Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:hex/plug@1.0.4
Typehex
Namespace
Nameplug
Version1.0.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.0.6
Latest_non_vulnerable_version1.19.2
Affected_by_vulnerabilities
0
url VCID-x7su-wxws-a3gz
vulnerability_id VCID-x7su-wxws-a3gz
summary Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in >= 1.3.5 or ~> 1.2.5 or ~> 1.1.9 or ~> 1.0.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000883
reference_id
reference_type
scores
0
value 0.0025
scoring_system epss
scoring_elements 0.48431
published_at 2026-06-04T12:55:00Z
1
value 0.0025
scoring_system epss
scoring_elements 0.48481
published_at 2026-06-07T12:55:00Z
2
value 0.0025
scoring_system epss
scoring_elements 0.485
published_at 2026-06-06T12:55:00Z
3
value 0.0025
scoring_system epss
scoring_elements 0.48494
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000883
1
reference_url https://github.com/dependabot/elixir-security-advisories/blob/master/packages/plug/2017-04-17.yml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dependabot/elixir-security-advisories/blob/master/packages/plug/2017-04-17.yml
2
reference_url https://github.com/elixir-plug/plug
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elixir-plug/plug
3
reference_url https://github.com/elixir-plug/plug/commit/8857f8ab4acf9b9c22e80480dae2636692f5f573
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elixir-plug/plug/commit/8857f8ab4acf9b9c22e80480dae2636692f5f573
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000883
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000883
fixed_packages
0
url pkg:hex/plug@1.0.6
purl pkg:hex/plug@1.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.0.6
1
url pkg:hex/plug@1.1.9
purl pkg:hex/plug@1.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.1.9
2
url pkg:hex/plug@1.2.5
purl pkg:hex/plug@1.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.2.5
3
url pkg:hex/plug@1.3.5
purl pkg:hex/plug@1.3.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.3.5
aliases CVE-2018-1000883, GHSA-9h73-w7ch-rh73
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x7su-wxws-a3gz
Fixing_vulnerabilities
0
url VCID-7ryv-jjw4-b7gh
vulnerability_id VCID-7ryv-jjw4-b7gh
summary 
Arbitrary Code Execution in Cookie Serialization
The default serialization used by Plug session may result in code execution
  in certain situations. Keep in mind, however, the session cookie is signed
  and this attack can only be exploited if the attacker has access to your
  secret key as well as your signing/encryption salts. We recommend users to
  change their secret key base and salts if they suspect they have been leaked,
  regardless of this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000053
reference_id
reference_type
scores
0
value 0.01075
scoring_system epss
scoring_elements 0.78131
published_at 2026-06-04T12:55:00Z
1
value 0.01075
scoring_system epss
scoring_elements 0.78154
published_at 2026-06-07T12:55:00Z
2
value 0.01075
scoring_system epss
scoring_elements 0.78164
published_at 2026-06-06T12:55:00Z
3
value 0.01075
scoring_system epss
scoring_elements 0.78157
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000053
1
reference_url https://elixirforum.com/t/security-releases-for-plug/3913
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://elixirforum.com/t/security-releases-for-plug/3913
2
reference_url https://elixirforum.com/t/static-and-session-security-fixes-for-plug/3913
reference_id
reference_type
scores
url https://elixirforum.com/t/static-and-session-security-fixes-for-plug/3913
3
reference_url https://github.com/elixir-plug/plug
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/elixir-plug/plug
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000053
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000053
fixed_packages
0
url pkg:hex/plug@1.0.4
purl pkg:hex/plug@1.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x7su-wxws-a3gz
resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.0.4
1
url pkg:hex/plug@1.1.7
purl pkg:hex/plug@1.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x7su-wxws-a3gz
resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.1.7
2
url pkg:hex/plug@1.2.3
purl pkg:hex/plug@1.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x7su-wxws-a3gz
resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.2.3
3
url pkg:hex/plug@1.3.2
purl pkg:hex/plug@1.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x7su-wxws-a3gz
resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.3.2
aliases CVE-2017-1000053, GHSA-5v4m-c73v-c7gq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ryv-jjw4-b7gh
1
url VCID-dp5c-pz39-ckhp
vulnerability_id VCID-dp5c-pz39-ckhp
summary 
Null Byte Injection in Plug.Static
Plug.Static is used for serving static assets, and is vulnerable to null
  byte injection. If file upload functionality is provided, this can allow
  users to bypass filetype restrictions.
  We recommend all applications that provide file upload functionality and
  serve those uploaded files locally with Plug.Static to upgrade immediately
  or include the fix below. If uploaded files are rather stored and served
  from S3 or any other cloud storage, you are not affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000052
reference_id
reference_type
scores
0
value 0.00246
scoring_system epss
scoring_elements 0.48038
published_at 2026-06-04T12:55:00Z
1
value 0.00246
scoring_system epss
scoring_elements 0.48086
published_at 2026-06-07T12:55:00Z
2
value 0.00246
scoring_system epss
scoring_elements 0.48104
published_at 2026-06-06T12:55:00Z
3
value 0.00246
scoring_system epss
scoring_elements 0.48101
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000052
1
reference_url https://elixirforum.com/t/security-releases-for-plug/3913
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://elixirforum.com/t/security-releases-for-plug/3913
2
reference_url https://elixirforum.com/t/static-and-session-security-fixes-for-plug/3913
reference_id
reference_type
scores
url https://elixirforum.com/t/static-and-session-security-fixes-for-plug/3913
3
reference_url https://github.com/elixir-plug/plug
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/elixir-plug/plug
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000052
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000052
fixed_packages
0
url pkg:hex/plug@1.0.4
purl pkg:hex/plug@1.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x7su-wxws-a3gz
resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.0.4
1
url pkg:hex/plug@1.1.7
purl pkg:hex/plug@1.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x7su-wxws-a3gz
resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.1.7
2
url pkg:hex/plug@1.2.3
purl pkg:hex/plug@1.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x7su-wxws-a3gz
resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.2.3
3
url pkg:hex/plug@1.3.2
purl pkg:hex/plug@1.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-x7su-wxws-a3gz
resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.3.2
aliases CVE-2017-1000052, GHSA-2q6v-32mr-8p8x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dp5c-pz39-ckhp
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:hex/plug@1.0.4