Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/drupal/core@9.3.0
Typecomposer
Namespacedrupal
Namecore
Version9.3.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version9.3.9
Latest_non_vulnerable_version11.2.8
Affected_by_vulnerabilities
0
url VCID-2g67-a42m-qfbh
vulnerability_id VCID-2g67-a42m-qfbh
summary 
Improper Input Validation
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
references
0
reference_url https://www.drupal.org/sa-core-2022-003
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2022-003
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25271
reference_id CVE-2022-25271
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-25271
fixed_packages
0
url pkg:composer/drupal/core@9.3.6
purl pkg:composer/drupal/core@9.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r1hd-d39y-syhj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.6
aliases CVE-2022-25271
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2g67-a42m-qfbh
1
url VCID-ard5-3cjv-1beu
vulnerability_id VCID-ard5-3cjv-1beu
summary 
Improper Input Validation
guzzlehttp/psr7 is a PSR-7 HTTP message library used in drupal. Versions prior to 1.8.4 and 2.1.1 is vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values.
references
0
reference_url https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1
reference_id
reference_type
scores
url https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1
1
reference_url https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc
reference_id
reference_type
scores
url https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc
2
reference_url https://www.drupal.org/sa-core-2022-006
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2022-006
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24775
reference_id CVE-2022-24775
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-24775
4
reference_url https://github.com/advisories/GHSA-q7rv-6hp3-vh96
reference_id GHSA-q7rv-6hp3-vh96
reference_type
scores
url https://github.com/advisories/GHSA-q7rv-6hp3-vh96
5
reference_url https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
reference_id GHSA-q7rv-6hp3-vh96
reference_type
scores
url https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
fixed_packages
0
url pkg:composer/drupal/core@9.3.9
purl pkg:composer/drupal/core@9.3.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.9
aliases CVE-2022-24775, GHSA-q7rv-6hp3-vh96
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ard5-3cjv-1beu
2
url VCID-egtv-y9w1-skgr
vulnerability_id VCID-egtv-y9w1-skgr
summary 
Improper Input Validation
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
references
0
reference_url https://www.drupal.org/sa-core-2022-008
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2022-008
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25273
reference_id CVE-2022-25273
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-25273
2
reference_url https://github.com/advisories/GHSA-g36h-4jr6-qmm9
reference_id GHSA-g36h-4jr6-qmm9
reference_type
scores
url https://github.com/advisories/GHSA-g36h-4jr6-qmm9
fixed_packages
0
url pkg:composer/drupal/core@9.3.12
purl pkg:composer/drupal/core@9.3.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.12
aliases CVE-2022-25273, GHSA-g36h-4jr6-qmm9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-egtv-y9w1-skgr
3
url VCID-g1ew-tnk9-cuh7
vulnerability_id VCID-g1ew-tnk9-cuh7
summary 
Incorrect Authorization
Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system.
references
0
reference_url https://www.drupal.org/sa-core-2022-009
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2022-009
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25274
reference_id CVE-2022-25274
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-25274
2
reference_url https://github.com/advisories/GHSA-7jr4-hgqx-vwgq
reference_id GHSA-7jr4-hgqx-vwgq
reference_type
scores
url https://github.com/advisories/GHSA-7jr4-hgqx-vwgq
fixed_packages
0
url pkg:composer/drupal/core@9.3.12
purl pkg:composer/drupal/core@9.3.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.12
aliases CVE-2022-25274, GHSA-7jr4-hgqx-vwgq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g1ew-tnk9-cuh7
4
url VCID-ydy1-x277-1fhj
vulnerability_id VCID-ydy1-x277-1fhj
summary 
Incorrect Authorization
The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.
references
0
reference_url https://www.drupal.org/sa-core-2022-004
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2022-004
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25270
reference_id CVE-2022-25270
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-25270
fixed_packages
0
url pkg:composer/drupal/core@9.3.6
purl pkg:composer/drupal/core@9.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r1hd-d39y-syhj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.6
aliases CVE-2022-25270
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ydy1-x277-1fhj
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.0