Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/otrs2@6.0.16-1?distro=bullseye

Type deb

Namespace debian

Name otrs2

Version 6.0.16-1

Qualifiers

distro	bullseye

Subpath

Is_vulnerable false

Next_non_vulnerable_version 6.0.17-1

Latest_non_vulnerable_version 6.0.32-6

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-e7ak-45qz-cfa9

vulnerability_id VCID-e7ak-45qz-cfa9

summary An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-9752

reference_id

reference_type

scores

value	0.00589
scoring_system	epss
scoring_elements	0.69178
published_at	2026-04-21T12:55:00Z

value	0.00589
scoring_system	epss
scoring_elements	0.69198
published_at	2026-04-18T12:55:00Z

value	0.00589
scoring_system	epss
scoring_elements	0.69085
published_at	2026-04-01T12:55:00Z

value	0.00589
scoring_system	epss
scoring_elements	0.69101
published_at	2026-04-02T12:55:00Z

value	0.00589
scoring_system	epss
scoring_elements	0.69122
published_at	2026-04-04T12:55:00Z

value	0.00589
scoring_system	epss
scoring_elements	0.69104
published_at	2026-04-07T12:55:00Z

value	0.00589
scoring_system	epss
scoring_elements	0.69153
published_at	2026-04-08T12:55:00Z

value	0.00589
scoring_system	epss
scoring_elements	0.69173
published_at	2026-04-09T12:55:00Z

value	0.00589
scoring_system	epss
scoring_elements	0.69194
published_at	2026-04-11T12:55:00Z

value	0.00589
scoring_system	epss
scoring_elements	0.69179
published_at	2026-04-12T12:55:00Z

value	0.00589
scoring_system	epss
scoring_elements	0.6915
published_at	2026-04-13T12:55:00Z

value	0.00589
scoring_system	epss
scoring_elements	0.6919
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-9752

reference_url	https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework
reference_id
reference_type
scores
url	https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9752
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9752

reference_url	https://lists.debian.org/debian-lts-announce/2019/03/msg00023.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/03/msg00023.html

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::
reference_id	cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp2::::::
reference_id	cpe:2.3:a:opensuse:backports_sle:15.0:sp2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs::::::::
reference_id	cpe:2.3:a:otrs:otrs::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.2:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.2:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-9752

reference_id

CVE-2019-9752

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-9752

fixed_packages

url	pkg:deb/debian/otrs2@6.0.16-1?distro=bullseye
purl	pkg:deb/debian/otrs2@6.0.16-1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/otrs2@6.0.16-1%3Fdistro=bullseye

url	pkg:deb/debian/otrs2@6.0.32-6?distro=bullseye
purl	pkg:deb/debian/otrs2@6.0.32-6?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/otrs2@6.0.32-6%3Fdistro=bullseye

aliases CVE-2019-9752

risk_score 2.5

exploitability 0.5

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e7ak-45qz-cfa9

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/otrs2@6.0.16-1%3Fdistro=bullseye

Package Instance