Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-ste2-yppe-uqcd

Summary

UnoPim has Broken Access Control
In Unopim, it is possible to create roles and choose the privileges. However, users without the “Delete” privilege for Products cannot delete a single product via the standard endpoint (expected behavior), but can still delete products via the mass-delete endpoint, even when the request contains only one product ID.

Aliases

alias	CVE-2025-55741

alias	GHSA-8p2f-fx4q-75cx

Fixed_packages

url	pkg:composer/unopim/unopim@0.3.1
purl	pkg:composer/unopim/unopim@0.3.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/unopim/unopim@0.3.1

Affected_packages

url pkg:composer/unopim/unopim@0.1.0

purl pkg:composer/unopim/unopim@0.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3qrn-2p2j-tqhz

vulnerability	VCID-59jz-qr5e-hkg3

vulnerability	VCID-8hb7-jrnh-bbdy

vulnerability	VCID-b5s7-8hzz-8fbw

vulnerability	VCID-fr1t-d4fw-yqc5

vulnerability	VCID-pc3g-4akz-nbch

vulnerability	VCID-ste2-yppe-uqcd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/unopim/unopim@0.1.0

url pkg:composer/unopim/unopim@0.1.1

purl pkg:composer/unopim/unopim@0.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3qrn-2p2j-tqhz

vulnerability	VCID-59jz-qr5e-hkg3

vulnerability	VCID-8hb7-jrnh-bbdy

vulnerability	VCID-b5s7-8hzz-8fbw

vulnerability	VCID-fr1t-d4fw-yqc5

vulnerability	VCID-pc3g-4akz-nbch

vulnerability	VCID-ste2-yppe-uqcd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/unopim/unopim@0.1.1

url pkg:composer/unopim/unopim@0.1.2

purl pkg:composer/unopim/unopim@0.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3qrn-2p2j-tqhz

vulnerability	VCID-59jz-qr5e-hkg3

vulnerability	VCID-8hb7-jrnh-bbdy

vulnerability	VCID-b5s7-8hzz-8fbw

vulnerability	VCID-fr1t-d4fw-yqc5

vulnerability	VCID-pc3g-4akz-nbch

vulnerability	VCID-ste2-yppe-uqcd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/unopim/unopim@0.1.2

url pkg:composer/unopim/unopim@0.1.3

purl pkg:composer/unopim/unopim@0.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3qrn-2p2j-tqhz

vulnerability	VCID-59jz-qr5e-hkg3

vulnerability	VCID-8hb7-jrnh-bbdy

vulnerability	VCID-b5s7-8hzz-8fbw

vulnerability	VCID-fr1t-d4fw-yqc5

vulnerability	VCID-pc3g-4akz-nbch

vulnerability	VCID-ste2-yppe-uqcd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/unopim/unopim@0.1.3

url pkg:composer/unopim/unopim@0.1.4

purl pkg:composer/unopim/unopim@0.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3qrn-2p2j-tqhz

vulnerability	VCID-59jz-qr5e-hkg3

vulnerability	VCID-8hb7-jrnh-bbdy

vulnerability	VCID-b5s7-8hzz-8fbw

vulnerability	VCID-pc3g-4akz-nbch

vulnerability	VCID-ste2-yppe-uqcd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/unopim/unopim@0.1.4

url pkg:composer/unopim/unopim@0.1.5

purl pkg:composer/unopim/unopim@0.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-59jz-qr5e-hkg3

vulnerability	VCID-8hb7-jrnh-bbdy

vulnerability	VCID-b5s7-8hzz-8fbw

vulnerability	VCID-pc3g-4akz-nbch

vulnerability	VCID-ste2-yppe-uqcd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/unopim/unopim@0.1.5

url pkg:composer/unopim/unopim@0.1.6

purl pkg:composer/unopim/unopim@0.1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-59jz-qr5e-hkg3

vulnerability	VCID-8hb7-jrnh-bbdy

vulnerability	VCID-b5s7-8hzz-8fbw

vulnerability	VCID-pc3g-4akz-nbch

vulnerability	VCID-ste2-yppe-uqcd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/unopim/unopim@0.1.6

url pkg:composer/unopim/unopim@0.2.0

purl pkg:composer/unopim/unopim@0.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-59jz-qr5e-hkg3

vulnerability	VCID-8hb7-jrnh-bbdy

vulnerability	VCID-b5s7-8hzz-8fbw

vulnerability	VCID-pc3g-4akz-nbch

vulnerability	VCID-ste2-yppe-uqcd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/unopim/unopim@0.2.0

url pkg:composer/unopim/unopim@0.2.1

purl pkg:composer/unopim/unopim@0.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-59jz-qr5e-hkg3

vulnerability	VCID-ste2-yppe-uqcd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/unopim/unopim@0.2.1

url pkg:composer/unopim/unopim@0.3.0

purl pkg:composer/unopim/unopim@0.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-59jz-qr5e-hkg3

vulnerability	VCID-ste2-yppe-uqcd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/unopim/unopim@0.3.0

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-55741

reference_id

reference_type

scores

value	0.00094
scoring_system	epss
scoring_elements	0.26327
published_at	2026-06-06T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26282
published_at	2026-06-07T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26334
published_at	2026-06-05T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.2754
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-55741

reference_url

https://github.com/unopim/unopim

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/unopim/unopim

reference_url

https://github.com/unopim/unopim/commit/c14eebe653aafd8dc713ca729165177e63315989

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-22T16:24:44Z/

url

https://github.com/unopim/unopim/commit/c14eebe653aafd8dc713ca729165177e63315989

reference_url

https://github.com/unopim/unopim/commit/f49fa630afd36ff61c146b3e5bc7a0808667ca19

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/unopim/unopim/commit/f49fa630afd36ff61c146b3e5bc7a0808667ca19

reference_url

https://www.youtube.com/watch?v=J_WV8fCXlJM

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-22T16:24:44Z/

url

https://www.youtube.com/watch?v=J_WV8fCXlJM

reference_url

https://youtu.be/J_WV8fCXlJM

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://youtu.be/J_WV8fCXlJM

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-55741

reference_id

CVE-2025-55741

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-55741

reference_url	https://github.com/advisories/GHSA-8p2f-fx4q-75cx
reference_id	GHSA-8p2f-fx4q-75cx
reference_type
scores
url	https://github.com/advisories/GHSA-8p2f-fx4q-75cx

reference_url

https://github.com/unopim/unopim/security/advisories/GHSA-8p2f-fx4q-75cx

reference_id

GHSA-8p2f-fx4q-75cx

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-22T16:24:44Z/

url

https://github.com/unopim/unopim/security/advisories/GHSA-8p2f-fx4q-75cx

Weaknesses

cwe_id	862
name	Missing Authorization
description	The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	284
name	Improper Access Control
description	The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ste2-yppe-uqcd

Vulnerability Instance