Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/pg@2.11.2
Typenpm
Namespace
Namepg
Version2.11.2
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.6.4
Latest_non_vulnerable_version7.1.2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-mu5a-vc5u-z7dv
vulnerability_id VCID-mu5a-vc5u-z7dv
summary 
Remote Code Execution
A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name.
references
0
reference_url https://node-postgres.com/announcements#2017-08-12-code-execution-vulnerability
reference_id
reference_type
scores
url https://node-postgres.com/announcements#2017-08-12-code-execution-vulnerability
fixed_packages
0
url pkg:npm/pg@2.11.2
purl pkg:npm/pg@2.11.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/pg@2.11.2
1
url pkg:npm/pg@3.6.4
purl pkg:npm/pg@3.6.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/pg@3.6.4
2
url pkg:npm/pg@4.5.7
purl pkg:npm/pg@4.5.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/pg@4.5.7
3
url pkg:npm/pg@5.2.1
purl pkg:npm/pg@5.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/pg@5.2.1
4
url pkg:npm/pg@6.0.5
purl pkg:npm/pg@6.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/pg@6.0.5
5
url pkg:npm/pg@6.1.6
purl pkg:npm/pg@6.1.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/pg@6.1.6
6
url pkg:npm/pg@6.2.5
purl pkg:npm/pg@6.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/pg@6.2.5
7
url pkg:npm/pg@6.3.3
purl pkg:npm/pg@6.3.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/pg@6.3.3
8
url pkg:npm/pg@6.4.2
purl pkg:npm/pg@6.4.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/pg@6.4.2
9
url pkg:npm/pg@7.0.2
purl pkg:npm/pg@7.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/pg@7.0.2
10
url pkg:npm/pg@7.1.2
purl pkg:npm/pg@7.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/pg@7.1.2
aliases GMS-2017-178
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mu5a-vc5u-z7dv
1
url VCID-yrg7-471n-d3fg
vulnerability_id VCID-yrg7-471n-d3fg
summary 
Code Injection
A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column name. 2) Connecting to an untrusted database and executing a query which returns results where any of the column names are malicious.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16082
reference_id CVE-2017-16082
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-16082
fixed_packages
0
url pkg:npm/pg@2.11.2
purl pkg:npm/pg@2.11.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/pg@2.11.2
1
url pkg:npm/pg@3.6.4
purl pkg:npm/pg@3.6.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/pg@3.6.4
2
url pkg:npm/pg@4.5.7
purl pkg:npm/pg@4.5.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/pg@4.5.7
3
url pkg:npm/pg@5.2.1
purl pkg:npm/pg@5.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/pg@5.2.1
4
url pkg:npm/pg@6.4.2
purl pkg:npm/pg@6.4.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/pg@6.4.2
5
url pkg:npm/pg@7.1.2
purl pkg:npm/pg@7.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/pg@7.1.2
aliases CVE-2017-16082
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yrg7-471n-d3fg
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/pg@2.11.2