Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/drupal/core-recommended@7.0.0

Type composer

Namespace drupal

Name core-recommended

Version 7.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 8.0.0

Latest_non_vulnerable_version 9.3.6

Affected_by_vulnerabilities

url VCID-2g67-a42m-qfbh

vulnerability_id VCID-2g67-a42m-qfbh

summary

Improper Input Validation
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.

references

reference_url	https://www.drupal.org/sa-core-2022-003
reference_id
reference_type
scores
url	https://www.drupal.org/sa-core-2022-003

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-25271
reference_id	CVE-2022-25271
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-25271

fixed_packages

url	pkg:composer/drupal/core-recommended@8.0.0
purl	pkg:composer/drupal/core-recommended@8.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@8.0.0

url	pkg:composer/drupal/core-recommended@9.2.13
purl	pkg:composer/drupal/core-recommended@9.2.13
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@9.2.13

url	pkg:composer/drupal/core-recommended@9.3.6
purl	pkg:composer/drupal/core-recommended@9.3.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@9.3.6

aliases CVE-2022-25271

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2g67-a42m-qfbh

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@7.0.0

Package Instance