Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/safemode@1.3.3
Typegem
Namespace
Namesafemode
Version1.3.3
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.3.4
Latest_non_vulnerable_version1.3.4
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-96hp-qxsu-rqa2
vulnerability_id VCID-96hp-qxsu-rqa2
summary 
High severity vulnerability that affects safemode
Withdrawn, accidental duplicate publish.

The safemode rubygem, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation.
references
0
reference_url https://github.com/advisories/GHSA-8474-rc7c-wrhp
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-8474-rc7c-wrhp
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7540
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7540
fixed_packages
0
url pkg:gem/safemode@1.3.3
purl pkg:gem/safemode@1.3.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/safemode@1.3.3
aliases GHSA-8474-rc7c-wrhp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-96hp-qxsu-rqa2
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/safemode@1.3.3