Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/gatsby-transformer-remark@1.0.0-beta.3-alpha.a694e4ac
Typenpm
Namespace
Namegatsby-transformer-remark
Version1.0.0-beta.3-alpha.a694e4ac
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.25.1
Latest_non_vulnerable_version6.3.2
Affected_by_vulnerabilities
0
url VCID-cj8y-kbva-5fdy
vulnerability_id VCID-cj8y-kbva-5fdy
summary Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the `gray-matter` npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized. The vulnerability is present in gatsby-transformer-remark when passing input in data mode (querying MarkdownRemark nodes via GraphQL). Injected JavaScript executes in the context of the build server. To exploit this vulnerability untrusted/unsanitized input would need to be sourced by or added into a file processed by gatsby-transformer-remark. A patch has been introduced in `gatsby-transformer-remark@5.25.1` and `gatsby-transformer-remark@6.3.2` which mitigates the issue by disabling the `gray-matter` JavaScript Frontmatter engine. As a workaround, if an older version of `gatsby-transformer-remark` must be used, input passed into the plugin should be sanitized ahead of processing. It is encouraged for projects to upgrade to the latest major release branch for all Gatsby plugins to ensure the latest security updates and bug fixes are received in a timely manner.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22491
reference_id
reference_type
scores
0
value 0.00309
scoring_system epss
scoring_elements 0.54619
published_at 2026-06-13T12:55:00Z
1
value 0.00309
scoring_system epss
scoring_elements 0.54477
published_at 2026-06-11T12:55:00Z
2
value 0.00309
scoring_system epss
scoring_elements 0.54603
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22491
1
reference_url https://github.com/gatsbyjs/gatsby
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/gatsbyjs/gatsby
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22491
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22491
3
reference_url https://github.com/advisories/GHSA-7ch4-rr99-cqcw
reference_id GHSA-7ch4-rr99-cqcw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7ch4-rr99-cqcw
4
reference_url https://github.com/gatsbyjs/gatsby/security/advisories/GHSA-7ch4-rr99-cqcw
reference_id GHSA-7ch4-rr99-cqcw
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-11T13:33:35Z/
url https://github.com/gatsbyjs/gatsby/security/advisories/GHSA-7ch4-rr99-cqcw
fixed_packages
0
url pkg:npm/gatsby-transformer-remark@5.25.1
purl pkg:npm/gatsby-transformer-remark@5.25.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/gatsby-transformer-remark@5.25.1
1
url pkg:npm/gatsby-transformer-remark@6.3.2
purl pkg:npm/gatsby-transformer-remark@6.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/gatsby-transformer-remark@6.3.2
aliases CVE-2023-22491, GHSA-7ch4-rr99-cqcw, GMS-2023-26
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cj8y-kbva-5fdy
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/gatsby-transformer-remark@1.0.0-beta.3-alpha.a694e4ac