Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/concrete5/concrete5@9.0.0-RC1
Typecomposer
Namespaceconcrete5
Nameconcrete5
Version9.0.0-RC1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.7.4
Latest_non_vulnerable_version9.4.8
Affected_by_vulnerabilities
0
url VCID-1ptm-ydqz-gybk
vulnerability_id VCID-1ptm-ydqz-gybk
summary 
Concrete CMS Stored XSS in the Search Field
Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting
references
0
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
reference_id
reference_type
scores
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
1
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
reference_id
reference_type
scores
url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
2
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms
3
reference_url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
4
reference_url https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-3181
reference_id CVE-2024-3181
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-3181
6
reference_url https://github.com/advisories/GHSA-qgm9-rxmq-jxmq
reference_id GHSA-qgm9-rxmq-jxmq
reference_type
scores
url https://github.com/advisories/GHSA-qgm9-rxmq-jxmq
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.2.8
purl pkg:composer/concrete5/concrete5@9.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8
aliases CVE-2024-3181, GHSA-qgm9-rxmq-jxmq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ptm-ydqz-gybk
1
url VCID-3ejn-3ds7-u7g8
vulnerability_id VCID-3ejn-3ds7-u7g8
summary 
Improper Input Validation
Concrete CMS version 9 before 9.2.5 is vulnerable to  stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability.
references
0
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes
reference_id
reference_type
scores
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes
1
reference_url https://github.com/concretecms/concretecms/commit/59a07472ad6349a2c5fb455837a54ed1fe3f6953
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/commit/59a07472ad6349a2c5fb455837a54ed1fe3f6953
2
reference_url https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory
reference_id
reference_type
scores
url https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-1247
reference_id CVE-2024-1247
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-1247
4
reference_url https://github.com/advisories/GHSA-q25h-jch8-gfrp
reference_id GHSA-q25h-jch8-gfrp
reference_type
scores
url https://github.com/advisories/GHSA-q25h-jch8-gfrp
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.2.5
purl pkg:composer/concrete5/concrete5@9.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.5
aliases CVE-2024-1247, GHSA-q25h-jch8-gfrp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ejn-3ds7-u7g8
2
url VCID-3z92-cd94-cfdt
vulnerability_id VCID-3z92-cd94-cfdt
summary 
Concrete CMS Stored XSS in the Custom Class page editing
Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.
references
0
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
reference_id
reference_type
scores
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
1
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
reference_id
reference_type
scores
url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
2
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms
3
reference_url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
4
reference_url https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904
5
reference_url https://github.com/concretecms/concretecms/pull/11988
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/pull/11988
6
reference_url https://github.com/concretecms/concretecms/pull/11989
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/pull/11989
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-3179
reference_id CVE-2024-3179
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-3179
8
reference_url https://github.com/advisories/GHSA-r7q4-cw9r-vhp4
reference_id GHSA-r7q4-cw9r-vhp4
reference_type
scores
url https://github.com/advisories/GHSA-r7q4-cw9r-vhp4
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.2.8
purl pkg:composer/concrete5/concrete5@9.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8
aliases CVE-2024-3179, GHSA-r7q4-cw9r-vhp4
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3z92-cd94-cfdt
3
url VCID-4e63-f1w1-rudp
vulnerability_id VCID-4e63-f1w1-rudp
summary 
Concrete CMS Stored XSS in blocks of type file
Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Prior to fix, stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.
references
0
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
reference_id
reference_type
scores
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
1
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
reference_id
reference_type
scores
url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
2
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms
3
reference_url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
4
reference_url https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-3180
reference_id CVE-2024-3180
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-3180
6
reference_url https://github.com/advisories/GHSA-9qhc-pg6j-wf23
reference_id GHSA-9qhc-pg6j-wf23
reference_type
scores
url https://github.com/advisories/GHSA-9qhc-pg6j-wf23
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.2.8
purl pkg:composer/concrete5/concrete5@9.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8
aliases CVE-2024-3180, GHSA-9qhc-pg6j-wf23
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4e63-f1w1-rudp
4
url VCID-av2c-h349-tkae
vulnerability_id VCID-av2c-h349-tkae
summary 
Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter
Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All administrators have access to the File Manager and hence could create a search filter with the malicious code attached. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator .
