Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-vqnt-uyex-87fn

Summary Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed. This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.

Aliases

alias	CVE-2025-4748

Fixed_packages

url	pkg:alpm/archlinux/erlang@28.0.1-1
purl	pkg:alpm/archlinux/erlang@28.0.1-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/erlang@28.0.1-1

url pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-28fj-t5hy-x3gn

vulnerability	VCID-gcn7-ak4r-eba3

vulnerability	VCID-h1k4-x8vr-5bch

vulnerability	VCID-j7t3-nrjj-pfgp

vulnerability	VCID-s9qn-9qdm-j7ej

vulnerability	VCID-w9yj-xg82-kyac

vulnerability	VCID-wwcj-hwqc-f3g7

vulnerability	VCID-xcks-117s-v3dd

vulnerability	VCID-z6gs-aq96-gkaw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u3?distro=trixie
purl	pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u2?distro=trixie
purl	pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u3

purl pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1283-nvxm-r7cw

vulnerability	VCID-28fj-t5hy-x3gn

vulnerability	VCID-c3vm-u9jn-83cs

vulnerability	VCID-gcn7-ak4r-eba3

vulnerability	VCID-h1k4-x8vr-5bch

vulnerability	VCID-j7t3-nrjj-pfgp

vulnerability	VCID-jxzt-8wru-6yhk

vulnerability	VCID-s9qn-9qdm-j7ej

vulnerability	VCID-w9yj-xg82-kyac

vulnerability	VCID-wwcj-hwqc-f3g7

vulnerability	VCID-xcks-117s-v3dd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u3

url pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u3?distro=trixie

purl pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1283-nvxm-r7cw

vulnerability	VCID-28fj-t5hy-x3gn

vulnerability	VCID-c3vm-u9jn-83cs

vulnerability	VCID-gcn7-ak4r-eba3

vulnerability	VCID-h1k4-x8vr-5bch

vulnerability	VCID-j7t3-nrjj-pfgp

vulnerability	VCID-jxzt-8wru-6yhk

vulnerability	VCID-s9qn-9qdm-j7ej

vulnerability	VCID-w9yj-xg82-kyac

vulnerability	VCID-wwcj-hwqc-f3g7

vulnerability	VCID-xcks-117s-v3dd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u3%3Fdistro=trixie

url	pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gcn7-ak4r-eba3

vulnerability	VCID-h1k4-x8vr-5bch

vulnerability	VCID-j7t3-nrjj-pfgp

vulnerability	VCID-s9qn-9qdm-j7ej

vulnerability	VCID-w9yj-xg82-kyac

vulnerability	VCID-wwcj-hwqc-f3g7

vulnerability	VCID-zegc-rj1x-ryau

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/erlang@1:27.3.4.9%2Bdfsg-1?distro=trixie

purl pkg:deb/debian/erlang@1:27.3.4.9%2Bdfsg-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gcn7-ak4r-eba3

vulnerability	VCID-j7t3-nrjj-pfgp

vulnerability	VCID-zegc-rj1x-ryau

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.9%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.10%252Bdfsg-1%3Fdistro=trixie

Affected_packages

url pkg:alpm/archlinux/erlang@28.0-2

purl pkg:alpm/archlinux/erlang@28.0-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vqnt-uyex-87fn

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/erlang@28.0-2

url pkg:deb/debian/erlang@49.1-10.1

purl pkg:deb/debian/erlang@49.1-10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1283-nvxm-r7cw

vulnerability	VCID-1ge1-3e4a-ebfq

vulnerability	VCID-5qc5-5xds-bqa9

vulnerability	VCID-86hm-g3m9-tkft

vulnerability	VCID-9nt8-a7kg-kfcz

vulnerability	VCID-c3vm-u9jn-83cs

vulnerability	VCID-c453-7khw-mub2

vulnerability	VCID-e1yx-dxa6-1bba

vulnerability	VCID-h11x-uyd8-2bd9

vulnerability	VCID-jg37-ud9r-d3h7

vulnerability	VCID-jxzt-8wru-6yhk

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-nqfj-97y5-suar

vulnerability	VCID-tbwg-7hga-cybn

vulnerability	VCID-tnt7-d764-13cq

vulnerability	VCID-udvu-fbdt-uygy

vulnerability	VCID-uj9j-t27c-j3c1

vulnerability	VCID-vqnt-uyex-87fn

vulnerability	VCID-xap5-djda-2uem

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@49.1-10.1

url pkg:deb/debian/erlang@1:11.b.2-4

purl pkg:deb/debian/erlang@1:11.b.2-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1283-nvxm-r7cw

