Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40rspack/core@0.5.0-canary-ee0ed24-20240116035955
Typenpm
Namespace@rspack
Namecore
Version0.5.0-canary-ee0ed24-20240116035955
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.0.0-rc.1
Latest_non_vulnerable_version1.0.0-rc.1
Affected_by_vulnerabilities
0
url VCID-zknv-cxez-nfhq
vulnerability_id VCID-zknv-cxez-nfhq
summary 
DOM Clobbering Gadget found in Rspack's AutoPublicPathRuntimeModule that leads to XSS
We discovered a DOM Clobbering vulnerability in Webpack’s AutoPublicPathRuntimeModule. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an img tag with an unsanitized name attribute) are present.

We found the real-world exploitation of this gadget in the Canvas LMS which allows XSS attack happens through an javascript code compiled by Webpack (the vulnerable part is from Webpack). We believe this is a severe issue. If Webpack’s code is not resilient to DOM Clobbering attacks, it could lead to significant security vulnerabilities in any web application using Webpack-compiled code.
references
0
reference_url https://github.com/web-infra-dev/rspack
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/web-infra-dev/rspack
1
reference_url https://github.com/web-infra-dev/rspack/commit/0303c68bd76da258c9fd483936d3a00b9761aad0
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/web-infra-dev/rspack/commit/0303c68bd76da258c9fd483936d3a00b9761aad0
2
reference_url https://github.com/advisories/GHSA-84jw-g43v-8gjm
reference_id GHSA-84jw-g43v-8gjm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-84jw-g43v-8gjm
3
reference_url https://github.com/web-infra-dev/rspack/security/advisories/GHSA-84jw-g43v-8gjm
reference_id GHSA-84jw-g43v-8gjm
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/web-infra-dev/rspack/security/advisories/GHSA-84jw-g43v-8gjm
fixed_packages
0
url pkg:npm/%40rspack/core@1.0.0-rc.1
purl pkg:npm/%40rspack/core@1.0.0-rc.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540rspack/core@1.0.0-rc.1
aliases GHSA-84jw-g43v-8gjm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zknv-cxez-nfhq
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540rspack/core@0.5.0-canary-ee0ed24-20240116035955