Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/actionview@3.2.0
Typegem
Namespace
Nameactionview
Version3.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.2.3.1
Latest_non_vulnerable_version8.1.2.1
Affected_by_vulnerabilities
0
url VCID-g9t2-g33e-87fe
vulnerability_id VCID-g9t2-g33e-87fe
summary 
Moderate severity vulnerability that affects actionview
Withdrawn, accidental duplicate publish.

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.
references
0
reference_url https://github.com/advisories/GHSA-2pwf-xwr3-hp55
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-2pwf-xwr3-hp55
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-2097
reference_id CVE-2016-2097
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-2097
fixed_packages
0
url pkg:gem/actionview@3.2.22.2
purl pkg:gem/actionview@3.2.22.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86jq-2md2-d7ah
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionview@3.2.22.2
1
url pkg:gem/actionview@4.1.14.2
purl pkg:gem/actionview@4.1.14.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-31xv-z8c6-a7bg
1
vulnerability VCID-86jq-2md2-d7ah
2
vulnerability VCID-8dad-dvat-1fg4
3
vulnerability VCID-96qr-hdbp-p7ff
4
vulnerability VCID-c8b5-d83n-nuhw
5
vulnerability VCID-cnqr-6e98-5kgk
6
vulnerability VCID-es1t-7196-4kbb
7
vulnerability VCID-g5q6-7uav-sqh1
8
vulnerability VCID-p5mc-r1rg-5ff7
9
vulnerability VCID-v9mt-t1pb-hybk
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionview@4.1.14.2
aliases GHSA-2pwf-xwr3-hp55
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g9t2-g33e-87fe
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/actionview@3.2.0