Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/roundcube@0.1.1-9?distro=trixie

Type deb

Namespace debian

Name roundcube

Version 0.1.1-9

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 0.1.1-10

Latest_non_vulnerable_version 1.6.15+dfsg-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-n13m-y4ks-euep

vulnerability_id VCID-n13m-y4ks-euep

summary

Improper Control of Generation of Code ('Code Injection')
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch.

references

reference_url

http://mahara.org/interaction/forum/topic.php?id=533

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://mahara.org/interaction/forum/topic.php?id=533

reference_url

http://osvdb.org/53893

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://osvdb.org/53893

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5619.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5619.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-5619

reference_id

reference_type

scores

value	0.77692
scoring_system	epss
scoring_elements	0.98995
published_at	2026-04-16T12:55:00Z

value	0.77692
scoring_system	epss
scoring_elements	0.98994
published_at	2026-04-12T12:55:00Z

value	0.77692
scoring_system	epss
scoring_elements	0.98993
published_at	2026-04-11T12:55:00Z

value	0.77692
scoring_system	epss
scoring_elements	0.98991
published_at	2026-04-09T12:55:00Z

value	0.77692
scoring_system	epss
scoring_elements	0.98992
published_at	2026-04-08T12:55:00Z

value	0.77692
scoring_system	epss
scoring_elements	0.9899
published_at	2026-04-07T12:55:00Z

value	0.77692
scoring_system	epss
scoring_elements	0.98988
published_at	2026-04-04T12:55:00Z

value	0.77692
scoring_system	epss
scoring_elements	0.98986
published_at	2026-04-02T12:55:00Z

value	0.77692
scoring_system	epss
scoring_elements	0.98997
published_at	2026-04-21T12:55:00Z

value	0.77692
scoring_system	epss
scoring_elements	0.98984
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-5619

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5619
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5619

reference_url	http://secunia.com/advisories/33145
reference_id
reference_type
scores
url	http://secunia.com/advisories/33145

reference_url	http://secunia.com/advisories/33170
reference_id
reference_type
scores
url	http://secunia.com/advisories/33170

reference_url	http://secunia.com/advisories/34789
reference_id
reference_type
scores
url	http://secunia.com/advisories/34789

reference_url

https://github.com/PHPMailer/PHPMailer

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/PHPMailer/PHPMailer

reference_url

https://github.com/PHPMailer/PHPMailer/commit/8beacc646acb67c995aea10ac5585970efc7355a

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/PHPMailer/PHPMailer/commit/8beacc646acb67c995aea10ac5585970efc7355a

reference_url

http://sourceforge.net/forum/forum.php?forum_id=898542

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://sourceforge.net/forum/forum.php?forum_id=898542

reference_url

https://www.exploit-db.com/exploits/7549

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/7549

reference_url

https://www.exploit-db.com/exploits/7553

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/7553

reference_url

https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00783.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00783.html

reference_url

https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00802.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00802.html

reference_url

http://trac.roundcube.net/changeset/2148

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://trac.roundcube.net/changeset/2148

reference_url

http://trac.roundcube.net/ticket/1485618

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://trac.roundcube.net/ticket/1485618

reference_url

http://www.openwall.com/lists/oss-security/2008/12/12/1

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2008/12/12/1

reference_url	http://www.securityfocus.com/archive/1/499489/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/499489/100/0/threaded

reference_url	http://www.vupen.com/english/advisories/2008/3418
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2008/3418

reference_url	http://www.vupen.com/english/advisories/2008/3419
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2008/3419

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=476223
reference_id	476223
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=476223

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508628
reference_id	508628
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508628

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:0.2.1:alpha::::::
reference_id	cpe:2.3:a:roundcube:webmail:0.2.1:alpha::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:0.2.1:alpha::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:0.2.3:beta::::::
reference_id	cpe:2.3:a:roundcube:webmail:0.2.3:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:0.2.3:beta::::::

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/7549.txt
reference_id	CVE-2008-5619
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/7549.txt

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/7553.sh
reference_id	CVE-2008-5619
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/7553.sh

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2008-5619

reference_id

CVE-2008-5619

reference_type

scores

value	10.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:C/I:C/A:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2008-5619

reference_url

https://github.com/advisories/GHSA-v5c9-mmw9-829q

reference_id

GHSA-v5c9-mmw9-829q

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v5c9-mmw9-829q

reference_url	https://usn.ubuntu.com/791-1/
reference_id	USN-791-1
reference_type
scores
url	https://usn.ubuntu.com/791-1/

fixed_packages

url	pkg:deb/debian/roundcube@0.1.1-9?distro=trixie
purl	pkg:deb/debian/roundcube@0.1.1-9?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@0.1.1-9%3Fdistro=trixie

url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie

purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rdb5-bbvn-7fcq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4%3Fdistro=trixie

url	pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
purl	pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6%3Fdistro=trixie

url	pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.13%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.15%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2008-5619, GHSA-v5c9-mmw9-829q

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n13m-y4ks-euep

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@0.1.1-9%3Fdistro=trixie

Package Instance