Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/75203?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75203?format=api", "vulnerability_id": "VCID-zw3g-cktf-x3ft", "summary": "FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, checkIpByMask() in app/Misc/Helper.php checks whether the input IP contains a / character. Plain IP addresses never contain /, so the function always returns false without checking any CIDR ranges. The entire 10.0.0.0/8 and 172.16.0.0/12 private ranges are unprotected. This issue has been patched in version 1.8.211.", "aliases": [ { "alias": "CVE-2026-34443" } ], "fixed_packages": [], "affected_packages": [], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34443", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18164", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18139", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18147", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17989", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34443" }, { "reference_url": "https://github.com/freescout-help-desk/freescout/releases/tag/1.8.211", "reference_id": "1.8.211", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-01T18:54:33Z/" } ], "url": "https://github.com/freescout-help-desk/freescout/releases/tag/1.8.211" }, { "reference_url": "https://github.com/freescout-help-desk/freescout/commit/ca6d5bb572d3e8f52a0e654a8623a53cb0fdd580", "reference_id": "ca6d5bb572d3e8f52a0e654a8623a53cb0fdd580", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-01T18:54:33Z/" } ], "url": "https://github.com/freescout-help-desk/freescout/commit/ca6d5bb572d3e8f52a0e654a8623a53cb0fdd580" }, { "reference_url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-c9v3-4c59-x5q2", "reference_id": "GHSA-c9v3-4c59-x5q2", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-01T18:54:33Z/" } ], "url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-c9v3-4c59-x5q2" } ], "weaknesses": [ { "cwe_id": 918, "name": "Server-Side Request Forgery (SSRF)", "description": "The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination." } ], "exploits": [], "severity_range_score": "6.9 - 6.9", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zw3g-cktf-x3ft" }