VulnerableCode Package Details - pkg:pypi/ckan@2.10.3

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/ckan@2.10.3

Essentials
History (1)

purl	pkg:pypi/ckan@2.10.3

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-v1bk-nt8x-tkhq	Improper Handling of Length Parameter Inconsistency CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the `/dataset/new` endpoint (including either the auth cookie or the `Authorization` header) with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server. To trigger this error, the attacker need to have permissions to create or edit datasets. This vulnerability has been patched in CKAN 2.10.3 and 2.9.10.	CVE-2023-50248 GHSA-7fgc-89cx-w8j5

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:46:35.205414+00:00	GitLab Importer	Fixing	VCID-v1bk-nt8x-tkhq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ckan/CVE-2023-50248.yml	38.6.0