VulnerableCode Package Details - pkg:pypi/misp-modules@3.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-fuzy-11z2-eqd4 Aliases: CVE-2026-44364 GHSA-j4rh-7jcr-qm69	misp-modules website - Missing CSRF protection in the website home blueprint A Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerability was due to the home blueprint being exempted from CSRF protection. This could allow modification of session query data in the context of the authenticated user. The issue was fixed by enabling CSRF protection for the affected blueprint and hardening query parsing. As reported by Bilal Teke.	There are no reported fixed by versions.
VCID-rbtj-uqkj-rkhb Aliases: CVE-2026-44363 GHSA-fhq3-2gf3-8f3j	misp-modules has nsafe remote resource fetching in expansion An unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The html_to_markdown module accepted arbitrary HTTP(S) URLs without sufficient validation, which could allow Server-Side Request Forgery against loopback, private, or link-local network resources. Additionally, the qrcode module disabled TLS certificate verification when retrieving remote images, exposing requests to potential man-in-the-middle interception or response tampering. The issue was fixed by validating URL schemes, blocking local and private address ranges, resolving hostnames before fetching, enforcing request timeouts, and re-enabling TLS certificate verification. As reported by Bilal Teke.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-fuzy-11z2-eqd4
Aliases:
CVE-2026-44364
GHSA-j4rh-7jcr-qm69

misp-modules website - Missing CSRF protection in the website home blueprint A Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerability was due to the home blueprint being exempted from CSRF protection. This could allow modification of session query data in the context of the authenticated user. The issue was fixed by enabling CSRF protection for the affected blueprint and hardening query parsing. As reported by Bilal Teke.

There are no reported fixed by versions.

VCID-rbtj-uqkj-rkhb
Aliases:
CVE-2026-44363
GHSA-fhq3-2gf3-8f3j

misp-modules has nsafe remote resource fetching in expansion An unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The html_to_markdown module accepted arbitrary HTTP(S) URLs without sufficient validation, which could allow Server-Side Request Forgery against loopback, private, or link-local network resources. Additionally, the qrcode module disabled TLS certificate verification when retrieving remote images, exposing requests to potential man-in-the-middle interception or response tampering. The issue was fixed by validating URL schemes, blocking local and private address ranges, resolving hostnames before fetching, enforcing request timeouts, and re-enabling TLS certificate verification. As reported by Bilal Teke.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T08:29:27.339693+00:00	GitLab Importer	Affected by	VCID-rbtj-uqkj-rkhb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/misp-modules/CVE-2026-44363.yml	38.6.0
2026-06-06T08:29:23.589502+00:00	GitLab Importer	Affected by	VCID-fuzy-11z2-eqd4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/misp-modules/CVE-2026-44364.yml	38.6.0

2026-06-06T08:29:27.339693+00:00

GitLab Importer

Affected by

VCID-rbtj-uqkj-rkhb

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/misp-modules/CVE-2026-44363.yml

38.6.0

2026-06-06T08:29:23.589502+00:00

GitLab Importer

Affected by

VCID-fuzy-11z2-eqd4

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/misp-modules/CVE-2026-44364.yml

38.6.0

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.5