r-h4v9
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-7x4w-cj9r-h4v9
2
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/GHSA-7x4w-cj9r-h4v9.yml
reference_id GHSA-7x4w-cj9r-h4v9.yml
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/GHSA-7x4w-cj9r-h4v9.yml
fixed_packages
0
url pkg:gem/camaleon_cms@2.8.1
purl pkg:gem/camaleon_cms@2.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5gks-ge3p-tya5
1
vulnerability VCID-6vu4-jbn6-mqh9
2
vulnerability VCID-9wt5-cqus-d3bm
3
vulnerability VCID-jcrg-ej53-zfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@2.8.1
aliases GHSA-3hp8-6j24-m5gm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9pwj-kwvj-rkdf
5
url VCID-9wt5-cqus-d3bm
vulnerability_id VCID-9wt5-cqus-d3bm
summary Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
references
0
reference_url https://github.com/advisories/GHSA-75j2-9gmc-m855
reference_id GHSA-75j2-9gmc-m855
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-75j2-9gmc-m855
1
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/GHSA-8fx8-3rg2-79xw.yml
reference_id GHSA-8fx8-3rg2-79xw.yml
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/GHSA-8fx8-3rg2-79xw.yml
2
reference_url https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-r9cr-qmfw-pmrc
reference_id GHSA-r9cr-qmfw-pmrc
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-r9cr-qmfw-pmrc
fixed_packages
0
url pkg:gem/camaleon_cms@2.8.2
purl pkg:gem/camaleon_cms@2.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5gks-ge3p-tya5
1
vulnerability VCID-6vu4-jbn6-mqh9
2
vulnerability VCID-9wt5-cqus-d3bm
3
vulnerability VCID-jcrg-ej53-zfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@2.8.2
aliases GHSA-75j2-9gmc-m855
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9wt5-cqus-d3bm
6
url VCID-a557-bzmu-pyes
vulnerability_id VCID-a557-bzmu-pyes
summary In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows an unauthenticated attacker to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious comment.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25969
reference_id
reference_type
scores
0
value 0.01472
scoring_system epss
scoring_elements 0.81354
published_at 2026-06-11T12:55:00Z
1
value 0.01472
scoring_system epss
scoring_elements 0.81423
published_at 2026-06-13T12:55:00Z
2
value 0.01472
scoring_system epss
scoring_elements 0.81415
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25969
1
reference_url https://github.com/owen2345/camaleon-cms/commit/05506e9087bb05282c0bae6ccfe0283d0332ab3c
reference_id 05506e9087bb05282c0bae6ccfe0283d0332ab3c
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:50:22Z/
url https://github.com/owen2345/camaleon-cms/commit/05506e9087bb05282c0bae6ccfe0283d0332ab3c
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25969
reference_id CVE-2021-25969
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25969
3
reference_url https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25969
reference_id CVE-2021-25969
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:50:22Z/
url https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25969
4
reference_url https://github.com/advisories/GHSA-x78v-4fvj-rg9j
reference_id GHSA-x78v-4fvj-rg9j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x78v-4fvj-rg9j
fixed_packages
0
url pkg:gem/camaleon_cms@2.6.0.1
purl pkg:gem/camaleon_cms@2.6.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fb5-j67a-1qd4
1
vulnerability VCID-5b2p-u2bg-h7dq
2
vulnerability VCID-5gks-ge3p-tya5
3
vulnerability VCID-6vu4-jbn6-mqh9
4
vulnerability VCID-9pwj-kwvj-rkdf
5
vulnerability VCID-9wt5-cqus-d3bm
6
vulnerability VCID-a557-bzmu-pyes
7
vulnerability VCID-ct7g-eb5v-sbcg
8
vulnerability VCID-jcrg-ej53-zfeg
9
vulnerability VCID-jqb3-jybp-nbfn
10
vulnerability VCID-m6vs-j86s-dud3
11
vulnerability VCID-n9wa-nusj-kba5
12
vulnerability VCID-s4kg-6wpn-fke4
13
vulnerability VCID-tq4s-2hvk-7ydh
14
vulnerability VCID-v1vd-3v7v-8qht
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@2.6.0.1
aliases CVE-2021-25969, GHSA-x78v-4fvj-rg9j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a557-bzmu-pyes
7
url VCID-ct7g-eb5v-sbcg
vulnerability_id VCID-ct7g-eb5v-sbcg
summary In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read files stored in the internal server.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25972
