Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/avo@3.30.4
Typegem
Namespace
Nameavo
Version3.30.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.31.2
Latest_non_vulnerable_version3.31.2
Affected_by_vulnerabilities
0
url VCID-my8d-sdub-tuf5
vulnerability_id VCID-my8d-sdub-tuf5
summary Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerability was identified in the ActionsController of the Avo framework. Due to insecure action lookup logic, an authenticated user can execute any Action class (descendants of Avo::BaseAction) on any resource, even if the action is not registered for that specific resource. This leads to Privilege Escalation and unauthorized data manipulation across the entire application. This issue has been patched in version 3.31.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42205
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.16187
published_at 2026-06-13T12:55:00Z
1
value 0.0005
scoring_system epss
scoring_elements 0.16152
published_at 2026-06-14T12:55:00Z
2
value 0.0005
scoring_system epss
scoring_elements 0.16036
published_at 2026-06-11T12:55:00Z
3
value 0.0005
scoring_system epss
scoring_elements 0.16179
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42205
1
reference_url https://github.com/avo-hq/avo
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/avo-hq/avo
2
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/avo/CVE-2026-42205.yml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/avo/CVE-2026-42205.yml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42205
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42205
4
reference_url https://github.com/advisories/GHSA-qc5p-3mg5-9fh8
reference_id GHSA-qc5p-3mg5-9fh8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qc5p-3mg5-9fh8
5
reference_url https://github.com/avo-hq/avo/security/advisories/GHSA-qc5p-3mg5-9fh8
reference_id GHSA-qc5p-3mg5-9fh8
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T12:51:27Z/
url https://github.com/avo-hq/avo/security/advisories/GHSA-qc5p-3mg5-9fh8
6
reference_url https://github.com/avo-hq/avo/releases/tag/v3.31.2
reference_id v3.31.2
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-12T12:51:27Z/
url https://github.com/avo-hq/avo/releases/tag/v3.31.2
fixed_packages
0
url pkg:gem/avo@3.31.1
purl pkg:gem/avo@3.31.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-my8d-sdub-tuf5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/avo@3.31.1
1
url pkg:gem/avo@3.31.2
purl pkg:gem/avo@3.31.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/avo@3.31.2
aliases CVE-2026-42205, GHSA-qc5p-3mg5-9fh8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-my8d-sdub-tuf5
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/avo@3.30.4