Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/oro/crm@4.2.0
Typecomposer
Namespaceoro
Namecrm
Version4.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.2.6
Latest_non_vulnerable_version5.1.1
Affected_by_vulnerabilities
0
url VCID-p5g5-3z89-63bz
vulnerability_id VCID-p5g5-3z89-63bz
summary 
OroCRMCallBundle has incorrect call view page visibility
Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks.
references
0
reference_url https://github.com/oroinc/OroCRMCallBundle/commit/456b1dda7762abf4ff59eafffaa70ab7f09d1c85
reference_id
reference_type
scores
url https://github.com/oroinc/OroCRMCallBundle/commit/456b1dda7762abf4ff59eafffaa70ab7f09d1c85
1
reference_url https://github.com/oroinc/OroCRMCallBundle/commit/9a41dff459bb4aff864175ca883d553ac0954950
reference_id
reference_type
scores
url https://github.com/oroinc/OroCRMCallBundle/commit/9a41dff459bb4aff864175ca883d553ac0954950
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32063
reference_id CVE-2023-32063
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-32063
3
reference_url https://github.com/advisories/GHSA-897w-jv7j-6r7g
reference_id GHSA-897w-jv7j-6r7g
reference_type
scores
url https://github.com/advisories/GHSA-897w-jv7j-6r7g
4
reference_url https://github.com/oroinc/crm/security/advisories/GHSA-897w-jv7j-6r7g
reference_id GHSA-897w-jv7j-6r7g
reference_type
scores
url https://github.com/oroinc/crm/security/advisories/GHSA-897w-jv7j-6r7g
fixed_packages
0
url pkg:composer/oro/crm@4.2.6
purl pkg:composer/oro/crm@4.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/crm@4.2.6
1
url pkg:composer/oro/crm@5.0.4
purl pkg:composer/oro/crm@5.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/crm@5.0.4
2
url pkg:composer/oro/crm@5.1.1
purl pkg:composer/oro/crm@5.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/crm@5.1.1
aliases CVE-2023-32063, GHSA-897w-jv7j-6r7g
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p5g5-3z89-63bz
1
url VCID-yuv4-cckd-tqdj
vulnerability_id VCID-yuv4-cckd-tqdj
summary 
Cross-Site Request Forgery (CSRF)
OroCRM is an open source Client Relationship Management (CRM) application. There are no workarounds that address this vulnerability and all users are advised to update their package.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39198
reference_id CVE-2021-39198
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-39198
1
reference_url https://github.com/oroinc/crm/security/advisories/GHSA-vf7h-6246-hm43
reference_id GHSA-vf7h-6246-hm43
reference_type
scores
url https://github.com/oroinc/crm/security/advisories/GHSA-vf7h-6246-hm43
fixed_packages
0
url pkg:composer/oro/crm@4.2.6
purl pkg:composer/oro/crm@4.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/crm@4.2.6
aliases CVE-2021-39198, GHSA-vf7h-6246-hm43
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yuv4-cckd-tqdj
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/oro/crm@4.2.0