reference_id
reference_type
scores
0
value 0.00261
scoring_system epss
scoring_elements 0.49809
published_at 2026-06-11T12:55:00Z
1
value 0.00261
scoring_system epss
scoring_elements 0.4995
published_at 2026-06-14T12:55:00Z
2
value 0.00261
scoring_system epss
scoring_elements 0.49963
published_at 2026-06-13T12:55:00Z
3
value 0.00261
scoring_system epss
scoring_elements 0.49944
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25972
1
reference_url https://github.com/owen2345/camaleon-cms/commit/5a252d537411fdd0127714d66c1d76069dc7e190
reference_id 5a252d537411fdd0127714d66c1d76069dc7e190
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:49:41Z/
url https://github.com/owen2345/camaleon-cms/commit/5a252d537411fdd0127714d66c1d76069dc7e190
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25972
reference_id CVE-2021-25972
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25972
3
reference_url https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25972
reference_id CVE-2021-25972
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:49:41Z/
url https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25972
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2021-25972.yml
reference_id CVE-2021-25972.YML
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2021-25972.yml
5
reference_url https://github.com/advisories/GHSA-vx6p-q4gj-x6xx
reference_id GHSA-vx6p-q4gj-x6xx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vx6p-q4gj-x6xx
fixed_packages
0
url pkg:gem/camaleon_cms@2.6.0.1
purl pkg:gem/camaleon_cms@2.6.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fb5-j67a-1qd4
1
vulnerability VCID-5b2p-u2bg-h7dq
2
vulnerability VCID-5gks-ge3p-tya5
3
vulnerability VCID-6vu4-jbn6-mqh9
4
vulnerability VCID-9pwj-kwvj-rkdf
5
vulnerability VCID-9wt5-cqus-d3bm
6
vulnerability VCID-a557-bzmu-pyes
7
vulnerability VCID-ct7g-eb5v-sbcg
8
vulnerability VCID-jcrg-ej53-zfeg
9
vulnerability VCID-jqb3-jybp-nbfn
10
vulnerability VCID-m6vs-j86s-dud3
11
vulnerability VCID-n9wa-nusj-kba5
12
vulnerability VCID-s4kg-6wpn-fke4
13
vulnerability VCID-tq4s-2hvk-7ydh
14
vulnerability VCID-v1vd-3v7v-8qht
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@2.6.0.1
aliases CVE-2021-25972, GHSA-vx6p-q4gj-x6xx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ct7g-eb5v-sbcg
8
url VCID-jqb3-jybp-nbfn
vulnerability_id VCID-jqb3-jybp-nbfn
summary Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30145
reference_id
reference_type
scores
0
value 0.43461
scoring_system epss
scoring_elements 0.97605
published_at 2026-06-14T12:55:00Z
1
value 0.52816
scoring_system epss
scoring_elements 0.98015
published_at 2026-06-12T12:55:00Z
2
value 0.53275
scoring_system epss
scoring_elements 0.98034
published_at 2026-06-11T12:55:00Z
3
value 0.5347
scoring_system epss
scoring_elements 0.98047
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30145
1
reference_url https://github.com/owen2345/camaleon-cms/commit/4485788c544eb1aae52ca613bd9626129e3df6ee
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/owen2345/camaleon-cms/commit/4485788c544eb1aae52ca613bd9626129e3df6ee
2
reference_url https://github.com/owen2345/camaleon-cms/issues/1052
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/owen2345/camaleon-cms/issues/1052
3
reference_url https://github.com/owen2345/camaleon-cms/releases/tag/2.7.4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/owen2345/camaleon-cms/releases/tag/2.7.4
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2023-30145.yml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2023-30145.yml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30145
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30145
6
reference_url http://packetstormsecurity.com/files/172593/Camaleon-CMS-2.7.0-Server-Side-Template-Injection.html
reference_id Camaleon-CMS-2.7.0-Server-Side-Template-Injection.html
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-16T16:18:04Z/
url http://packetstormsecurity.com/files/172593/Camaleon-CMS-2.7.0-Server-Side-Template-Injection.html
7
reference_url https://github.com/paragbagul111/CVE-2023-30145
reference_id CVE-2023-30145
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-16T16:18:04Z/
