Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/getkirby/cms@3.6.6%2B5

Type composer

Namespace getkirby

Name cms

Version 3.6.6+5

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.9.1

Latest_non_vulnerable_version 6.0.0-alpha.1

Affected_by_vulnerabilities

url VCID-w47w-xzfq-7bdk

vulnerability_id VCID-w47w-xzfq-7bdk

summary

Kirby has insufficient permission checks in the language settings
The missing permission checks allowed attackers with Panel access to manipulate the language definitions.

The language definitions are at the core of multi-language content in Kirby. Unauthorized modifications with malicious intent can cause significant damage, for example:

- If the `languages` option was enabled but no language exists, creating the first language will switch Kirby to multi-language mode.
- Deleting an existing language will lead to content loss of all translated content in that language. Deleting the last language will switch Kirby to single-language mode.
- Updating a language allows to change the metadata including the language slug (used in page URLs) and language variables. It also allows to change the default language, which will cause Kirby to use the new default language's content as a fallback for non-existing translations.

Depending on the site code, the result of such actions can cause loss of site availability (e.g. error messages in the site frontend) or integrity (due to changed URLs or removed translations).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-41964

reference_id

reference_type

scores

value	0.00379
scoring_system	epss
scoring_elements	0.59739
published_at	2026-06-07T12:55:00Z

value	0.00379
scoring_system	epss
scoring_elements	0.59748
published_at	2026-06-06T12:55:00Z

value	0.00379
scoring_system	epss
scoring_elements	0.59745
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-41964

reference_url

https://github.com/getkirby/kirby

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/getkirby/kirby

reference_url

https://github.com/getkirby/kirby/commit/1dbc9215c97a5c22dc7f34a4e3a64d19e1eac151

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/getkirby/kirby/commit/1dbc9215c97a5c22dc7f34a4e3a64d19e1eac151

reference_url

https://github.com/getkirby/kirby/commit/38636655b054e820f66c3b717c55a9d60fe6400a

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/getkirby/kirby/commit/38636655b054e820f66c3b717c55a9d60fe6400a

reference_url

https://github.com/getkirby/kirby/commit/83fce501759782cf843b6f1d9293a7c7167e69af

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/getkirby/kirby/commit/83fce501759782cf843b6f1d9293a7c7167e69af

reference_url

https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T16:35:56Z/

url

https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23

reference_url

https://github.com/getkirby/kirby/commit/af9b0a58dea63effab85525ae217faa1f5ded423

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/getkirby/kirby/commit/af9b0a58dea63effab85525ae217faa1f5ded423

reference_url

https://github.com/getkirby/kirby/commit/e647a177c75636ef4824662b2ce00d8e5c3a8406

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/getkirby/kirby/commit/e647a177c75636ef4824662b2ce00d8e5c3a8406

reference_url

https://github.com/getkirby/kirby/releases/tag/3.10.1.1

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/getkirby/kirby/releases/tag/3.10.1.1

reference_url

https://github.com/getkirby/kirby/releases/tag/3.6.6.6

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/getkirby/kirby/releases/tag/3.6.6.6

reference_url

https://github.com/getkirby/kirby/releases/tag/3.7.5.5

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/getkirby/kirby/releases/tag/3.7.5.5

reference_url

https://github.com/getkirby/kirby/releases/tag/3.8.4.4

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/getkirby/kirby/releases/tag/3.8.4.4

reference_url

https://github.com/getkirby/kirby/releases/tag/3.9.8.2

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/getkirby/kirby/releases/tag/3.9.8.2

reference_url

https://github.com/getkirby/kirby/releases/tag/4.3.1

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/getkirby/kirby/releases/tag/4.3.1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-41964

reference_id

CVE-2024-41964

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-41964

reference_url

https://github.com/advisories/GHSA-jm9m-rqr3-wfmh

reference_id

GHSA-jm9m-rqr3-wfmh

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jm9m-rqr3-wfmh

reference_url

https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh

reference_id

GHSA-jm9m-rqr3-wfmh

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T16:35:56Z/

url

https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh

fixed_packages

url pkg:composer/getkirby/cms@3.6.6.6

purl pkg:composer/getkirby/cms@3.6.6.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1zg8-cndr-73hk

vulnerability	VCID-4wcn-6ujb-tuhr

vulnerability	VCID-8a1t-g8pv-4fcb

vulnerability	VCID-e9gx-3frn-gfeu

vulnerability	VCID-g46n-k3pp-t3a5

vulnerability	VCID-h2gp-rqt7-ckdf

vulnerability	VCID-hsgj-2c1x-cuhu

vulnerability	VCID-mhvv-3qdd-qfax

vulnerability	VCID-nt5x-k3wp-u3hu

vulnerability	VCID-seme-4ery-6qbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getkirby/cms@3.6.6.6

url	pkg:composer/getkirby/cms@3.6.6%2B6
purl	pkg:composer/getkirby/cms@3.6.6%2B6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/getkirby/cms@3.6.6%252B6

url pkg:composer/getkirby/cms@3.7.5.5

purl pkg:composer/getkirby/cms@3.7.5.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1zg8-cndr-73hk

