Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/drupal/core-recommended@9.2.13
Typecomposer
Namespacedrupal
Namecore-recommended
Version9.2.13
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version8.0.0
Latest_non_vulnerable_version9.3.6
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-2g67-a42m-qfbh
vulnerability_id VCID-2g67-a42m-qfbh
summary 
Improper Input Validation
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
references
0
reference_url https://www.drupal.org/sa-core-2022-003
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2022-003
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25271
reference_id CVE-2022-25271
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-25271
fixed_packages
0
url pkg:composer/drupal/core-recommended@8.0.0
purl pkg:composer/drupal/core-recommended@8.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@8.0.0
1
url pkg:composer/drupal/core-recommended@9.2.13
purl pkg:composer/drupal/core-recommended@9.2.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@9.2.13
2
url pkg:composer/drupal/core-recommended@9.3.6
purl pkg:composer/drupal/core-recommended@9.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@9.3.6
aliases CVE-2022-25271
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2g67-a42m-qfbh
1
url VCID-ydy1-x277-1fhj
vulnerability_id VCID-ydy1-x277-1fhj
summary 
Incorrect Authorization
The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.
references
0
reference_url https://www.drupal.org/sa-core-2022-004
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2022-004
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25270
reference_id CVE-2022-25270
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-25270
fixed_packages
0
url pkg:composer/drupal/core-recommended@9.2.13
purl pkg:composer/drupal/core-recommended@9.2.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@9.2.13
1
url pkg:composer/drupal/core-recommended@9.3.6
purl pkg:composer/drupal/core-recommended@9.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@9.3.6
aliases CVE-2022-25270
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ydy1-x277-1fhj
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@9.2.13