Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/ec-cube/ec-cube@2.17.1
Typecomposer
Namespaceec-cube
Nameec-cube
Version2.17.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.1.0-alpha
Latest_non_vulnerable_version3.1.0-alpha
Affected_by_vulnerabilities
0
url VCID-6nr6-xn62-v3dj
vulnerability_id VCID-6nr6-xn62-v3dj
summary 
Incorrect Authorization
Improper access control in Management screen of EC-CUBE 2 series allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vectors.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20841
reference_id
reference_type
scores
0
value 0.00203
scoring_system epss
scoring_elements 0.42293
published_at 2026-06-04T12:55:00Z
1
value 0.00203
scoring_system epss
scoring_elements 0.42353
published_at 2026-06-07T12:55:00Z
2
value 0.00203
scoring_system epss
scoring_elements 0.42379
published_at 2026-06-06T12:55:00Z
3
value 0.00203
scoring_system epss
scoring_elements 0.42368
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20841
1
reference_url https://github.com/EC-CUBE/ec-cube
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/EC-CUBE/ec-cube
2
reference_url https://jvn.jp/en/jp/JVN75444925/index.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jvn.jp/en/jp/JVN75444925/index.html
3
reference_url https://www.ec-cube.net/info/weakness/20211111
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ec-cube.net/info/weakness/20211111
4
reference_url https://www.ec-cube.net/info/weakness/20211111/
reference_id
reference_type
scores
url https://www.ec-cube.net/info/weakness/20211111/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20841
reference_id CVE-2021-20841
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20841
6
reference_url https://github.com/advisories/GHSA-jc55-crg7-pr35
reference_id GHSA-jc55-crg7-pr35
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jc55-crg7-pr35
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@2.17.2
purl pkg:composer/ec-cube/ec-cube@2.17.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-he32-4cf1-akf5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@2.17.2
1
url pkg:composer/ec-cube/ec-cube@3.0.0
purl pkg:composer/ec-cube/ec-cube@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wk3-yxkq-j7en
1
vulnerability VCID-2vzq-r4pf-1kac
2
vulnerability VCID-8d1z-47bk-vbd2
3
vulnerability VCID-c6vr-e9zn-cbaz
4
vulnerability VCID-ccu6-ebu1-nkax
5
vulnerability VCID-fuus-wqhf-s3be
6
vulnerability VCID-he32-4cf1-akf5
7
vulnerability VCID-mr5c-68tz-nfbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@3.0.0
aliases CVE-2021-20841, GHSA-jc55-crg7-pr35
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6nr6-xn62-v3dj
1
url VCID-nw9p-g3hb-sqg4
vulnerability_id VCID-nw9p-g3hb-sqg4
summary 
Cross-Site Request Forgery (CSRF)
A Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series to allows a remote attacker to hijack the authentication of Administrators and delete Administrators via a specially crafted web page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20842
reference_id
reference_type
scores
0
value 0.00108
scoring_system epss
scoring_elements 0.28569
published_at 2026-06-04T12:55:00Z
1
value 0.00108
scoring_system epss
scoring_elements 0.28564
published_at 2026-06-07T12:55:00Z
2
value 0.00108
scoring_system epss
scoring_elements 0.28601
published_at 2026-06-06T12:55:00Z
3
value 0.00108
scoring_system epss
scoring_elements 0.28641
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20842
1
reference_url https://github.com/EC-CUBE/ec-cube
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/EC-CUBE/ec-cube
2
reference_url https://jvn.jp/en/jp/JVN75444925/index.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jvn.jp/en/jp/JVN75444925/index.html
3
reference_url https://www.ec-cube.net/info/weakness/20211111
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ec-cube.net/info/weakness/20211111
4
reference_url https://www.ec-cube.net/info/weakness/20211111/
reference_id
reference_type
scores
url https://www.ec-cube.net/info/weakness/20211111/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20842
reference_id CVE-2021-20842
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20842
6
reference_url https://github.com/advisories/GHSA-m9hv-qmqh-33qh
reference_id GHSA-m9hv-qmqh-33qh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m9hv-qmqh-33qh
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@2.17.2
purl pkg:composer/ec-cube/ec-cube@2.17.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-he32-4cf1-akf5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@2.17.2
1
url pkg:composer/ec-cube/ec-cube@3.0.0
purl pkg:composer/ec-cube/ec-cube@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wk3-yxkq-j7en
1
vulnerability VCID-2vzq-r4pf-1kac
2
vulnerability VCID-8d1z-47bk-vbd2
3
vulnerability VCID-c6vr-e9zn-cbaz
4
vulnerability VCID-ccu6-ebu1-nkax
5
vulnerability VCID-fuus-wqhf-s3be
6
vulnerability VCID-he32-4cf1-akf5
7
vulnerability VCID-mr5c-68tz-nfbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@3.0.0
aliases CVE-2021-20842, GHSA-m9hv-qmqh-33qh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nw9p-g3hb-sqg4
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@2.17.1