vulnerability	VCID-1ge1-3e4a-ebfq

vulnerability	VCID-5qc5-5xds-bqa9

vulnerability	VCID-86hm-g3m9-tkft

vulnerability	VCID-9nt8-a7kg-kfcz

vulnerability	VCID-c3vm-u9jn-83cs

vulnerability	VCID-c453-7khw-mub2

vulnerability	VCID-e1yx-dxa6-1bba

vulnerability	VCID-h11x-uyd8-2bd9

vulnerability	VCID-jg37-ud9r-d3h7

vulnerability	VCID-jxzt-8wru-6yhk

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-nqfj-97y5-suar

vulnerability	VCID-tbwg-7hga-cybn

vulnerability	VCID-tnt7-d764-13cq

vulnerability	VCID-udvu-fbdt-uygy

vulnerability	VCID-uj9j-t27c-j3c1

vulnerability	VCID-vqnt-uyex-87fn

vulnerability	VCID-xap5-djda-2uem

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:11.b.2-4

url pkg:deb/debian/erlang@1:12.b.3-dfsg-4

purl pkg:deb/debian/erlang@1:12.b.3-dfsg-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1283-nvxm-r7cw

vulnerability	VCID-1ge1-3e4a-ebfq

vulnerability	VCID-5qc5-5xds-bqa9

vulnerability	VCID-86hm-g3m9-tkft

vulnerability	VCID-9nt8-a7kg-kfcz

vulnerability	VCID-c3vm-u9jn-83cs

vulnerability	VCID-c453-7khw-mub2

vulnerability	VCID-e1yx-dxa6-1bba

vulnerability	VCID-h11x-uyd8-2bd9

vulnerability	VCID-jg37-ud9r-d3h7

vulnerability	VCID-jxzt-8wru-6yhk

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-nqfj-97y5-suar

vulnerability	VCID-tbwg-7hga-cybn

vulnerability	VCID-tnt7-d764-13cq

vulnerability	VCID-udvu-fbdt-uygy

vulnerability	VCID-uj9j-t27c-j3c1

vulnerability	VCID-vqnt-uyex-87fn

vulnerability	VCID-xap5-djda-2uem

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:12.b.3-dfsg-4

url pkg:deb/debian/erlang@1:14.a-dfsg-3squeeze1

purl pkg:deb/debian/erlang@1:14.a-dfsg-3squeeze1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1283-nvxm-r7cw

vulnerability	VCID-1ge1-3e4a-ebfq

vulnerability	VCID-5qc5-5xds-bqa9

vulnerability	VCID-86hm-g3m9-tkft

vulnerability	VCID-9nt8-a7kg-kfcz

vulnerability	VCID-c3vm-u9jn-83cs

vulnerability	VCID-c453-7khw-mub2

vulnerability	VCID-e1yx-dxa6-1bba

vulnerability	VCID-h11x-uyd8-2bd9

vulnerability	VCID-jg37-ud9r-d3h7

vulnerability	VCID-jxzt-8wru-6yhk

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-nqfj-97y5-suar

vulnerability	VCID-tbwg-7hga-cybn

vulnerability	VCID-tnt7-d764-13cq

vulnerability	VCID-udvu-fbdt-uygy

vulnerability	VCID-uj9j-t27c-j3c1

vulnerability	VCID-vqnt-uyex-87fn

vulnerability	VCID-xap5-djda-2uem

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:14.a-dfsg-3squeeze1

url pkg:deb/debian/erlang@1:15.b.1-dfsg-4%2Bdeb7u1

purl pkg:deb/debian/erlang@1:15.b.1-dfsg-4%2Bdeb7u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1283-nvxm-r7cw

