Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/drupal7@7.74-r0?arch=aarch64&distroversion=v3.15&reponame=community

Type apk

Namespace alpine

Name drupal7

Version 7.74-r0

Qualifiers

arch	aarch64
distroversion	v3.15
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version 7.75-r0

Latest_non_vulnerable_version 7.91-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-6m8x-cfzp-tkf4

vulnerability_id VCID-6m8x-cfzp-tkf4

summary

Drupal core Unrestricted Upload of File with Dangerous Type
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13671

reference_id

reference_type

scores

value	0.04504
scoring_system	epss
scoring_elements	0.89078
published_at	2026-04-01T12:55:00Z

value	0.04504
scoring_system	epss
scoring_elements	0.89145
published_at	2026-04-18T12:55:00Z

value	0.04504
scoring_system	epss
scoring_elements	0.89133
published_at	2026-04-13T12:55:00Z

value	0.04504
scoring_system	epss
scoring_elements	0.89135
published_at	2026-04-12T12:55:00Z

value	0.04504
scoring_system	epss
scoring_elements	0.89138
published_at	2026-04-11T12:55:00Z

value	0.04504
scoring_system	epss
scoring_elements	0.89127
published_at	2026-04-09T12:55:00Z

value	0.04504
scoring_system	epss
scoring_elements	0.89122
published_at	2026-04-08T12:55:00Z

value	0.04504
scoring_system	epss
scoring_elements	0.89102
published_at	2026-04-04T12:55:00Z

value	0.04504
scoring_system	epss
scoring_elements	0.89087
published_at	2026-04-02T12:55:00Z

value	0.04504
scoring_system	epss
scoring_elements	0.89105
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13671

reference_url

https://github.com/drupal/core

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671

reference_url

https://www.drupal.org/sa-core-2020-012

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/

url

https://www.drupal.org/sa-core-2020-012

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/

reference_id

5KSFM672XW3X6BR7TVKRD63SLZGKK437

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-13671

reference_id

CVE-2020-13671

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13671

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml

reference_id

CVE-2020-13671.YAML

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml

reference_id

CVE-2020-13671.YAML

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml

reference_url

https://github.com/advisories/GHSA-68jc-v27h-vhmw

reference_id

GHSA-68jc-v27h-vhmw

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-68jc-v27h-vhmw

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/

reference_id

KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/

reference_url	https://usn.ubuntu.com/6981-1/
reference_id	USN-6981-1
reference_type
scores
url	https://usn.ubuntu.com/6981-1/

reference_url	https://usn.ubuntu.com/6981-2/
reference_id	USN-6981-2
reference_type
scores
url	https://usn.ubuntu.com/6981-2/

fixed_packages

url	pkg:apk/alpine/drupal7@7.74-r0?arch=aarch64&distroversion=v3.15&reponame=community
purl	pkg:apk/alpine/drupal7@7.74-r0?arch=aarch64&distroversion=v3.15&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/drupal7@7.74-r0%3Farch=aarch64&distroversion=v3.15&reponame=community

aliases CVE-2020-13671, GHSA-68jc-v27h-vhmw

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6m8x-cfzp-tkf4

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/drupal7@7.74-r0%3Farch=aarch64&distroversion=v3.15&reponame=community

Package Instance