Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40redwoodjs/api@0.38.0
Typenpm
Namespace@redwoodjs
Nameapi
Version0.38.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.2.5
Latest_non_vulnerable_version3.3.1
Affected_by_vulnerabilities
0
url VCID-v4kp-pefq-tyed
vulnerability_id VCID-v4kp-pefq-tyed
summary Redwood is vulnerable to account takeover via dbAuth "forgot-password"
references
0
reference_url https://github.com/redwoodjs/redwood
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/redwoodjs/redwood
1
reference_url https://github.com/redwoodjs/redwood/issues/6343
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/redwoodjs/redwood/issues/6343
2
reference_url https://github.com/redwoodjs/redwood/pull/6778
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/redwoodjs/redwood/pull/6778
3
reference_url https://github.com/redwoodjs/redwood/releases/tag/v2.2.5
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/redwoodjs/redwood/releases/tag/v2.2.5
4
reference_url https://github.com/redwoodjs/redwood/releases/tag/v3.3.1
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/redwoodjs/redwood/releases/tag/v3.3.1
5
reference_url https://github.com/advisories/GHSA-3qmc-2r76-4rqp
reference_id GHSA-3qmc-2r76-4rqp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3qmc-2r76-4rqp
6
reference_url https://github.com/redwoodjs/redwood/security/advisories/GHSA-3qmc-2r76-4rqp
reference_id GHSA-3qmc-2r76-4rqp
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/redwoodjs/redwood/security/advisories/GHSA-3qmc-2r76-4rqp
fixed_packages
0
url pkg:npm/%40redwoodjs/api@2.2.5
purl pkg:npm/%40redwoodjs/api@2.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540redwoodjs/api@2.2.5
1
url pkg:npm/%40redwoodjs/api@3.3.1
purl pkg:npm/%40redwoodjs/api@3.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540redwoodjs/api@3.3.1
aliases GHSA-3qmc-2r76-4rqp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v4kp-pefq-tyed
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540redwoodjs/api@0.38.0