Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/drupal/drupal@9.2.18
Typecomposer
Namespacedrupal
Namedrupal
Version9.2.18
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version9.3.9
Latest_non_vulnerable_version10.0.8
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-egtv-y9w1-skgr
vulnerability_id VCID-egtv-y9w1-skgr
summary 
Improper Input Validation
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
references
0
reference_url https://www.drupal.org/sa-core-2022-008
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2022-008
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25273
reference_id CVE-2022-25273
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-25273
2
reference_url https://github.com/advisories/GHSA-g36h-4jr6-qmm9
reference_id GHSA-g36h-4jr6-qmm9
reference_type
scores
url https://github.com/advisories/GHSA-g36h-4jr6-qmm9
fixed_packages
0
url pkg:composer/drupal/drupal@9.2.18
purl pkg:composer/drupal/drupal@9.2.18
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.2.18
1
url pkg:composer/drupal/drupal@9.3.12
purl pkg:composer/drupal/drupal@9.3.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.12
aliases CVE-2022-25273, GHSA-g36h-4jr6-qmm9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-egtv-y9w1-skgr
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.2.18