vulnerability	VCID-1ge1-3e4a-ebfq

vulnerability	VCID-5qc5-5xds-bqa9

vulnerability	VCID-86hm-g3m9-tkft

vulnerability	VCID-9nt8-a7kg-kfcz

vulnerability	VCID-c3vm-u9jn-83cs

vulnerability	VCID-c453-7khw-mub2

vulnerability	VCID-h11x-uyd8-2bd9

vulnerability	VCID-jg37-ud9r-d3h7

vulnerability	VCID-jxzt-8wru-6yhk

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-nqfj-97y5-suar

vulnerability	VCID-tbwg-7hga-cybn

vulnerability	VCID-tnt7-d764-13cq

vulnerability	VCID-uj9j-t27c-j3c1

vulnerability	VCID-vqnt-uyex-87fn

vulnerability	VCID-xap5-djda-2uem

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:15.b.1-dfsg-4%252Bdeb7u1

url pkg:deb/debian/erlang@1:17.1-dfsg-4~bpo70%2B1

purl pkg:deb/debian/erlang@1:17.1-dfsg-4~bpo70%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1283-nvxm-r7cw

vulnerability	VCID-1ge1-3e4a-ebfq

vulnerability	VCID-5qc5-5xds-bqa9

vulnerability	VCID-86hm-g3m9-tkft

vulnerability	VCID-9nt8-a7kg-kfcz

vulnerability	VCID-c3vm-u9jn-83cs

vulnerability	VCID-c453-7khw-mub2

vulnerability	VCID-h11x-uyd8-2bd9

vulnerability	VCID-jg37-ud9r-d3h7

vulnerability	VCID-jxzt-8wru-6yhk

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-nqfj-97y5-suar

vulnerability	VCID-tbwg-7hga-cybn

vulnerability	VCID-tnt7-d764-13cq

vulnerability	VCID-vqnt-uyex-87fn

vulnerability	VCID-xap5-djda-2uem

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:17.1-dfsg-4~bpo70%252B1

url pkg:deb/debian/erlang@1:17.3-dfsg-4~bpo70%2B1

purl pkg:deb/debian/erlang@1:17.3-dfsg-4~bpo70%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1283-nvxm-r7cw

vulnerability	VCID-1ge1-3e4a-ebfq

vulnerability	VCID-5qc5-5xds-bqa9

vulnerability	VCID-86hm-g3m9-tkft

vulnerability	VCID-9nt8-a7kg-kfcz

vulnerability	VCID-c3vm-u9jn-83cs

vulnerability	VCID-c453-7khw-mub2

vulnerability	VCID-h11x-uyd8-2bd9

vulnerability	VCID-jg37-ud9r-d3h7

vulnerability	VCID-jxzt-8wru-6yhk

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-nqfj-97y5-suar

vulnerability	VCID-tbwg-7hga-cybn

vulnerability	VCID-tnt7-d764-13cq

vulnerability	VCID-vqnt-uyex-87fn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:17.3-dfsg-4~bpo70%252B1

url pkg:deb/debian/erlang@1:17.3-dfsg-4

purl pkg:deb/debian/erlang@1:17.3-dfsg-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1283-nvxm-r7cw

vulnerability	VCID-1ge1-3e4a-ebfq

vulnerability	VCID-5qc5-5xds-bqa9

vulnerability	VCID-86hm-g3m9-tkft

vulnerability	VCID-9nt8-a7kg-kfcz

vulnerability	VCID-c3vm-u9jn-83cs

vulnerability	VCID-h11x-uyd8-2bd9

vulnerability	VCID-jg37-ud9r-d3h7

vulnerability	VCID-jxzt-8wru-6yhk

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-nqfj-97y5-suar

vulnerability	VCID-tbwg-7hga-cybn

vulnerability	VCID-tnt7-d764-13cq

vulnerability	VCID-vqnt-uyex-87fn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:17.3-dfsg-4

url pkg:deb/debian/erlang@1:17.3-dfsg-4%2Bdeb8u2

purl pkg:deb/debian/erlang@1:17.3-dfsg-4%2Bdeb8u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1283-nvxm-r7cw