vulnerability	VCID-4wcn-6ujb-tuhr

vulnerability	VCID-8a1t-g8pv-4fcb

vulnerability	VCID-e9gx-3frn-gfeu

vulnerability	VCID-g46n-k3pp-t3a5

vulnerability	VCID-h2gp-rqt7-ckdf

vulnerability	VCID-hsgj-2c1x-cuhu

vulnerability	VCID-mhvv-3qdd-qfax

vulnerability	VCID-nt5x-k3wp-u3hu

vulnerability	VCID-seme-4ery-6qbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getkirby/cms@3.7.5.5

url	pkg:composer/getkirby/cms@3.7.5%2B5
purl	pkg:composer/getkirby/cms@3.7.5%2B5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/getkirby/cms@3.7.5%252B5

url pkg:composer/getkirby/cms@3.8.4.4

purl pkg:composer/getkirby/cms@3.8.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1zg8-cndr-73hk

vulnerability	VCID-4wcn-6ujb-tuhr

vulnerability	VCID-8a1t-g8pv-4fcb

vulnerability	VCID-e9gx-3frn-gfeu

vulnerability	VCID-g46n-k3pp-t3a5

vulnerability	VCID-h2gp-rqt7-ckdf

vulnerability	VCID-hsgj-2c1x-cuhu

vulnerability	VCID-mhvv-3qdd-qfax

vulnerability	VCID-nt5x-k3wp-u3hu

vulnerability	VCID-seme-4ery-6qbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getkirby/cms@3.8.4.4

url	pkg:composer/getkirby/cms@3.8.4%2B4
purl	pkg:composer/getkirby/cms@3.8.4%2B4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/getkirby/cms@3.8.4%252B4

url pkg:composer/getkirby/cms@3.9.8.2

purl pkg:composer/getkirby/cms@3.9.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1zg8-cndr-73hk

vulnerability	VCID-4wcn-6ujb-tuhr

vulnerability	VCID-8a1t-g8pv-4fcb

vulnerability	VCID-e9gx-3frn-gfeu

vulnerability	VCID-g46n-k3pp-t3a5

vulnerability	VCID-h2gp-rqt7-ckdf

vulnerability	VCID-hsgj-2c1x-cuhu

vulnerability	VCID-mhvv-3qdd-qfax

vulnerability	VCID-nt5x-k3wp-u3hu

vulnerability	VCID-seme-4ery-6qbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getkirby/cms@3.9.8.2

url	pkg:composer/getkirby/cms@3.9.8%2B2
purl	pkg:composer/getkirby/cms@3.9.8%2B2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/getkirby/cms@3.9.8%252B2

url	pkg:composer/getkirby/cms@3.10.1%2B1
purl	pkg:composer/getkirby/cms@3.10.1%2B1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/getkirby/cms@3.10.1%252B1

url pkg:composer/getkirby/cms@4.0.0-alpha.1

purl pkg:composer/getkirby/cms@4.0.0-alpha.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4wcn-6ujb-tuhr

vulnerability	VCID-8a1t-g8pv-4fcb

vulnerability	VCID-e9gx-3frn-gfeu

vulnerability	VCID-g46n-k3pp-t3a5

vulnerability	VCID-h2gp-rqt7-ckdf

vulnerability	VCID-hsgj-2c1x-cuhu

vulnerability	VCID-mhvv-3qdd-qfax

vulnerability	VCID-nt5x-k3wp-u3hu

vulnerability	VCID-s33b-8zp5-yyaa

vulnerability	VCID-umm8-7cx6-4fcu

vulnerability	VCID-zakx-qtwy-gbba

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getkirby/cms@4.0.0-alpha.1

url pkg:composer/getkirby/cms@4.3.1

purl pkg:composer/getkirby/cms@4.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1zg8-cndr-73hk

vulnerability	VCID-4wcn-6ujb-tuhr

vulnerability	VCID-8a1t-g8pv-4fcb

vulnerability	VCID-e9gx-3frn-gfeu

vulnerability	VCID-g46n-k3pp-t3a5

vulnerability	VCID-h2gp-rqt7-ckdf

vulnerability	VCID-hsgj-2c1x-cuhu

vulnerability	VCID-mhvv-3qdd-qfax

vulnerability	VCID-nt5x-k3wp-u3hu

vulnerability	VCID-seme-4ery-6qbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getkirby/cms@4.3.1

url pkg:composer/getkirby/cms@4.4.0-rc.1

purl pkg:composer/getkirby/cms@4.4.0-rc.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1zg8-cndr-73hk

vulnerability	VCID-4wcn-6ujb-tuhr

vulnerability	VCID-8a1t-g8pv-4fcb

vulnerability	VCID-e9gx-3frn-gfeu

vulnerability	VCID-g46n-k3pp-t3a5

vulnerability	VCID-h2gp-rqt7-ckdf

vulnerability	VCID-hsgj-2c1x-cuhu

vulnerability	VCID-mhvv-3qdd-qfax

vulnerability	VCID-nt5x-k3wp-u3hu

vulnerability	VCID-seme-4ery-6qbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getkirby/cms@4.4.0-rc.1

aliases CVE-2024-41964, GHSA-jm9m-rqr3-wfmh

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w47w-xzfq-7bdk

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getkirby/cms@3.6.6%252B5

Package Instance