Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40astrojs/cloudflare@13.1.9
Typenpm
Namespace@astrojs
Namecloudflare
Version13.1.9
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version13.1.10
Latest_non_vulnerable_version13.1.10
Affected_by_vulnerabilities
0
url VCID-3342-us82-dqgc
vulnerability_id VCID-3342-us82-dqgc
summary @astrojs/cloudflare is an SSR adapter for use with Cloudflare Workers targets. Prior to 13.1.10, the fetch() call for remote images in packages/integrations/cloudflare/src/utils/image-binding-transform.ts uses the default redirect: 'follow' behavior. This allows the Cloudflare Worker to follow HTTP redirects to arbitrary URLs, bypassing the isRemoteAllowed() domain allowlist check which only validates the initial URL. This vulnerabiity is caused by an incomplete fix for CVE-2025-58179. This vulnerability is fixed in 13.1.10.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41321
reference_id
reference_type
scores
0
value 0.00047
scoring_system epss
scoring_elements 0.15049
published_at 2026-06-14T12:55:00Z
1
value 0.00047
scoring_system epss
scoring_elements 0.1496
published_at 2026-06-11T12:55:00Z
2
value 0.00047
scoring_system epss
scoring_elements 0.15079
published_at 2026-06-13T12:55:00Z
3
value 0.00047
scoring_system epss
scoring_elements 0.15081
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41321
1
reference_url https://github.com/advisories/GHSA-qpr4-c339-7vq8
reference_id
reference_type
scores
0
value 2.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-qpr4-c339-7vq8
2
reference_url https://github.com/withastro/astro
reference_id
reference_type
scores
0
value 2.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/withastro/astro
3
reference_url https://github.com/withastro/astro/commit/a43eb4b40b4f81530e3c9b5e2959495900320433
reference_id
reference_type
scores
0
value 2.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/withastro/astro/commit/a43eb4b40b4f81530e3c9b5e2959495900320433
4
reference_url https://github.com/withastro/astro/releases/tag/%40astrojs%2Fcloudflare%4013.1.10
reference_id
reference_type
scores
0
value 2.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/withastro/astro/releases/tag/%40astrojs%2Fcloudflare%4013.1.10
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-41321
reference_id
reference_type
scores
0
value 2.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-41321
6
reference_url https://github.com/advisories/GHSA-88gm-j2wx-58h6
reference_id GHSA-88gm-j2wx-58h6
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-88gm-j2wx-58h6
7
reference_url https://github.com/withastro/astro/security/advisories/GHSA-88gm-j2wx-58h6
reference_id GHSA-88gm-j2wx-58h6
reference_type
scores
0
value 2.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T18:27:06Z/
url https://github.com/withastro/astro/security/advisories/GHSA-88gm-j2wx-58h6
fixed_packages
0
url pkg:npm/%40astrojs/cloudflare@13.1.10
purl pkg:npm/%40astrojs/cloudflare@13.1.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540astrojs/cloudflare@13.1.10
aliases CVE-2026-41321, GHSA-88gm-j2wx-58h6
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3342-us82-dqgc
Fixing_vulnerabilities
Risk_score1.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540astrojs/cloudflare@13.1.9