Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/zope2@2.11.0

Type pypi

Namespace

Name zope2

Version 2.11.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.11.6

Latest_non_vulnerable_version 2.13.19

Affected_by_vulnerabilities

url VCID-kmk8-jqhn-tuee

vulnerability_id VCID-kmk8-jqhn-tuee

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in Zope  allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.

references

reference_url	http://secunia.com/advisories/38007
reference_id
reference_type
scores
url	http://secunia.com/advisories/38007

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/55599
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/55599

reference_url	https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html
reference_id
reference_type
scores
url	https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html

reference_url	http://www.osvdb.org/61655
reference_id
reference_type
scores
url	http://www.osvdb.org/61655

reference_url	http://www.securityfocus.com/bid/37765
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/37765

reference_url	http://www.vupen.com/english/advisories/2010/0104
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2010/0104

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2010-1104
reference_id	CVE-2010-1104
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2010-1104

reference_url	https://github.com/advisories/GHSA-v7q8-wvvh-c97p
reference_id	GHSA-v7q8-wvvh-c97p
reference_type
scores
url	https://github.com/advisories/GHSA-v7q8-wvvh-c97p

fixed_packages

url	pkg:pypi/zope2@2.11.6
purl	pkg:pypi/zope2@2.11.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.11.6

url pkg:pypi/zope2@2.12.3

purl pkg:pypi/zope2@2.12.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2sk4-yc6h-17c4

vulnerability	VCID-g2ap-vh6r-yqds

vulnerability	VCID-khhr-m295-23gs

vulnerability	VCID-krfw-xa2b-vue5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.12.3

aliases CVE-2010-1104, GHSA-v7q8-wvvh-c97p

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kmk8-jqhn-tuee

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.11.0

Package Instance