Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-6b83-e5m9-efhj

Summary OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval() function on array-like command parameters, which allows a user-supplied payload to execute in the browser when sending a command. This creates a self-XSS risk because an attacker can trigger their own script execution in the victim’s session, if allowed to influence the array parameter input, for example via phishing. If successful, an attacker may read or modify data in the authenticated browser context, including session tokens in local storage. This issue has been patched in version 7.0.0.

Aliases

alias	CVE-2026-42086

alias	GHSA-ffq5-qpvf-xq7x

alias	PYSEC-2026-105

Fixed_packages

url	pkg:pypi/openc3@7.0.0
purl	pkg:pypi/openc3@7.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@7.0.0

Affected_packages

url pkg:pypi/openc3@0.1.0

purl pkg:pypi/openc3@0.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

vulnerability	VCID-m4c7-smwp-dkdq

vulnerability	VCID-s699-9pwv-k3ek

vulnerability	VCID-yesy-u1x3-mugs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@0.1.0

url pkg:pypi/openc3@5.9.2b0

purl pkg:pypi/openc3@5.9.2b0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

vulnerability	VCID-m4c7-smwp-dkdq

vulnerability	VCID-s699-9pwv-k3ek

vulnerability	VCID-yesy-u1x3-mugs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.9.2b0

url pkg:pypi/openc3@5.10.0

purl pkg:pypi/openc3@5.10.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

vulnerability	VCID-m4c7-smwp-dkdq

vulnerability	VCID-s699-9pwv-k3ek

vulnerability	VCID-yesy-u1x3-mugs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.10.0

url pkg:pypi/openc3@5.10.1

purl pkg:pypi/openc3@5.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

vulnerability	VCID-m4c7-smwp-dkdq

vulnerability	VCID-s699-9pwv-k3ek

vulnerability	VCID-yesy-u1x3-mugs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.10.1

url pkg:pypi/openc3@5.11.0

purl pkg:pypi/openc3@5.11.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

vulnerability	VCID-m4c7-smwp-dkdq

vulnerability	VCID-s699-9pwv-k3ek

vulnerability	VCID-yesy-u1x3-mugs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.11.0

url pkg:pypi/openc3@5.11.1

purl pkg:pypi/openc3@5.11.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

vulnerability	VCID-m4c7-smwp-dkdq

vulnerability	VCID-s699-9pwv-k3ek

vulnerability	VCID-yesy-u1x3-mugs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.11.1

url pkg:pypi/openc3@5.11.2

purl pkg:pypi/openc3@5.11.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

vulnerability	VCID-m4c7-smwp-dkdq

vulnerability	VCID-s699-9pwv-k3ek

vulnerability	VCID-yesy-u1x3-mugs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.11.2

url pkg:pypi/openc3@5.11.3

purl pkg:pypi/openc3@5.11.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

vulnerability	VCID-m4c7-smwp-dkdq

vulnerability	VCID-s699-9pwv-k3ek

vulnerability	VCID-yesy-u1x3-mugs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.11.3

url pkg:pypi/openc3@5.12.0

purl pkg:pypi/openc3@5.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

vulnerability	VCID-m4c7-smwp-dkdq

vulnerability	VCID-s699-9pwv-k3ek

vulnerability	VCID-yesy-u1x3-mugs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.12.0

url pkg:pypi/openc3@5.13.0

purl pkg:pypi/openc3@5.13.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

vulnerability	VCID-m4c7-smwp-dkdq

vulnerability	VCID-s699-9pwv-k3ek

vulnerability	VCID-yesy-u1x3-mugs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.13.0

url pkg:pypi/openc3@5.14.0

purl pkg:pypi/openc3@5.14.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

vulnerability	VCID-m4c7-smwp-dkdq

vulnerability	VCID-s699-9pwv-k3ek

vulnerability	VCID-yesy-u1x3-mugs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.14.0

url pkg:pypi/openc3@5.14.1

purl pkg:pypi/openc3@5.14.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

vulnerability	VCID-m4c7-smwp-dkdq

vulnerability	VCID-s699-9pwv-k3ek

vulnerability	VCID-yesy-u1x3-mugs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.14.1

url pkg:pypi/openc3@5.14.2

purl pkg:pypi/openc3@5.14.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

vulnerability	VCID-m4c7-smwp-dkdq

vulnerability	VCID-s699-9pwv-k3ek

vulnerability	VCID-yesy-u1x3-mugs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.14.2

url pkg:pypi/openc3@5.15.0

purl pkg:pypi/openc3@5.15.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

vulnerability	VCID-m4c7-smwp-dkdq

vulnerability	VCID-s699-9pwv-k3ek

vulnerability	VCID-yesy-u1x3-mugs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.15.0

url pkg:pypi/openc3@5.15.1

purl pkg:pypi/openc3@5.15.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

vulnerability	VCID-m4c7-smwp-dkdq

vulnerability	VCID-s699-9pwv-k3ek

vulnerability	VCID-yesy-u1x3-mugs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.15.1

url pkg:pypi/openc3@5.15.2

purl pkg:pypi/openc3@5.15.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

vulnerability	VCID-m4c7-smwp-dkdq

vulnerability	VCID-s699-9pwv-k3ek

vulnerability	VCID-yesy-u1x3-mugs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.15.2

