Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/inline_svg@1.2.1
Typegem
Namespace
Nameinline_svg
Version1.2.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.7.2
Latest_non_vulnerable_version1.7.2
Affected_by_vulnerabilities
0
url VCID-23kr-se7g-xub9
vulnerability_id VCID-23kr-se7g-xub9
summary 
Inline SVG vulnerable to Cross-site Scripting
A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1
and classified as problematic. Affected by this vulnerability is an unknown functionality
of the file `lib/inline_svg/action_view/helpers.rb` of the component `URL Parameter
Handler`. The manipulation of the argument filename leads to cross site scripting.
The attack can be launched remotely. Upgrading to version 1.7.2 is able to address
this issue. The name of the patch is f5363b351508486021f99e083c92068cf2943621. It
is recommended to upgrade the affected component. The identifier VDB-217597 was
assigned to this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36644
reference_id
reference_type
scores
0
value 0.00661
scoring_system epss
scoring_elements 0.71531
published_at 2026-06-04T12:55:00Z
1
value 0.00661
scoring_system epss
scoring_elements 0.71575
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36644
1
reference_url https://github.com/jamesmartin/inline_svg
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jamesmartin/inline_svg
2
reference_url https://github.com/jamesmartin/inline_svg/commit/f5363b351508486021f99e083c92068cf2943621
reference_id
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:P/A:N
1
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
2
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T19:22:26Z/
url https://github.com/jamesmartin/inline_svg/commit/f5363b351508486021f99e083c92068cf2943621
3
reference_url https://github.com/jamesmartin/inline_svg/pull/117
reference_id
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:P/A:N
1
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
2
value 6.1
scoring_system cvssv3
scoring_elements
3
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
4
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5
value MODERATE
scoring_system generic_textual
scoring_elements
6
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T19:22:26Z/
url https://github.com/jamesmartin/inline_svg/pull/117
4
reference_url https://github.com/jamesmartin/inline_svg/releases/tag/v1.7.2
reference_id
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:P/A:N
1
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
2
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T19:22:26Z/
url https://github.com/jamesmartin/inline_svg/releases/tag/v1.7.2
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/inline_svg/CVE-2020-36644.yml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/inline_svg/CVE-2020-36644.yml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36644
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36644
7
reference_url https://vuldb.com/?ctiid.217597
reference_id
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:P/A:N
1
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
2
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T19:22:26Z/
url https://vuldb.com/?ctiid.217597
8
reference_url https://vuldb.com/?id.217597
reference_id
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:P/A:N
1
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
2
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T19:22:26Z/
url https://vuldb.com/?id.217597
9
reference_url https://github.com/advisories/GHSA-p33q-4h4m-j994
reference_id GHSA-p33q-4h4m-j994
reference_type
scores
url https://github.com/advisories/GHSA-p33q-4h4m-j994
fixed_packages
0
url pkg:gem/inline_svg@1.7.2
purl pkg:gem/inline_svg@1.7.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/inline_svg@1.7.2
aliases CVE-2020-36644, GHSA-p33q-4h4m-j994
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-23kr-se7g-xub9
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/inline_svg@1.2.1