Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/amphp/artax@2.0.4

Type composer

Namespace amphp

Name artax

Version 2.0.4

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.0.6

Latest_non_vulnerable_version 2.0.6

Affected_by_vulnerabilities

url VCID-6pq5-ehf4-cuau

vulnerability_id VCID-6pq5-ehf4-cuau

summary

amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance
In artax version before 1.0.6 and 2 before 2.0.6, cookies of `foo.bar.example.com` were leaked to `foo.bar`. Additionally, any site could set cookies for any other site.
Artax fixed this issue by following newer browser implementations now. Cookies can only be set on domains higher or equal to the current domain, but not on any public suffixes.

references

reference_url

https://github.com/amphp/artax

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/amphp/artax

reference_url

https://github.com/amphp/artax/commit/25668b891d2bced567bd69611c7d18b6a93d5fc4

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/amphp/artax/commit/25668b891d2bced567bd69611c7d18b6a93d5fc4

reference_url

https://github.com/amphp/artax/commit/accdadaf78f7a43305c3a97d6a964bbc550a555d

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/amphp/artax/commit/accdadaf78f7a43305c3a97d6a964bbc550a555d

reference_url

https://github.com/amphp/artax/releases/tag/v2.0.6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/amphp/artax/releases/tag/v2.0.6

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/artax/2017-05-09.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/artax/2017-05-09.yaml

reference_url

https://github.com/advisories/GHSA-gm98-g2wf-7c68

reference_id

GHSA-gm98-g2wf-7c68

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gm98-g2wf-7c68

fixed_packages

url	pkg:composer/amphp/artax@2.0.6
purl	pkg:composer/amphp/artax@2.0.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.6

aliases GHSA-gm98-g2wf-7c68

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6pq5-ehf4-cuau

url VCID-ksam-dbjr-8ugw

vulnerability_id VCID-ksam-dbjr-8ugw

summary

Cookie leakage, non-restricted cookie acceptance
Cookies of `foo.bar.example.com` are leaked to foo.bar. Additionally, any site can set cookies for any other site.

references

reference_url	https://github.com/amphp/artax/releases/tag/v2.0.6
reference_id
reference_type
scores
url	https://github.com/amphp/artax/releases/tag/v2.0.6

fixed_packages

url	pkg:composer/amphp/artax@2.0.6
purl	pkg:composer/amphp/artax@2.0.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.6

aliases GMS-2017-131

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ksam-dbjr-8ugw

url VCID-yb95-bbrp-n7da

vulnerability_id VCID-yb95-bbrp-n7da

summary Cookie leakage to wrong origins and non-restricted cookie acceptance

references

reference_url	https://github.com/amphp/artax/releases/tag/v2.0.6
reference_id
reference_type
scores
url	https://github.com/amphp/artax/releases/tag/v2.0.6

fixed_packages

url	pkg:composer/amphp/artax@2.0.6
purl	pkg:composer/amphp/artax@2.0.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.6

aliases GMS-2017-335

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yb95-bbrp-n7da

Fixing_vulnerabilities

url VCID-bq2j-t19h-zyad

vulnerability_id VCID-bq2j-t19h-zyad

summary

Improper Access Control
PHP does not attempt to address RFC section namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the `HTTP_PROXY` environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an `httpoxy` issue.

references

reference_url	http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1609.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1609.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1610.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1610.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1611.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1611.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1612.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1612.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1613.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1613.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5385.json

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5385.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-5385

reference_id

reference_type

scores

value	0.83504
scoring_system	epss
scoring_elements	0.99296
published_at	2026-06-04T12:55:00Z

value	0.83504
scoring_system	epss
scoring_elements	0.99297
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-5385

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1353794
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1353794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5399
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5399

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6289
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6289

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6290
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6290

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6292
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6292

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6294
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6294

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6295
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6295

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6296
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6296

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6297
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6297

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/amphp/artax/commit/81254742812a5a9adf4b085f543f3f21daedcd97
reference_id
reference_type
scores
url	https://github.com/amphp/artax/commit/81254742812a5a9adf4b085f543f3f21daedcd97

reference_url	https://github.com/amphp/artax/commit/b60cf493c9e577a3678865f620b1eb61ab3d7ca9
reference_id
reference_type
scores
url	https://github.com/amphp/artax/commit/b60cf493c9e577a3678865f620b1eb61ab3d7ca9

reference_url	https://github.com/bugsnag/bugsnag-laravel/pull/143
reference_id
reference_type
scores
url	https://github.com/bugsnag/bugsnag-laravel/pull/143

reference_url	https://github.com/bugsnag/bugsnag-laravel/pull/145
reference_id
reference_type
scores
url	https://github.com/bugsnag/bugsnag-laravel/pull/145

reference_url	https://github.com/bugsnag/bugsnag-laravel/releases/tag/v2.0.2
reference_id
reference_type
scores
url	https://github.com/bugsnag/bugsnag-laravel/releases/tag/v2.0.2

reference_url	https://github.com/guzzle/guzzle/blob/4.x/CHANGELOG.md#424-2016-07-18
reference_id
reference_type
scores
url	https://github.com/guzzle/guzzle/blob/4.x/CHANGELOG.md#424-2016-07-18

