Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/voila@0.3.0a0
Typepypi
Namespace
Namevoila
Version0.3.0a0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.2.17
Latest_non_vulnerable_version0.5.6
Affected_by_vulnerabilities
0
url VCID-xb4c-rkr2-uyap
vulnerability_id VCID-xb4c-rkr2-uyap
summary 
Voilà Local file inclusion
Any deployment of voilà dashboard allow local file inclusion, that is to say any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by someone with network access to the server.

Whether this still requires authentication depends on how voilà is deployed.
references
0
reference_url https://github.com/voila-dashboards/voila
reference_id
reference_type
scores
url https://github.com/voila-dashboards/voila
1
reference_url https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52
reference_id
reference_type
scores
url https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52
2
reference_url https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67
reference_id
reference_type
scores
url https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67
3
reference_url https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2
reference_id
reference_type
scores
url https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2
4
reference_url https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8
reference_id
reference_type
scores
url https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8
5
reference_url https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504
reference_id
reference_type
scores
url https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-30265
reference_id CVE-2024-30265
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-30265
7
reference_url https://github.com/advisories/GHSA-2q59-h24c-w6fg
reference_id GHSA-2q59-h24c-w6fg
reference_type
scores
url https://github.com/advisories/GHSA-2q59-h24c-w6fg
8
reference_url https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg
reference_id GHSA-2q59-h24c-w6fg
reference_type
scores
url https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg
fixed_packages
0
url pkg:pypi/voila@0.3.8
purl pkg:pypi/voila@0.3.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/voila@0.3.8
1
url pkg:pypi/voila@0.4.4
purl pkg:pypi/voila@0.4.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/voila@0.4.4
2
url pkg:pypi/voila@0.5.6
purl pkg:pypi/voila@0.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/voila@0.5.6
aliases CVE-2024-30265, GHSA-2q59-h24c-w6fg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xb4c-rkr2-uyap
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/voila@0.3.0a0