Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/api-platform/core@2.3.0

Type composer

Namespace api-platform

Name core

Version 2.3.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.3.6

Latest_non_vulnerable_version 3.1.3

Affected_by_vulnerabilities

url VCID-72bs-vj98-bkbv

vulnerability_id VCID-72bs-vj98-bkbv

summary

Improper Access Control
API Platform contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the user must be authorized.

references

reference_url	https://github.com/api-platform/core/pull/2441
reference_id
reference_type
scores
url	https://github.com/api-platform/core/pull/2441

fixed_packages

url	pkg:composer/api-platform/core@2.3.6
purl	pkg:composer/api-platform/core@2.3.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/api-platform/core@2.3.6

aliases CVE-2019-1000011

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-72bs-vj98-bkbv

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/api-platform/core@2.3.0

Package Instance