Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/appwrite/server-ce@0.12.0

Type composer

Namespace appwrite

Name server-ce

Version 0.12.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 0.12.2

Latest_non_vulnerable_version 0.12.2

Affected_by_vulnerabilities

url VCID-x7wu-vcge-33g6

vulnerability_id VCID-x7wu-vcge-33g6

summary

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution vulnerability.

references

reference_url	https://github.com/appwrite/appwrite/pull/2778
reference_id
reference_type
scores
url	https://github.com/appwrite/appwrite/pull/2778

reference_url	https://github.com/appwrite/appwrite/releases/tag/0.11.1
reference_id
reference_type
scores
url	https://github.com/appwrite/appwrite/releases/tag/0.11.1

reference_url	https://github.com/appwrite/appwrite/releases/tag/0.12.2
reference_id
reference_type
scores
url	https://github.com/appwrite/appwrite/releases/tag/0.12.2

reference_url	https://github.com/litespeed-js/litespeed.js/pull/18
reference_id
reference_type
scores
url	https://github.com/litespeed-js/litespeed.js/pull/18

reference_url	https://snyk.io/vuln/SNYK-JS-LITESPEEDJS-2359250
reference_id
reference_type
scores
url	https://snyk.io/vuln/SNYK-JS-LITESPEEDJS-2359250

reference_url	https://snyk.io/vuln/SNYK-PHP-APPWRITESERVERCE-2401820
reference_id
reference_type
scores
url	https://snyk.io/vuln/SNYK-PHP-APPWRITESERVERCE-2401820

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-23682
reference_id	CVE-2021-23682
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-23682

fixed_packages

url	pkg:composer/appwrite/server-ce@0.12.2
purl	pkg:composer/appwrite/server-ce@0.12.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/appwrite/server-ce@0.12.2

aliases CVE-2021-23682

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x7wu-vcge-33g6

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/appwrite/server-ce@0.12.0

Package Instance