url https://github.com/paragbagul111/CVE-2023-30145
8
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/51489.txt
reference_id CVE-2023-30145
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/51489.txt
9
reference_url https://github.com/advisories/GHSA-x487-866m-p8hr
reference_id GHSA-x487-866m-p8hr
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x487-866m-p8hr
10
reference_url https://portswigger.net/research/server-side-template-injection
reference_id server-side-template-injection
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-16T16:18:04Z/
url https://portswigger.net/research/server-side-template-injection
11
reference_url https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection
reference_id ssti-server-side-template-injection
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-16T16:18:04Z/
url https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection
12
reference_url https://drive.google.com/file/d/11MsSYqUnDRFjcwbQKJeL9Q8nWpgVYf2r/view?usp=share_link
reference_id view?usp=share_link
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-16T16:18:04Z/
url https://drive.google.com/file/d/11MsSYqUnDRFjcwbQKJeL9Q8nWpgVYf2r/view?usp=share_link
fixed_packages
0
url pkg:gem/camaleon_cms@2.7.1
purl pkg:gem/camaleon_cms@2.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5b2p-u2bg-h7dq
1
vulnerability VCID-5gks-ge3p-tya5
2
vulnerability VCID-6vu4-jbn6-mqh9
3
vulnerability VCID-9pwj-kwvj-rkdf
4
vulnerability VCID-9wt5-cqus-d3bm
5
vulnerability VCID-jcrg-ej53-zfeg
6
vulnerability VCID-jqb3-jybp-nbfn
7
vulnerability VCID-m6vs-j86s-dud3
8
vulnerability VCID-n9wa-nusj-kba5
9
vulnerability VCID-s4kg-6wpn-fke4
10
vulnerability VCID-v1vd-3v7v-8qht
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@2.7.1
1
url pkg:gem/camaleon_cms@2.7.4
purl pkg:gem/camaleon_cms@2.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5b2p-u2bg-h7dq
1
vulnerability VCID-5gks-ge3p-tya5
2
vulnerability VCID-6vu4-jbn6-mqh9
3
vulnerability VCID-9pwj-kwvj-rkdf
4
vulnerability VCID-9wt5-cqus-d3bm
5
vulnerability VCID-jcrg-ej53-zfeg
6
vulnerability VCID-m6vs-j86s-dud3
7
vulnerability VCID-n9wa-nusj-kba5
8
vulnerability VCID-s4kg-6wpn-fke4
9
vulnerability VCID-v1vd-3v7v-8qht
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@2.7.4
aliases CVE-2023-30145, GHSA-x487-866m-p8hr
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jqb3-jybp-nbfn
9
url VCID-m6vs-j86s-dud3
vulnerability_id VCID-m6vs-j86s-dud3
summary Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)
references
0
reference_url https://github.com/owen2345/camaleon-cms/commit/f5d032549fa0a204d06e738caf2663607967dee2
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/owen2345/camaleon-cms/commit/f5d032549fa0a204d06e738caf2663607967dee2
1
reference_url https://github.com/advisories/GHSA-7x4w-cj9r-h4v9
reference_id GHSA-7x4w-cj9r-h4v9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7x4w-cj9r-h4v9
2
reference_url https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-7x4w-cj9r-h4v9
reference_id GHSA-7x4w-cj9r-h4v9
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-7x4w-cj9r-h4v9
3
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/GHSA-7x4w-cj9r-h4v9.yml
reference_id GHSA-7x4w-cj9r-h4v9.yml
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/GHSA-7x4w-cj9r-h4v9.yml
fixed_packages
0
url pkg:gem/camaleon_cms@2.8.1
purl pkg:gem/camaleon_cms@2.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5gks-ge3p-tya5
1
vulnerability VCID-6vu4-jbn6-mqh9
2
vulnerability VCID-9wt5-cqus-d3bm
3
vulnerability VCID-jcrg-ej53-zfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@2.8.1
aliases GHSA-7x4w-cj9r-h4v9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m6vs-j86s-dud3
10
url VCID-n9wa-nusj-kba5
vulnerability_id VCID-n9wa-nusj-kba5
summary Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-48652
reference_id
reference_type
scores
0
value 0.3484
scoring_system epss
scoring_elements 0.97128
published_at 2026-06-11T12:55:00Z
1
value 0.3484
scoring_system epss
scoring_elements 0.97138
published_at 2026-06-14T12:55:00Z
2
value 0.3484
scoring_system epss
scoring_elements 0.97136
published_at 2026-06-12T12:55:00Z
3
value 0.3484
scoring_system epss
scoring_elements 0.97137
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-48652
1
