Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.orientechnologies/orientdb-studio@2.1.0

Type maven

Namespace com.orientechnologies

Name orientdb-studio

Version 2.1.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.1.1

Latest_non_vulnerable_version 2.1.1

Affected_by_vulnerabilities

url VCID-m9dw-fhtn-dffn

vulnerability_id VCID-m9dw-fhtn-dffn

summary

Improper Input Validation
The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

references

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2015-2918
reference_id	CVE-2015-2918
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2015-2918

reference_url	https://github.com/advisories/GHSA-g4gg-9f62-jfph
reference_id	GHSA-g4gg-9f62-jfph
reference_type
scores
url	https://github.com/advisories/GHSA-g4gg-9f62-jfph

fixed_packages

url	pkg:maven/com.orientechnologies/orientdb-studio@2.1.1
purl	pkg:maven/com.orientechnologies/orientdb-studio@2.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.orientechnologies/orientdb-studio@2.1.1

aliases CVE-2015-2918, GHSA-g4gg-9f62-jfph

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m9dw-fhtn-dffn

url VCID-xs9z-avgh-t3by

vulnerability_id VCID-xs9z-avgh-t3by

summary

Cross-Site Request Forgery (CSRF)
The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request.

references

reference_url	https://github.com/orientechnologies/orientdb/issues/4824
reference_id
reference_type
scores
url	https://github.com/orientechnologies/orientdb/issues/4824

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2015-2912
reference_id	CVE-2015-2912
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2015-2912

reference_url	https://github.com/advisories/GHSA-p8ww-vv84-c2rm
reference_id	GHSA-p8ww-vv84-c2rm
reference_type
scores
url	https://github.com/advisories/GHSA-p8ww-vv84-c2rm

fixed_packages

url	pkg:maven/com.orientechnologies/orientdb-studio@2.1.1
purl	pkg:maven/com.orientechnologies/orientdb-studio@2.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.orientechnologies/orientdb-studio@2.1.1

aliases CVE-2015-2912, GHSA-p8ww-vv84-c2rm

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xs9z-avgh-t3by

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.orientechnologies/orientdb-studio@2.1.0

Package Instance