reference_url	https://github.com/guzzle/guzzle/blob/5.3/CHANGELOG.md#531---2016-07-18
reference_id
reference_type
scores
url	https://github.com/guzzle/guzzle/blob/5.3/CHANGELOG.md#531---2016-07-18

reference_url	https://github.com/guzzle/guzzle/blob/master/CHANGELOG.md#622---2016-10-08
reference_id
reference_type
scores
url	https://github.com/guzzle/guzzle/blob/master/CHANGELOG.md#622---2016-10-08

reference_url	https://github.com/guzzle/guzzle/releases/tag/6.2.1
reference_id
reference_type
scores
url	https://github.com/guzzle/guzzle/releases/tag/6.2.1

reference_url	https://github.com/humbug/file_get_contents/pull/23
reference_id
reference_type
scores
url	https://github.com/humbug/file_get_contents/pull/23

reference_url	https://github.com/humbug/file_get_contents/pull/23/commits/848e8c282a863654e76bd958acfb57c81cb739b5
reference_id
reference_type
scores
url	https://github.com/humbug/file_get_contents/pull/23/commits/848e8c282a863654e76bd958acfb57c81cb739b5

reference_url	https://github.com/humbug/file_get_contents/releases/tag/1.1.2
reference_id
reference_type
scores
url	https://github.com/humbug/file_get_contents/releases/tag/1.1.2

reference_url	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

reference_url	https://httpoxy.org/
reference_id
reference_type
scores
url	https://httpoxy.org/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/

reference_url	https://security.gentoo.org/glsa/201611-22
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201611-22

reference_url	https://twitter.com/asyncphp/status/755136084917583872
reference_id
reference_type
scores
url	https://twitter.com/asyncphp/status/755136084917583872

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2016-019
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2016-019

reference_url	https://www.drupal.org/SA-CORE-2016-003
reference_id
reference_type
scores
url	https://www.drupal.org/SA-CORE-2016-003

reference_url	http://www.debian.org/security/2016/dsa-3631
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3631

reference_url	http://www.kb.cert.org/vuls/id/797896
reference_id
reference_type
scores
url	http://www.kb.cert.org/vuls/id/797896

reference_url	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

reference_url	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

reference_url	http://www.securityfocus.com/bid/91821
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/91821

reference_url	http://www.securitytracker.com/id/1036335
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1036335

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-5385
reference_id	CVE-2016-5385
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-5385

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/artax/CVE-2016-5385.yaml
reference_id	CVE-2016-5385.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/artax/CVE-2016-5385.yaml

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/bugsnag/bugsnag-laravel/CVE-2016-5385.yaml
reference_id	CVE-2016-5385.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/bugsnag/bugsnag-laravel/CVE-2016-5385.yaml

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-5385.yaml
reference_id	CVE-2016-5385.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-5385.yaml

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-5385.yaml
reference_id	CVE-2016-5385.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-5385.yaml

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2016-5385.yaml
reference_id	CVE-2016-5385.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2016-5385.yaml

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/padraic/humbug_get_contents/CVE-2016-5385.yaml
reference_id	CVE-2016-5385.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/padraic/humbug_get_contents/CVE-2016-5385.yaml

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2016-5385.yaml
reference_id	CVE-2016-5385.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2016-5385.yaml

reference_url

https://github.com/advisories/GHSA-m6ch-gg5f-wxx3

reference_id

GHSA-m6ch-gg5f-wxx3

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m6ch-gg5f-wxx3

reference_url	https://access.redhat.com/errata/RHSA-2016:1609
reference_id	RHSA-2016:1609
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1609

reference_url	https://access.redhat.com/errata/RHSA-2016:1610
reference_id	RHSA-2016:1610
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1610

reference_url	https://access.redhat.com/errata/RHSA-2016:1611
reference_id	RHSA-2016:1611
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1611

reference_url	https://access.redhat.com/errata/RHSA-2016:1612
reference_id	RHSA-2016:1612
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1612

reference_url	https://access.redhat.com/errata/RHSA-2016:1613
reference_id	RHSA-2016:1613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1613

reference_url	https://usn.ubuntu.com/3045-1/
reference_id	USN-3045-1
reference_type
scores
url	https://usn.ubuntu.com/3045-1/

fixed_packages

url pkg:composer/amphp/artax@1.0.4

purl pkg:composer/amphp/artax@1.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6pq5-ehf4-cuau

vulnerability	VCID-ksam-dbjr-8ugw

vulnerability	VCID-yb95-bbrp-n7da

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.4

url pkg:composer/amphp/artax@2.0.4

purl pkg:composer/amphp/artax@2.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6pq5-ehf4-cuau

vulnerability	VCID-ksam-dbjr-8ugw

vulnerability	VCID-yb95-bbrp-n7da

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.4

aliases CVE-2016-5385, GHSA-m6ch-gg5f-wxx3

risk_score 9.0

exploitability 2.0

weighted_severity 4.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bq2j-t19h-zyad

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.4

Package Instance