reference_url https://github.com/paragbagul111/CVE-2024-48652
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/paragbagul111/CVE-2024-48652
2
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2024-48652.yml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2024-48652.yml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-48652
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-48652
4
reference_url https://github.com/paragbagul111/CVE-2024-48652/
reference_id CVE-2024-48652
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-23T15:51:14Z/
url https://github.com/paragbagul111/CVE-2024-48652/
5
reference_url https://github.com/advisories/GHSA-hhxg-rvc9-8726
reference_id GHSA-hhxg-rvc9-8726
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hhxg-rvc9-8726
fixed_packages
0
url pkg:gem/camaleon_cms@2.8.0
purl pkg:gem/camaleon_cms@2.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5b2p-u2bg-h7dq
1
vulnerability VCID-5gks-ge3p-tya5
2
vulnerability VCID-6vu4-jbn6-mqh9
3
vulnerability VCID-9pwj-kwvj-rkdf
4
vulnerability VCID-9wt5-cqus-d3bm
5
vulnerability VCID-jcrg-ej53-zfeg
6
vulnerability VCID-m6vs-j86s-dud3
7
vulnerability VCID-s4kg-6wpn-fke4
8
vulnerability VCID-v1vd-3v7v-8qht
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@2.8.0
aliases CVE-2024-48652, GHSA-hhxg-rvc9-8726
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9wa-nusj-kba5
11
url VCID-s4kg-6wpn-fke4
vulnerability_id VCID-s4kg-6wpn-fke4
summary Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
references
0
reference_url https://github.com/advisories/GHSA-8fx8-3rg2-79xw
reference_id GHSA-8fx8-3rg2-79xw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8fx8-3rg2-79xw
1
reference_url https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-r9cr-qmfw-pmrc
reference_id GHSA-r9cr-qmfw-pmrc
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-r9cr-qmfw-pmrc
2
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/GHSA-r9cr-qmfw-pmrc.yml
reference_id GHSA-r9cr-qmfw-pmrc.yml
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/GHSA-r9cr-qmfw-pmrc.yml
fixed_packages
0
url pkg:gem/camaleon_cms@2.8.1
purl pkg:gem/camaleon_cms@2.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5gks-ge3p-tya5
1
vulnerability VCID-6vu4-jbn6-mqh9
2
vulnerability VCID-9wt5-cqus-d3bm
3
vulnerability VCID-jcrg-ej53-zfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@2.8.1
aliases GHSA-8fx8-3rg2-79xw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s4kg-6wpn-fke4
12
url VCID-tq4s-2hvk-7ydh
vulnerability_id VCID-tq4s-2hvk-7ydh
summary Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25970
reference_id
reference_type
scores
0
value 0.00409
scoring_system epss
scoring_elements 0.61716
published_at 2026-06-11T12:55:00Z
1
value 0.00409
scoring_system epss
scoring_elements 0.61819
published_at 2026-06-14T12:55:00Z
2
value 0.00409
scoring_system epss
scoring_elements 0.61825
published_at 2026-06-13T12:55:00Z
3
value 0.00409
scoring_system epss
scoring_elements 0.61816
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25970
1
reference_url https://github.com/owen2345/camaleon-cms/commit/77e31bc6cdde7c951fba104aebcd5ebb3f02b030
reference_id 77e31bc6cdde7c951fba104aebcd5ebb3f02b030
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-30T15:50:14Z/
url https://github.com/owen2345/camaleon-cms/commit/77e31bc6cdde7c951fba104aebcd5ebb3f02b030
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25970
reference_id CVE-2021-25970
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25970
3
reference_url https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25970
reference_id CVE-2021-25970
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-30T15:50:14Z/
url https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25970
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2021-25970.yml
reference_id CVE-2021-25970.YML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2021-25970.yml
5
reference_url https://github.com/advisories/GHSA-438x-2p9v-g8h9
reference_id GHSA-438x-2p9v-g8h9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-438x-2p9v-g8h9
fixed_packages
0
url pkg:gem/camaleon_cms@2.6.0.1
purl pkg:gem/camaleon_cms@2.6.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fb5-j67a-1qd4
1
vulnerability VCID-5b2p-u2bg-h7dq
