Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/drupal/core@8.1.0
Typecomposer
Namespacedrupal
Namecore
Version8.1.0
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version8.1.10
Latest_non_vulnerable_version11.2.8
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-asm8-guag-b3ep
vulnerability_id VCID-asm8-guag-b3ep
summary 
Information Exposure
The Views module in Drupal and the Views module might allow remote authenticated users to bypass intended access restrictions and obtain sensitive Statistics information via unspecified vectors.
references
0
reference_url https://www.drupal.org/SA-CORE-2016-002
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2016-002
fixed_packages
0
url pkg:composer/drupal/core@8.1.0
purl pkg:composer/drupal/core@8.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.1.0
aliases CVE-2016-6212
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-asm8-guag-b3ep
1
url VCID-ay6b-1a7z-qkas
vulnerability_id VCID-ay6b-1a7z-qkas
summary 
Saving user accounts can sometimes grant the user all roles
The User module in Drupal allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.
references
0
reference_url https://www.drupal.org/SA-CORE-2016-002
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2016-002
fixed_packages
0
url pkg:composer/drupal/core@8.1.0
purl pkg:composer/drupal/core@8.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.1.0
aliases CVE-2016-6211
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ay6b-1a7z-qkas
2
url VCID-bq2j-t19h-zyad
vulnerability_id VCID-bq2j-t19h-zyad
summary 
Improper Access Control
PHP does not attempt to address RFC section namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the `HTTP_PROXY` environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an `httpoxy` issue.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2016-1609.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-1609.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2016-1610.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-1610.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2016-1611.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-1611.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2016-1612.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-1612.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2016-1613.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-1613.html
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1353794
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1353794
7
reference_url https://github.com/amphp/artax/commit/81254742812a5a9adf4b085f543f3f21daedcd97
reference_id
reference_type
scores
url https://github.com/amphp/artax/commit/81254742812a5a9adf4b085f543f3f21daedcd97
8
reference_url https://github.com/amphp/artax/commit/b60cf493c9e577a3678865f620b1eb61ab3d7ca9
reference_id
reference_type
scores
url https://github.com/amphp/artax/commit/b60cf493c9e577a3678865f620b1eb61ab3d7ca9
9
reference_url https://github.com/bugsnag/bugsnag-laravel/pull/143
reference_id
reference_type
scores
url https://github.com/bugsnag/bugsnag-laravel/pull/143
10
reference_url https://github.com/bugsnag/bugsnag-laravel/pull/145
reference_id
reference_type
scores
url https://github.com/bugsnag/bugsnag-laravel/pull/145
11
reference_url https://github.com/bugsnag/bugsnag-laravel/releases/tag/v2.0.2
reference_id
reference_type
scores
url https://github.com/bugsnag/bugsnag-laravel/releases/tag/v2.0.2
12
reference_url https://github.com/guzzle/guzzle/blob/4.x/CHANGELOG.md#424-2016-07-18
reference_id
reference_type
scores
url https://github.com/guzzle/guzzle/blob/4.x/CHANGELOG.md#424-2016-07-18
13
reference_url https://github.com/guzzle/guzzle/blob/5.3/CHANGELOG.md#531---2016-07-18
reference_id
reference_type
scores
url https://github.com/guzzle/guzzle/blob/5.3/CHANGELOG.md#531---2016-07-18
14
reference_url https://github.com/guzzle/guzzle/blob/master/CHANGELOG.md#622---2016-10-08
reference_id
reference_type
scores
url https://github.com/guzzle/guzzle/blob/master/CHANGELOG.md#622---2016-10-08
15
reference_url https://github.com/guzzle/guzzle/releases/tag/6.2.1
reference_id
reference_type
scores
url https://github.com/guzzle/guzzle/releases/tag/6.2.1
16
reference_url https://github.com/humbug/file_get_contents/pull/23
reference_id
reference_type
scores
url https://github.com/humbug/file_get_contents/pull/23
17
reference_url https://github.com/humbug/file_get_contents/pull/23/commits/848e8c282a863654e76bd958acfb57c81cb739b5
reference_id
reference_type
scores
url https://github.com/humbug/file_get_contents/pull/23/commits/848e8c282a863654e76bd958acfb57c81cb739b5
18
reference_url https://github.com/humbug/file_get_contents/releases/tag/1.1.2
reference_id
reference_type
scores
url https://github.com/humbug/file_get_contents/releases/tag/1.1.2
19
reference_url https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us
reference_id
reference_type
scores
url https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us
20
reference_url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
reference_id
reference_type
scores
url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
21
reference_url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297
reference_id
reference_type
scores
url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297
22
reference_url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
reference_id
reference_type
scores
url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
23
reference_url https://httpoxy.org/
reference_id
reference_type
scores
url https://httpoxy.org/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/
26
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/
27
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/
29
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/
30
reference_url https://security.gentoo.org/glsa/201611-22
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/201611-22
31
reference_url https://twitter.com/asyncphp/status/755136084917583872
reference_id
reference_type
scores
url https://twitter.com/asyncphp/status/755136084917583872
32
reference_url https://typo3.org/security/advisory/typo3-core-sa-2016-019
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2016-019
33
reference_url https://www.drupal.org/SA-CORE-2016-003
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2016-003
34
reference_url http://www.debian.org/security/2016/dsa-3631
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3631
35
reference_url http://www.kb.cert.org/vuls/id/797896
reference_id
reference_type
scores
url http://www.kb.cert.org/vuls/id/797896
36
reference_url http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
37
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
38
reference_url http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
39
reference_url http://www.securityfocus.com/bid/91821
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/91821
40
reference_url http://www.securitytracker.com/id/1036335
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1036335
41
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-5385
reference_id CVE-2016-5385
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-5385
42
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/artax/CVE-2016-5385.yaml
reference_id CVE-2016-5385.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/artax/CVE-2016-5385.yaml
43
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/bugsnag/bugsnag-laravel/CVE-2016-5385.yaml
reference_id CVE-2016-5385.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/bugsnag/bugsnag-laravel/CVE-2016-5385.yaml
44
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-5385.yaml
reference_id CVE-2016-5385.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-5385.yaml
45
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-5385.yaml
reference_id CVE-2016-5385.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-5385.yaml
46
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2016-5385.yaml
reference_id CVE-2016-5385.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2016-5385.yaml
47
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/padraic/humbug_get_contents/CVE-2016-5385.yaml
reference_id CVE-2016-5385.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/padraic/humbug_get_contents/CVE-2016-5385.yaml
48
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2016-5385.yaml
reference_id CVE-2016-5385.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2016-5385.yaml
49
reference_url https://github.com/advisories/GHSA-m6ch-gg5f-wxx3
reference_id GHSA-m6ch-gg5f-wxx3
reference_type
scores
url https://github.com/advisories/GHSA-m6ch-gg5f-wxx3
fixed_packages
0
url pkg:composer/drupal/core@8.1.0
purl pkg:composer/drupal/core@8.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.1.0
aliases CVE-2016-5385, GHSA-m6ch-gg5f-wxx3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bq2j-t19h-zyad
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.1.0