references
0
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
reference_id
reference_type
scores
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
1
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
reference_id
reference_type
scores
url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
2
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms
3
reference_url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
4
reference_url https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/commit/f2ea49b3cdbac3cbfdf5d3c862de7b7097bbe904
5
reference_url https://github.com/concretecms/concretecms/pull/11988
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/pull/11988
6
reference_url https://github.com/concretecms/concretecms/pull/11989
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/pull/11989
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-3178
reference_id CVE-2024-3178
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-3178
8
reference_url https://github.com/advisories/GHSA-xwrh-qxmc-x8c8
reference_id GHSA-xwrh-qxmc-x8c8
reference_type
scores
url https://github.com/advisories/GHSA-xwrh-qxmc-x8c8
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.2.8
purl pkg:composer/concrete5/concrete5@9.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8
aliases CVE-2024-3178, GHSA-xwrh-qxmc-x8c8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-av2c-h349-tkae
5
url VCID-tsf3-f23x-uybj
vulnerability_id VCID-tsf3-f23x-uybj
summary 
Improper Input Validation
Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N.
references
0
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes
reference_id
reference_type
scores
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes
1
reference_url https://github.com/concretecms/concretecms/commit/59a07472ad6349a2c5fb455837a54ed1fe3f6953
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/commit/59a07472ad6349a2c5fb455837a54ed1fe3f6953
2
reference_url https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory
reference_id
reference_type
scores
url https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-1245
reference_id CVE-2024-1245
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-1245
4
reference_url https://github.com/advisories/GHSA-mgp6-j658-vcw9
reference_id GHSA-mgp6-j658-vcw9
reference_type
scores
url https://github.com/advisories/GHSA-mgp6-j658-vcw9
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.2.5
purl pkg:composer/concrete5/concrete5@9.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.5
aliases CVE-2024-1245, GHSA-mgp6-j658-vcw9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tsf3-f23x-uybj
6
url VCID-txnd-sm12-qfdj
vulnerability_id VCID-txnd-sm12-qfdj
summary 
Improper Input Validation
Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user’s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.
references
0
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes
reference_id
reference_type
scores
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes
1
reference_url https://github.com/concretecms/concretecms/commit/59a07472ad6349a2c5fb455837a54ed1fe3f6953
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/commit/59a07472ad6349a2c5fb455837a54ed1fe3f6953
2
reference_url https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory
reference_id
reference_type
scores
url https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-1246
reference_id CVE-2024-1246
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-1246
4
reference_url https://github.com/advisories/GHSA-9v3w-cj7m-qh5g
reference_id GHSA-9v3w-cj7m-qh5g
reference_type
scores
url https://github.com/advisories/GHSA-9v3w-cj7m-qh5g
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.2.5
purl pkg:composer/concrete5/concrete5@9.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.5
aliases CVE-2024-1246, GHSA-9v3w-cj7m-qh5g
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-txnd-sm12-qfdj
7
url VCID-x7qc-tw7s-tugy
vulnerability_id VCID-x7qc-tw7s-tugy
summary 
Concrete CMS Stored XSS on the calendar color settings screen
Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5.16 is vulnerable to Stored XSS on the calendar color settings screen since Information input by the user is output without escaping. A rogue administrator could inject malicious javascript into the Calendar Color Settings screen which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.0 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N&version=3.1 https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator

Thank you Rikuto Tauchi for reporting
references
0
reference_url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
reference_id
reference_type
scores
url https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.
1
reference_url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
reference_id
reference_type
scores
url https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.
2
reference_url https://github.com/concretecms/concretecms
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms
3
reference_url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/commit/822e689cefe1eb876e9de31dad9ce660f3b5c295
4
reference_url https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f
reference_id
reference_type
scores
url https://github.com/concretecms/concretecms/commit/e85ef2408a5eea7d5646178fbef0ab243baaed8f
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-2753
reference_id CVE-2024-2753
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-2753
6
reference_url https://github.com/advisories/GHSA-pj42-r64f-4xfq
reference_id GHSA-pj42-r64f-4xfq
reference_type
scores
url https://github.com/advisories/GHSA-pj42-r64f-4xfq
fixed_packages
0
url pkg:composer/concrete5/concrete5@9.2.8
purl pkg:composer/concrete5/concrete5@9.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.2.8
aliases CVE-2024-2753, GHSA-pj42-r64f-4xfq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x7qc-tw7s-tugy
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/concrete5/concrete5@9.0.0-RC1