Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/drupal/drupal@8.2.2
Typecomposer
Namespacedrupal
Namedrupal
Version8.2.2
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version8.2.3
Latest_non_vulnerable_version10.0.8
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-tbk2-zprq-27c8
vulnerability_id VCID-tbk2-zprq-27c8
summary 
Remote code execution
A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerable to this if you are running a version of Drupal. To be sure you aren’t vulnerable, you can remove the /vendor/phpunit directory from the site root of your production deployments.
references
0
reference_url https://www.drupal.org/SA-2017-001
reference_id
reference_type
scores
url https://www.drupal.org/SA-2017-001
1
reference_url http://www.securityfocus.com/bid/96919
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/96919
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6381
reference_id CVE-2017-6381
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-6381
fixed_packages
0
url pkg:composer/drupal/drupal@8.2.2
purl pkg:composer/drupal/drupal@8.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.2
aliases CVE-2017-6381
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tbk2-zprq-27c8
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.2.2