Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/squizlabs/php_codesniffer@3.0.1
Typecomposer
Namespacesquizlabs
Namephp_codesniffer
Version3.0.1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.0.0
Latest_non_vulnerable_version3.0.1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-5sk2-ygqs-pbgh
vulnerability_id VCID-5sk2-ygqs-pbgh
summary 
Shell command injection
A properly crafted filename would allow for arbitrary code execution when using the `--filter=gitmodified` command line option
references
0
reference_url https://github.com/squizlabs/PHP_CodeSniffer/commit/7ce7bb942f5667724e81a3ea99e805a30be6c05b
reference_id
reference_type
scores
url https://github.com/squizlabs/PHP_CodeSniffer/commit/7ce7bb942f5667724e81a3ea99e805a30be6c05b
1
reference_url https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.0.1
reference_id
reference_type
scores
url https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.0.1
fixed_packages
0
url pkg:composer/squizlabs/php_codesniffer@3.0.1
purl pkg:composer/squizlabs/php_codesniffer@3.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/squizlabs/php_codesniffer@3.0.1
aliases GMS-2017-132
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5sk2-ygqs-pbgh
1
url VCID-f2su-dgp1-yyas
vulnerability_id VCID-f2su-dgp1-yyas
summary 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
A properly crafted filename would allow for arbitrary code execution when using the `--filter=gitmodified` command line option.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/squizlabs/php_codesniffer/2017-05-18.yaml
reference_id
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/squizlabs/php_codesniffer/2017-05-18.yaml
1
reference_url https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.0.1
reference_id
reference_type
scores
url https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.0.1
2
reference_url https://github.com/advisories/GHSA-3988-h75v-hwf6
reference_id GHSA-3988-h75v-hwf6
reference_type
scores
url https://github.com/advisories/GHSA-3988-h75v-hwf6
fixed_packages
0
url pkg:composer/squizlabs/php_codesniffer@3.0.1
purl pkg:composer/squizlabs/php_codesniffer@3.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/squizlabs/php_codesniffer@3.0.1
aliases GHSA-3988-h75v-hwf6, GMS-2022-513
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f2su-dgp1-yyas
2
url VCID-hjjc-1dse-jqfm
vulnerability_id VCID-hjjc-1dse-jqfm
summary 
Code Injection
Arbitrary shell execution in php_codesniffer.
references
0
reference_url https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.0.1
reference_id
reference_type
scores
url https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.0.1
fixed_packages
0
url pkg:composer/squizlabs/php_codesniffer@3.0.1
purl pkg:composer/squizlabs/php_codesniffer@3.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/squizlabs/php_codesniffer@3.0.1
aliases GMS-2017-345
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hjjc-1dse-jqfm
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/squizlabs/php_codesniffer@3.0.1