Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/products-cmfplone@4.2rc1
Typepypi
Namespace
Nameproducts-cmfplone
Version4.2rc1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.3.3
Latest_non_vulnerable_version4.3.3
Affected_by_vulnerabilities
0
url VCID-n4nh-4rq4-r7hx
vulnerability_id VCID-n4nh-4rq4-r7hx
summary Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.
references
0
reference_url https://plone.org/security/20131210/path-leak
reference_id
reference_type
scores
url https://plone.org/security/20131210/path-leak
1
reference_url http://www.openwall.com/lists/oss-security/2013/12/10/15
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/12/10/15
2
reference_url http://www.openwall.com/lists/oss-security/2013/12/12/3
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/12/12/3
fixed_packages
0
url pkg:pypi/products-cmfplone@4.3.3
purl pkg:pypi/products-cmfplone@4.3.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfplone@4.3.3
aliases CVE-2013-7060, PYSEC-2014-65, PYSEC-2014-67
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n4nh-4rq4-r7hx
1
url VCID-w2mv-zekv-8fcv
vulnerability_id VCID-w2mv-zekv-8fcv
summary Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API.
references
0
reference_url https://plone.org/security/20131210/catalogue-exposure
reference_id
reference_type
scores
url https://plone.org/security/20131210/catalogue-exposure
1
reference_url http://www.openwall.com/lists/oss-security/2013/12/10/15
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/12/10/15
2
reference_url http://www.openwall.com/lists/oss-security/2013/12/12/3
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/12/12/3
fixed_packages
0
url pkg:pypi/products-cmfplone@4.3.3
purl pkg:pypi/products-cmfplone@4.3.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfplone@4.3.3
aliases CVE-2013-7061, PYSEC-2014-66, PYSEC-2014-68
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w2mv-zekv-8fcv
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfplone@4.2rc1