Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/safemode@1.3.4

Type gem

Namespace

Name safemode

Version 1.3.4

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-mwhb-gmpc-mbe9

vulnerability_id VCID-mwhb-gmpc-mbe9

summary

Safe mode bypassing
Safemode is vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete-permissions or possibly to privilege escalation.

references

reference_url	https://github.com/svenfuchs/safemode/pull/23
reference_id
reference_type
scores
url	https://github.com/svenfuchs/safemode/pull/23

fixed_packages

url	pkg:gem/safemode@1.3.4
purl	pkg:gem/safemode@1.3.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/safemode@1.3.4

aliases CVE-2017-7540

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mwhb-gmpc-mbe9

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/safemode@1.3.4

Package Instance