Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/camaleon_cms@2.6.0.1
Typegem
Namespace
Namecamaleon_cms
Version2.6.0.1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.4.1
Latest_non_vulnerable_version2.7.1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-6xw2-ykvp-4qaw
vulnerability_id VCID-6xw2-ykvp-4qaw
summary 
Insufficient Session Expiration
Camaleon CMS to doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25970
reference_id CVE-2021-25970
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-25970
fixed_packages
0
url pkg:gem/camaleon_cms@2.6.0.1
purl pkg:gem/camaleon_cms@2.6.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@2.6.0.1
aliases CVE-2021-25970
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6xw2-ykvp-4qaw
1
url VCID-9jsa-k6th-dubb
vulnerability_id VCID-9jsa-k6th-dubb
summary In Camaleon CMS to, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read files stored in the internal server.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25972
reference_id CVE-2021-25972
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-25972
fixed_packages
0
url pkg:gem/camaleon_cms@2.6.0.1
purl pkg:gem/camaleon_cms@2.6.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@2.6.0.1
aliases CVE-2021-25972
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9jsa-k6th-dubb
2
url VCID-b2rx-y3hz-63dx
vulnerability_id VCID-b2rx-y3hz-63dx
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In “Camaleon CMS” application to are vulnerable to stored XSS, that allows unprivileged application users to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious comment.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25969
reference_id CVE-2021-25969
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-25969
fixed_packages
0
url pkg:gem/camaleon_cms@2.6.0.1
purl pkg:gem/camaleon_cms@2.6.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@2.6.0.1
aliases CVE-2021-25969
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b2rx-y3hz-63dx
3
url VCID-jwkf-ess3-9kgr
vulnerability_id VCID-jwkf-ess3-9kgr
summary 
Unchecked Error Condition
Camaleon CMS is vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted `.svg` file
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25971
reference_id CVE-2021-25971
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-25971
fixed_packages
0
url pkg:gem/camaleon_cms@2.6.0.1
purl pkg:gem/camaleon_cms@2.6.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@2.6.0.1
aliases CVE-2021-25971
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jwkf-ess3-9kgr
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@2.6.0.1