2
vulnerability VCID-5gks-ge3p-tya5
3
vulnerability VCID-6vu4-jbn6-mqh9
4
vulnerability VCID-9pwj-kwvj-rkdf
5
vulnerability VCID-9wt5-cqus-d3bm
6
vulnerability VCID-a557-bzmu-pyes
7
vulnerability VCID-ct7g-eb5v-sbcg
8
vulnerability VCID-jcrg-ej53-zfeg
9
vulnerability VCID-jqb3-jybp-nbfn
10
vulnerability VCID-m6vs-j86s-dud3
11
vulnerability VCID-n9wa-nusj-kba5
12
vulnerability VCID-s4kg-6wpn-fke4
13
vulnerability VCID-tq4s-2hvk-7ydh
14
vulnerability VCID-v1vd-3v7v-8qht
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@2.6.0.1
aliases CVE-2021-25970, GHSA-438x-2p9v-g8h9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tq4s-2hvk-7ydh
13
url VCID-v1vd-3v7v-8qht
vulnerability_id VCID-v1vd-3v7v-8qht
summary Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on (depending on the file permissions). This issue may lead to Information Disclosure. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-46987
reference_id
reference_type
scores
0
value 0.37499
scoring_system epss
scoring_elements 0.97289
published_at 2026-06-11T12:55:00Z
1
value 0.37499
scoring_system epss
scoring_elements 0.973
published_at 2026-06-14T12:55:00Z
2
value 0.37499
scoring_system epss
scoring_elements 0.97299
published_at 2026-06-13T12:55:00Z
3
value 0.37499
scoring_system epss
scoring_elements 0.97297
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-46987
1
reference_url https://github.com/owen2345/camaleon-cms/commit/071b1b09d6d61ab02a5960b1ccafd9d9c2155a3e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/owen2345/camaleon-cms/commit/071b1b09d6d61ab02a5960b1ccafd9d9c2155a3e
2
reference_url https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released
reference_id camaleon_cms_281_has_been_released
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T18:57:11Z/
url https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52531.py
reference_id CVE-2024-46987
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52531.py
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-46987
reference_id CVE-2024-46987
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-46987
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2024-46987.yml
reference_id CVE-2024-46987.YML
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2024-46987.yml
6
reference_url https://github.com/advisories/GHSA-cp65-5m9r-vc2c
reference_id GHSA-cp65-5m9r-vc2c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cp65-5m9r-vc2c
7
reference_url https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-cp65-5m9r-vc2c
reference_id GHSA-cp65-5m9r-vc2c
reference_type
scores
0
value 7.7
scoring_system cvssv3
scoring_elements
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
3
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
4
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
5
value HIGH
scoring_system generic_textual
scoring_elements
6
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T18:57:11Z/
url https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-cp65-5m9r-vc2c
8
reference_url https://securitylab.github.com/advisories/GHSL-2024-182_GHSL-2024-186_Camaleon_CMS
reference_id GHSL-2024-182_GHSL-2024-186_Camaleon_CMS
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T18:57:11Z/
url https://securitylab.github.com/advisories/GHSL-2024-182_GHSL-2024-186_Camaleon_CMS
9
reference_url https://owasp.org/www-community/attacks/Path_Traversal
reference_id Path_Traversal
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T18:57:11Z/
url https://owasp.org/www-community/attacks/Path_Traversal
10
reference_url https://codeql.github.com/codeql-query-help/ruby/rb-path-injection
reference_id rb-path-injection
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T18:57:11Z/
url https://codeql.github.com/codeql-query-help/ruby/rb-path-injection
fixed_packages
0
url pkg:gem/camaleon_cms@2.8.1
purl pkg:gem/camaleon_cms@2.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5gks-ge3p-tya5
1
vulnerability VCID-6vu4-jbn6-mqh9
2
vulnerability VCID-9wt5-cqus-d3bm
3
vulnerability VCID-jcrg-ej53-zfeg
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@2.8.1
aliases CVE-2024-46987, GHSA-cp65-5m9r-vc2c
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v1vd-3v7v-8qht
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@2.4.3.11