Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/beets@1.2.0
Typepypi
Namespace
Namebeets
Version1.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.10.0
Latest_non_vulnerable_version2.10.0
Affected_by_vulnerabilities
0
url VCID-qxff-u4nz-p7fa
vulnerability_id VCID-qxff-u4nz-p7fa
summary Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode <%= ... %> for untrusted metadata fields. In this runtime, <%= ... %> is raw insertion and HTML escaping is only performed by <%- ... %>. Rendered output is then inserted with .html(...), allowing attacker-controlled markup to become active DOM. This issue has been patched in version 2.10.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42052
reference_id
reference_type
scores
0
value 0.00067
scoring_system epss
scoring_elements 0.20989
published_at 2026-06-07T12:55:00Z
1
value 0.00067
scoring_system epss
scoring_elements 0.20929
published_at 2026-06-09T12:55:00Z
2
value 0.00067
scoring_system epss
scoring_elements 0.20926
published_at 2026-06-08T12:55:00Z
3
value 0.00067
scoring_system epss
scoring_elements 0.21035
published_at 2026-06-06T12:55:00Z
4
value 0.00067
scoring_system epss
scoring_elements 0.21048
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42052
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42052
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42052
2
reference_url https://github.com/beetbox/beets
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/beetbox/beets
3
reference_url https://github.com/beetbox/beets/releases/tag/v2.10.0
reference_id
reference_type
scores
0
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:07:05Z/
url https://github.com/beetbox/beets/releases/tag/v2.10.0
4
reference_url https://github.com/beetbox/beets/security/advisories/GHSA-3gxm-wfjx-m847
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:07:05Z/
url https://github.com/beetbox/beets/security/advisories/GHSA-3gxm-wfjx-m847
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42052
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42052
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135779
reference_id 1135779
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135779
7
reference_url https://github.com/advisories/GHSA-3gxm-wfjx-m847
reference_id GHSA-3gxm-wfjx-m847
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3gxm-wfjx-m847
fixed_packages
0
url pkg:pypi/beets@2.10.0
purl pkg:pypi/beets@2.10.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/beets@2.10.0
aliases CVE-2026-42052, GHSA-3gxm-wfjx-m847
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qxff-u4nz-p7fa
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/beets@1.2.0