Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:nuget/UmbracoCms@10.7.0
Typenuget
Namespace
NameUmbracoCms
Version10.7.0
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version10.8.1
Latest_non_vulnerable_version12.3.4
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-azpt-qmk7-1ueu
vulnerability_id VCID-azpt-qmk7-1ueu
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Umbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0 contain a patch for this issue. Some workarounds are available. Implement the server side file validation or serve all media from an different host (e.g cdn) than where Umbraco is hosted.
references
0
reference_url https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation
reference_id
reference_type
scores
url https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49279
reference_id CVE-2023-49279
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-49279
2
reference_url https://github.com/advisories/GHSA-6xmx-85x3-4cv2
reference_id GHSA-6xmx-85x3-4cv2
reference_type
scores
url https://github.com/advisories/GHSA-6xmx-85x3-4cv2
3
reference_url https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2
reference_id GHSA-6xmx-85x3-4cv2
reference_type
scores
url https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2
fixed_packages
0
url pkg:nuget/UmbracoCms@7.15.11
purl pkg:nuget/UmbracoCms@7.15.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@7.15.11
1
url pkg:nuget/UmbracoCms@8.18.9
purl pkg:nuget/UmbracoCms@8.18.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@8.18.9
2
url pkg:nuget/UmbracoCms@10.7.0
purl pkg:nuget/UmbracoCms@10.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@10.7.0
3
url pkg:nuget/UmbracoCms@11.5.0
purl pkg:nuget/UmbracoCms@11.5.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@11.5.0
4
url pkg:nuget/UmbracoCms@12.2.0
purl pkg:nuget/UmbracoCms@12.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@12.2.0
aliases CVE-2023-49279, GHSA-6xmx-85x3-4cv2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-azpt-qmk7-1ueu
1
url VCID-s3pr-pezb-4qf4
vulnerability_id VCID-s3pr-pezb-4qf4
summary 
Incorrect Authorization
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.3.0, Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios. Versions 8.18.10, 10.7.0, and 12.3.0 contains a patch for this issue. No known workarounds are available.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-48227
reference_id CVE-2023-48227
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-48227
1
reference_url https://github.com/advisories/GHSA-335x-5wcm-8jv2
reference_id GHSA-335x-5wcm-8jv2
reference_type
scores
url https://github.com/advisories/GHSA-335x-5wcm-8jv2
2
reference_url https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-335x-5wcm-8jv2
reference_id GHSA-335x-5wcm-8jv2
reference_type
scores
url https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-335x-5wcm-8jv2
fixed_packages
0
url pkg:nuget/UmbracoCms@8.18.10
purl pkg:nuget/UmbracoCms@8.18.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@8.18.10
1
url pkg:nuget/UmbracoCms@10.7.0
purl pkg:nuget/UmbracoCms@10.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@10.7.0
2
url pkg:nuget/UmbracoCms@12.3.0
purl pkg:nuget/UmbracoCms@12.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@12.3.0
aliases CVE-2023-48227, GHSA-335x-5wcm-8jv2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s3pr-pezb-4qf4
2
url VCID-wtw6-zcw6-2yd2
vulnerability_id VCID-wtw6-zcw6-2yd2
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.1.0, a user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended. Versions 8.18.10, 10.7.0, and 12.1.0 contain a patch for this issue.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38694
reference_id CVE-2023-38694
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-38694
1
reference_url https://github.com/advisories/GHSA-xxc6-35r7-796w
reference_id GHSA-xxc6-35r7-796w
reference_type
scores
url https://github.com/advisories/GHSA-xxc6-35r7-796w
2
reference_url https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-xxc6-35r7-796w
reference_id GHSA-xxc6-35r7-796w
reference_type
scores
url https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-xxc6-35r7-796w
fixed_packages
0
url pkg:nuget/UmbracoCms@8.18.10
purl pkg:nuget/UmbracoCms@8.18.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@8.18.10
1
url pkg:nuget/UmbracoCms@10.7.0
purl pkg:nuget/UmbracoCms@10.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@10.7.0
2
url pkg:nuget/UmbracoCms@12.1.0
purl pkg:nuget/UmbracoCms@12.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@12.1.0
aliases CVE-2023-38694, GHSA-xxc6-35r7-796w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wtw6-zcw6-2yd2
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@10.7.0