Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-abws-hvpw-myfy
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Subrion 4.2.1 has a remote command execution vulnerability in the backend.
Aliases
0
alias CVE-2023-46947
1
alias GHSA-2x28-c7j7-23gv
Fixed_packages
Affected_packages
0
url pkg:composer/intelliants/subrion@4.2.1
purl pkg:composer/intelliants/subrion@4.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3bwe-5b6b-a7e2
1
vulnerability VCID-3h1n-dvmt-5qhz
2
vulnerability VCID-3hbd-spm4-2kaz
3
vulnerability VCID-44kx-4nnh-4bdf
4
vulnerability VCID-51fa-htgd-pkd7
5
vulnerability VCID-7yej-24pb-d3dm
6
vulnerability VCID-8g7b-wfgz-77f1
7
vulnerability VCID-8gvw-wym4-qufa
8
vulnerability VCID-8n55-g9s6-5qbz
9
vulnerability VCID-94z6-as1s-pkem
10
vulnerability VCID-9fac-c1gc-jbft
11
vulnerability VCID-9hkc-qw4n-t7at
12
vulnerability VCID-abws-hvpw-myfy
13
vulnerability VCID-by36-7n26-g7cc
14
vulnerability VCID-cjhs-mtaa-7kdb
15
vulnerability VCID-dj4m-68tg-vub2
16
vulnerability VCID-ekj6-hqpd-5ybq
17
vulnerability VCID-f7sw-fp56-hudc
18
vulnerability VCID-fc5n-dcez-93fn
19
vulnerability VCID-gmvv-sz8z-ebgp
20
vulnerability VCID-hay9-1wuc-s3b1
21
vulnerability VCID-j2eh-myxv-abbm
22
vulnerability VCID-j8ge-mhfk-ebd9
23
vulnerability VCID-jqzh-mw8h-23bv
24
vulnerability VCID-ng2d-pg2s-2fac
25
vulnerability VCID-ngpm-xvdu-sybs
26
vulnerability VCID-q9uf-qqfn-n7gr
27
vulnerability VCID-qwxk-wzqe-7kdp
28
vulnerability VCID-r136-w6fm-t7fc
29
vulnerability VCID-s1ez-jft2-tydn
30
vulnerability VCID-sc65-ev58-2bbk
31
vulnerability VCID-sqbf-5a82-yucu
32
vulnerability VCID-vzeg-42da-euej
33
vulnerability VCID-ydhn-xpam-jqgm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.1
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46947
reference_id
reference_type
scores
0
value 0.01861
scoring_system epss
scoring_elements 0.83383
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46947
1
reference_url https://github.com/intelliants/subrion/issues/909
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-06T16:02:20Z/
url https://github.com/intelliants/subrion/issues/909
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46947
reference_id CVE-2023-46947
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46947
3
reference_url https://github.com/advisories/GHSA-2x28-c7j7-23gv
reference_id GHSA-2x28-c7j7-23gv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2x28-c7j7-23gv
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 94
name Improper Control of Generation of Code ('Code Injection')
description The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity0.0
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-abws-hvpw-myfy