Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/drupal/drupal@8.2.0
Typecomposer
Namespacedrupal
Namedrupal
Version8.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.2.2
Latest_non_vulnerable_version10.0.8
Affected_by_vulnerabilities
0
url VCID-ks17-b29e-73au
vulnerability_id VCID-ks17-b29e-73au
summary 
Access Bypass
This is a critical access bypass vulnerability in Drupal.
references
0
reference_url https://groups.drupal.org/node/516645
reference_id
reference_type
scores
url https://groups.drupal.org/node/516645
1
reference_url https://www.drupal.org/SA-CORE-2017-002
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2017-002
2
reference_url http://www.securityfocus.com/bid/97941
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/97941
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6919
reference_id CVE-2017-6919
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-6919
fixed_packages
0
url pkg:composer/drupal/drupal@8.2.8
purl pkg:composer/drupal/drupal@8.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.8
1
url pkg:composer/drupal/drupal@8.3.1
purl pkg:composer/drupal/drupal@8.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.3.1
aliases CVE-2017-6919
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ks17-b29e-73au
1
url VCID-nwdx-mgsc-s3f3
vulnerability_id VCID-nwdx-mgsc-s3f3
summary 
Cross Site Request Forgery
Some administrative paths did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
references
0
reference_url https://www.drupal.org/SA-2017-001
reference_id
reference_type
scores
url https://www.drupal.org/SA-2017-001
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6379
reference_id CVE-2017-6379
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-6379
fixed_packages
0
url pkg:composer/drupal/drupal@8.2.7
purl pkg:composer/drupal/drupal@8.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ks17-b29e-73au
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.7
aliases CVE-2017-6379
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nwdx-mgsc-s3f3
2
url VCID-tbk2-zprq-27c8
vulnerability_id VCID-tbk2-zprq-27c8
summary 
Remote code execution
A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerable to this if you are running a version of Drupal. To be sure you aren’t vulnerable, you can remove the /vendor/phpunit directory from the site root of your production deployments.
references
0
reference_url https://www.drupal.org/SA-2017-001
reference_id
reference_type
scores
url https://www.drupal.org/SA-2017-001
1
reference_url http://www.securityfocus.com/bid/96919
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/96919
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6381
reference_id CVE-2017-6381
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-6381
fixed_packages
0
url pkg:composer/drupal/drupal@8.2.2
purl pkg:composer/drupal/drupal@8.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.2
aliases CVE-2017-6381
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tbk2-zprq-27c8
3
url VCID-uvmv-j9kx-jfeq
vulnerability_id VCID-uvmv-j9kx-jfeq
summary 
Access Bypass
When adding a private file via the editor in Drupal, the editor will not correctly check access for the file being attached, resulting in an access bypass.
references
0
reference_url https://www.drupal.org/SA-2017-001
reference_id
reference_type
scores
url https://www.drupal.org/SA-2017-001
1
reference_url http://www.securityfocus.com/bid/96919
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/96919
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6377
reference_id CVE-2017-6377
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-6377
fixed_packages
0
url pkg:composer/drupal/drupal@8.2.7
purl pkg:composer/drupal/drupal@8.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ks17-b29e-73au
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.7
aliases CVE-2017-6377
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uvmv-j9kx-jfeq
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.0