Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/craftcms/cms@3.9.6
Typecomposer
Namespacecraftcms
Namecms
Version3.9.6
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version4.3.7
Latest_non_vulnerable_version5.9.9
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-jhen-vhqx-n7dr
vulnerability_id VCID-jhen-vhqx-n7dr
summary 
Improper Privilege Management
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.
references
0
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16
reference_id
reference_type
scores
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16
1
reference_url https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16
reference_id
reference_type
scores
url https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16
2
reference_url https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa
reference_id
reference_type
scores
url https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa
3
reference_url https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843
reference_id
reference_type
scores
url https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843
4
reference_url https://github.com/craftcms/cms/pull/13931
reference_id
reference_type
scores
url https://github.com/craftcms/cms/pull/13931
5
reference_url https://github.com/craftcms/cms/pull/13932
reference_id
reference_type
scores
url https://github.com/craftcms/cms/pull/13932
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21622
reference_id CVE-2024-21622
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-21622
7
reference_url https://github.com/advisories/GHSA-j5g9-j7r4-6qvx
reference_id GHSA-j5g9-j7r4-6qvx
reference_type
scores
url https://github.com/advisories/GHSA-j5g9-j7r4-6qvx
8
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx
reference_id GHSA-j5g9-j7r4-6qvx
reference_type
scores
url https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx
fixed_packages
0
url pkg:composer/craftcms/cms@3.9.6
purl pkg:composer/craftcms/cms@3.9.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.9.6
1
url pkg:composer/craftcms/cms@4.5.11
purl pkg:composer/craftcms/cms@4.5.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.5.11
aliases CVE-2024-21622, GHSA-j5g9-j7r4-6qvx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jhen-vhqx-n7dr
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.9.6