vulnerability	VCID-1ge1-3e4a-ebfq

vulnerability	VCID-5qc5-5xds-bqa9

vulnerability	VCID-86hm-g3m9-tkft

vulnerability	VCID-9nt8-a7kg-kfcz

vulnerability	VCID-c3vm-u9jn-83cs

vulnerability	VCID-h11x-uyd8-2bd9

vulnerability	VCID-jg37-ud9r-d3h7

vulnerability	VCID-jxzt-8wru-6yhk

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-nqfj-97y5-suar

vulnerability	VCID-tbwg-7hga-cybn

vulnerability	VCID-tnt7-d764-13cq

vulnerability	VCID-vqnt-uyex-87fn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:17.3-dfsg-4%252Bdeb8u2

url pkg:deb/debian/erlang@1:19.2.1%2Bdfsg-2~bpo8%2B1

purl pkg:deb/debian/erlang@1:19.2.1%2Bdfsg-2~bpo8%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1283-nvxm-r7cw

vulnerability	VCID-1ge1-3e4a-ebfq

vulnerability	VCID-5qc5-5xds-bqa9

vulnerability	VCID-86hm-g3m9-tkft

vulnerability	VCID-9nt8-a7kg-kfcz

vulnerability	VCID-c3vm-u9jn-83cs

vulnerability	VCID-h11x-uyd8-2bd9

vulnerability	VCID-jg37-ud9r-d3h7

vulnerability	VCID-jxzt-8wru-6yhk

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-nqfj-97y5-suar

vulnerability	VCID-tbwg-7hga-cybn

vulnerability	VCID-tnt7-d764-13cq

vulnerability	VCID-vqnt-uyex-87fn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:19.2.1%252Bdfsg-2~bpo8%252B1

url pkg:deb/debian/erlang@1:19.2.1%2Bdfsg-2%2Bdeb9u1~bpo8%2B1

purl pkg:deb/debian/erlang@1:19.2.1%2Bdfsg-2%2Bdeb9u1~bpo8%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1283-nvxm-r7cw

vulnerability	VCID-1ge1-3e4a-ebfq

vulnerability	VCID-5qc5-5xds-bqa9

vulnerability	VCID-86hm-g3m9-tkft

vulnerability	VCID-c3vm-u9jn-83cs

vulnerability	VCID-h11x-uyd8-2bd9

vulnerability	VCID-jg37-ud9r-d3h7

vulnerability	VCID-jxzt-8wru-6yhk

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-nqfj-97y5-suar

vulnerability	VCID-tbwg-7hga-cybn

vulnerability	VCID-tnt7-d764-13cq

vulnerability	VCID-vqnt-uyex-87fn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:19.2.1%252Bdfsg-2%252Bdeb9u1~bpo8%252B1

url pkg:deb/debian/erlang@1:19.2.1%2Bdfsg-2%2Bdeb9u3

purl pkg:deb/debian/erlang@1:19.2.1%2Bdfsg-2%2Bdeb9u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1283-nvxm-r7cw

vulnerability	VCID-1ge1-3e4a-ebfq

vulnerability	VCID-5qc5-5xds-bqa9

vulnerability	VCID-86hm-g3m9-tkft

vulnerability	VCID-c3vm-u9jn-83cs

vulnerability	VCID-h11x-uyd8-2bd9

vulnerability	VCID-jg37-ud9r-d3h7

vulnerability	VCID-jxzt-8wru-6yhk

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-nqfj-97y5-suar

vulnerability	VCID-tbwg-7hga-cybn

vulnerability	VCID-tnt7-d764-13cq

vulnerability	VCID-vqnt-uyex-87fn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:19.2.1%252Bdfsg-2%252Bdeb9u3

url pkg:deb/debian/erlang@1:21.2.6%2Bdfsg-1

purl pkg:deb/debian/erlang@1:21.2.6%2Bdfsg-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1283-nvxm-r7cw

vulnerability	VCID-1ge1-3e4a-ebfq

vulnerability	VCID-5qc5-5xds-bqa9

vulnerability	VCID-c3vm-u9jn-83cs

vulnerability	VCID-jg37-ud9r-d3h7

vulnerability	VCID-jxzt-8wru-6yhk

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-nqfj-97y5-suar

vulnerability	VCID-tbwg-7hga-cybn

vulnerability	VCID-tnt7-d764-13cq

vulnerability	VCID-vqnt-uyex-87fn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:21.2.6%252Bdfsg-1

url pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1

purl pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1283-nvxm-r7cw

vulnerability	VCID-28fj-t5hy-x3gn

vulnerability	VCID-c3vm-u9jn-83cs

vulnerability	VCID-gcn7-ak4r-eba3

vulnerability	VCID-h1k4-x8vr-5bch

vulnerability	VCID-j7t3-nrjj-pfgp

vulnerability	VCID-jg37-ud9r-d3h7

vulnerability	VCID-jxzt-8wru-6yhk

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-nqfj-97y5-suar

vulnerability	VCID-s9qn-9qdm-j7ej

vulnerability	VCID-tnt7-d764-13cq

vulnerability	VCID-vqnt-uyex-87fn

vulnerability	VCID-w9yj-xg82-kyac

vulnerability	VCID-wwcj-hwqc-f3g7

vulnerability	VCID-xcks-117s-v3dd

vulnerability	VCID-z6gs-aq96-gkaw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4748

reference_id

reference_type

scores

value	0.00092
scoring_system	epss
scoring_elements	0.2609
published_at	2026-04-02T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.26131
published_at	2026-04-04T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29161
published_at	2026-04-11T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29155
published_at	2026-04-09T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29113
published_at	2026-04-08T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.2905
published_at	2026-04-07T12:55:00Z

value	0.00375
scoring_system	epss
scoring_elements	0.59126
published_at	2026-04-12T12:55:00Z

value	0.00375
scoring_system	epss
scoring_elements	0.59149
published_at	2026-04-18T12:55:00Z

value	0.00375
scoring_system	epss
scoring_elements	0.59144
published_at	2026-04-16T12:55:00Z

value	0.00375
scoring_system	epss
scoring_elements	0.59107
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4748

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4748
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4748

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107939
reference_id	1107939
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107939

reference_url

https://github.com/erlang/otp/commit/578d4001575aa7647ea1efd4b2b7e3afadcc99a5

reference_id

578d4001575aa7647ea1efd4b2b7e3afadcc99a5

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:10:47Z/

url

https://github.com/erlang/otp/commit/578d4001575aa7647ea1efd4b2b7e3afadcc99a5

reference_url

https://github.com/erlang/otp/commit/5a55feec10c9b69189d56723d8f237afa58d5d4f

reference_id

5a55feec10c9b69189d56723d8f237afa58d5d4f

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:10:47Z/

url

https://github.com/erlang/otp/commit/5a55feec10c9b69189d56723d8f237afa58d5d4f

reference_url

https://github.com/erlang/otp/pull/9941

reference_id

9941

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:10:47Z/

url

https://github.com/erlang/otp/pull/9941

reference_url

https://security.archlinux.org/AVG-2900

reference_id

AVG-2900

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2900

reference_url

https://github.com/erlang/otp/commit/ba2f2bc5f45fcfd2d6201ba07990a678bbf4cc8f

reference_id

ba2f2bc5f45fcfd2d6201ba07990a678bbf4cc8f

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:10:47Z/

url

https://github.com/erlang/otp/commit/ba2f2bc5f45fcfd2d6201ba07990a678bbf4cc8f

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp::::::::
reference_id	cpe:2.3:a:erlang:erlang\/otp::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\/otp::::::::

reference_url

https://cna.erlef.org/cves/CVE-2025-4748.html

reference_id

CVE-2025-4748.html

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:10:47Z/

url

https://cna.erlef.org/cves/CVE-2025-4748.html

reference_url

https://osv.dev/vulnerability/EEF-CVE-2025-4748

reference_id

EEF-CVE-2025-4748

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:10:47Z/

url

https://osv.dev/vulnerability/EEF-CVE-2025-4748

reference_url

https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc

reference_id

GHSA-9g37-pgj9-wrhc

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:10:47Z/

url

https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc

reference_url	https://usn.ubuntu.com/7656-1/
reference_id	USN-7656-1
reference_type
scores
url	https://usn.ubuntu.com/7656-1/

reference_url

https://www.erlang.org/doc/system/versions.html#order-of-versions

reference_id

versions.html#order-of-versions

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:10:47Z/

url

https://www.erlang.org/doc/system/versions.html#order-of-versions

Weaknesses

cwe_id	22
name	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
description	The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vqnt-uyex-87fn

Vulnerability Instance