url pkg:pypi/openc3@5.16.0

purl pkg:pypi/openc3@5.16.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

vulnerability	VCID-m4c7-smwp-dkdq

vulnerability	VCID-s699-9pwv-k3ek

vulnerability	VCID-yesy-u1x3-mugs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.16.0

url pkg:pypi/openc3@5.16.1

purl pkg:pypi/openc3@5.16.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

vulnerability	VCID-m4c7-smwp-dkdq

vulnerability	VCID-s699-9pwv-k3ek

vulnerability	VCID-yesy-u1x3-mugs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.16.1

url pkg:pypi/openc3@5.16.2

purl pkg:pypi/openc3@5.16.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

vulnerability	VCID-m4c7-smwp-dkdq

vulnerability	VCID-s699-9pwv-k3ek

vulnerability	VCID-yesy-u1x3-mugs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.16.2

url pkg:pypi/openc3@5.17.0

purl pkg:pypi/openc3@5.17.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

vulnerability	VCID-m4c7-smwp-dkdq

vulnerability	VCID-s699-9pwv-k3ek

vulnerability	VCID-yesy-u1x3-mugs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.17.0

url pkg:pypi/openc3@5.17.1

purl pkg:pypi/openc3@5.17.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

vulnerability	VCID-m4c7-smwp-dkdq

vulnerability	VCID-s699-9pwv-k3ek

vulnerability	VCID-yesy-u1x3-mugs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.17.1

url pkg:pypi/openc3@5.18.0

purl pkg:pypi/openc3@5.18.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

vulnerability	VCID-m4c7-smwp-dkdq

vulnerability	VCID-s699-9pwv-k3ek

vulnerability	VCID-yesy-u1x3-mugs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.18.0

url pkg:pypi/openc3@5.19.0

purl pkg:pypi/openc3@5.19.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.19.0

url pkg:pypi/openc3@5.20.0

purl pkg:pypi/openc3@5.20.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.20.0

url pkg:pypi/openc3@6.0.0

purl pkg:pypi/openc3@6.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.0.0

url pkg:pypi/openc3@6.0.1

purl pkg:pypi/openc3@6.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.0.1

url pkg:pypi/openc3@6.0.2

purl pkg:pypi/openc3@6.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.0.2

url pkg:pypi/openc3@6.1.0

purl pkg:pypi/openc3@6.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.1.0

url pkg:pypi/openc3@6.2.0

purl pkg:pypi/openc3@6.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.2.0

url pkg:pypi/openc3@6.2.1

purl pkg:pypi/openc3@6.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.2.1

url pkg:pypi/openc3@6.3.0

purl pkg:pypi/openc3@6.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.3.0

url pkg:pypi/openc3@6.4.0

purl pkg:pypi/openc3@6.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.4.0

url pkg:pypi/openc3@6.4.1

purl pkg:pypi/openc3@6.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.4.1

url pkg:pypi/openc3@6.4.2

purl pkg:pypi/openc3@6.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.4.2

url pkg:pypi/openc3@6.5.0

purl pkg:pypi/openc3@6.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.5.0

url pkg:pypi/openc3@6.5.1

purl pkg:pypi/openc3@6.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.5.1

url pkg:pypi/openc3@6.6.0

purl pkg:pypi/openc3@6.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.6.0

url pkg:pypi/openc3@6.7.0

purl pkg:pypi/openc3@6.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.7.0

url pkg:pypi/openc3@6.8.0

purl pkg:pypi/openc3@6.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.8.0

url pkg:pypi/openc3@6.8.1

purl pkg:pypi/openc3@6.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.8.1

url pkg:pypi/openc3@6.9.0

purl pkg:pypi/openc3@6.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.9.0

url pkg:pypi/openc3@6.9.1

purl pkg:pypi/openc3@6.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.9.1

url pkg:pypi/openc3@6.9.2

purl pkg:pypi/openc3@6.9.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.9.2

url pkg:pypi/openc3@6.10.0

purl pkg:pypi/openc3@6.10.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.10.0

url pkg:pypi/openc3@6.10.1

purl pkg:pypi/openc3@6.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.10.1

url pkg:pypi/openc3@6.10.2

purl pkg:pypi/openc3@6.10.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.10.2

url pkg:pypi/openc3@6.10.3

purl pkg:pypi/openc3@6.10.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.10.3

url pkg:pypi/openc3@6.10.4

purl pkg:pypi/openc3@6.10.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.10.4

url pkg:pypi/openc3@6.10.5

purl pkg:pypi/openc3@6.10.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.10.5

url pkg:pypi/openc3@6.10.6

purl pkg:pypi/openc3@6.10.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@6.10.6

url pkg:pypi/openc3@7.0.0rc2

purl pkg:pypi/openc3@7.0.0rc2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@7.0.0rc2

url pkg:pypi/openc3@7.0.0rc3

purl pkg:pypi/openc3@7.0.0rc3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6b83-e5m9-efhj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@7.0.0rc3

References

reference_url

https://github.com/OpenC3/cosmos/security/advisories/GHSA-ffq5-qpvf-xq7x

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

url

https://github.com/OpenC3/cosmos/security/advisories/GHSA-ffq5-qpvf-xq7x

Weaknesses

Exploits

Severity_range_score 4.6 - 4.6

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6b83-e5m9-efhj

Vulnerability Instance