Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-vn3n-jmc8-57h3
SummaryIn DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the significance of this report because the "Uncontrolled data used in path expression" occurs "in a development helper script which starts a local web server if needed and must be manually started."
Aliases
0
alias CVE-2025-48050
Fixed_packages
0
url pkg:deb/debian/node-dompurify@3.3.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/node-dompurify@3.3.2%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-dompurify@3.3.2%252Bdfsg-1%3Fdistro=trixie
1
url pkg:deb/debian/node-dompurify@3.3.3%2Bdfsg-2
purl pkg:deb/debian/node-dompurify@3.3.3%2Bdfsg-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68r6-dfzr-jyhh
1
vulnerability VCID-8y7q-v1h7-b7hd
2
vulnerability VCID-t7hs-8fpg-jqdw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-dompurify@3.3.3%252Bdfsg-2
2
url pkg:deb/debian/node-dompurify@3.3.3%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/node-dompurify@3.3.3%2Bdfsg-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68r6-dfzr-jyhh
1
vulnerability VCID-8y7q-v1h7-b7hd
2
vulnerability VCID-t7hs-8fpg-jqdw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-dompurify@3.3.3%252Bdfsg-2%3Fdistro=trixie
3
url pkg:deb/debian/node-dompurify@3.4.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/node-dompurify@3.4.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-dompurify@3.4.1%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/node-dompurify@3.4.1%2Bdfsg-1
purl pkg:deb/debian/node-dompurify@3.4.1%2Bdfsg-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-dompurify@3.4.1%252Bdfsg-1
Affected_packages
0
url pkg:deb/debian/node-dompurify@2.4.1%2Bdfsg%2B~2.4.0-2%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/node-dompurify@2.4.1%2Bdfsg%2B~2.4.0-2%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68r6-dfzr-jyhh
1
vulnerability VCID-8y7q-v1h7-b7hd
2
vulnerability VCID-mv6v-re2k-g3gn
3
vulnerability VCID-ps3s-bymy-dkbc
4
vulnerability VCID-t7hs-8fpg-jqdw
5
vulnerability VCID-vn3n-jmc8-57h3
6
vulnerability VCID-vzq7-t235-ukd5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-dompurify@2.4.1%252Bdfsg%252B~2.4.0-2%252Bdeb12u1%3Fdistro=trixie
1
url pkg:deb/debian/node-dompurify@2.4.1%2Bdfsg%2B~2.4.0-2%2Bdeb12u1
purl pkg:deb/debian/node-dompurify@2.4.1%2Bdfsg%2B~2.4.0-2%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68r6-dfzr-jyhh
1
vulnerability VCID-8y7q-v1h7-b7hd
2
vulnerability VCID-mv6v-re2k-g3gn
3
vulnerability VCID-ps3s-bymy-dkbc
4
vulnerability VCID-t7hs-8fpg-jqdw
5
vulnerability VCID-vn3n-jmc8-57h3
6
vulnerability VCID-vzq7-t235-ukd5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-dompurify@2.4.1%252Bdfsg%252B~2.4.0-2%252Bdeb12u1
2
url pkg:deb/debian/node-dompurify@3.1.7%2Bdfsg%2B~3.0.5-2?distro=trixie
purl pkg:deb/debian/node-dompurify@3.1.7%2Bdfsg%2B~3.0.5-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68r6-dfzr-jyhh
1
vulnerability VCID-8y7q-v1h7-b7hd
2
vulnerability VCID-mv6v-re2k-g3gn
3
vulnerability VCID-ps3s-bymy-dkbc
4
vulnerability VCID-t7hs-8fpg-jqdw
5
vulnerability VCID-vn3n-jmc8-57h3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-dompurify@3.1.7%252Bdfsg%252B~3.0.5-2%3Fdistro=trixie
3
url pkg:deb/debian/node-dompurify@3.1.7%2Bdfsg%2B~3.0.5-2
purl pkg:deb/debian/node-dompurify@3.1.7%2Bdfsg%2B~3.0.5-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68r6-dfzr-jyhh
1
vulnerability VCID-8y7q-v1h7-b7hd
2
vulnerability VCID-mv6v-re2k-g3gn
3
vulnerability VCID-ps3s-bymy-dkbc
4
vulnerability VCID-t7hs-8fpg-jqdw
5
vulnerability VCID-vn3n-jmc8-57h3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-dompurify@3.1.7%252Bdfsg%252B~3.0.5-2
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-48050
reference_id
reference_type
scores
0
value 0.00392
scoring_system epss
scoring_elements 0.6022
published_at 2026-04-29T12:55:00Z
1
value 0.00392
scoring_system epss
scoring_elements 0.60229
published_at 2026-04-12T12:55:00Z
2
value 0.00392
scoring_system epss
scoring_elements 0.60212
published_at 2026-04-13T12:55:00Z
3
value 0.00392
scoring_system epss
scoring_elements 0.60251
published_at 2026-04-16T12:55:00Z
4
value 0.00392
scoring_system epss
scoring_elements 0.60258
published_at 2026-04-18T12:55:00Z
5
value 0.00392
scoring_system epss
scoring_elements 0.60246
published_at 2026-04-21T12:55:00Z
6
value 0.00392
scoring_system epss
scoring_elements 0.60216
published_at 2026-04-24T12:55:00Z
7
value 0.00392
scoring_system epss
scoring_elements 0.60232
published_at 2026-04-26T12:55:00Z
8
value 0.00392
scoring_system epss
scoring_elements 0.60163
published_at 2026-04-02T12:55:00Z
9
value 0.00392
scoring_system epss
scoring_elements 0.60188
published_at 2026-04-04T12:55:00Z
10
value 0.00392
scoring_system epss
scoring_elements 0.60157
published_at 2026-04-07T12:55:00Z
11
value 0.00392
scoring_system epss
scoring_elements 0.60207
published_at 2026-04-08T12:55:00Z
12
value 0.00392
scoring_system epss
scoring_elements 0.60221
published_at 2026-04-09T12:55:00Z
13
value 0.00392
scoring_system epss
scoring_elements 0.60243
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-48050
1
reference_url https://github.com/cure53/DOMPurify/pull/1101
reference_id 1101
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T19:14:45Z/
url https://github.com/cure53/DOMPurify/pull/1101
2
reference_url https://github.com/cure53/DOMPurify/commit/6bc6d60e49256f27a4022181b7d8a5b0721fd534
reference_id 6bc6d60e49256f27a4022181b7d8a5b0721fd534
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T19:14:45Z/
url https://github.com/cure53/DOMPurify/commit/6bc6d60e49256f27a4022181b7d8a5b0721fd534
3
reference_url https://security.snyk.io/vuln/SNYK-JS-DOMPURIFY-10176060
reference_id SNYK-JS-DOMPURIFY-10176060
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T19:14:45Z/
url https://security.snyk.io/vuln/SNYK-JS-DOMPURIFY-10176060
4
reference_url https://github.com/odaysec/advisory/blob/main/cure53/DOMPurify/writeup.md
reference_id writeup.md
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T19:14:45Z/
url https://github.com/odaysec/advisory/blob/main/cure53/DOMPurify/writeup.md
Weaknesses
0
cwe_id 24
name Path Traversal: '../filedir'
description The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ../ sequences that can resolve to a location that is outside of that directory.
Exploits
Severity_range_score7.5 - 7.5
Exploitability0.5
Weighted_severity6.8
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-vn3n-jmc8-57h3