Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/bundler@1.10.5
Typegem
Namespace
Namebundler
Version1.10.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.2.33
Latest_non_vulnerable_version2.2.33
Affected_by_vulnerabilities
0
url VCID-cgau-bf4b-zkeq
vulnerability_id VCID-cgau-bf4b-zkeq
summary 
Insecure path handling in Bundler
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with
insecure permissions as a storage location for gems, if locations under the user's
home directory are not available. If Bundler is used in a scenario where the user
does not have a writable home directory, an attacker could place malicious code
in this directory that would be later loaded and executed.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3881.json
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3881.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3881
reference_id
reference_type
scores
0
value 0.00151
scoring_system epss
scoring_elements 0.3543
published_at 2026-06-08T12:55:00Z
1
value 0.00151
scoring_system epss
scoring_elements 0.35469
published_at 2026-06-07T12:55:00Z
2
value 0.00151
scoring_system epss
scoring_elements 0.35509
published_at 2026-06-06T12:55:00Z
3
value 0.00151
scoring_system epss
scoring_elements 0.35497
published_at 2026-06-05T12:55:00Z
4
value 0.00151
scoring_system epss
scoring_elements 0.354
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3881
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1651826
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1651826
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-g98m-96g9-wfjq
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements
1
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-g98m-96g9-wfjq
5
reference_url https://github.com/rubygems/bundler
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubygems/bundler
6
reference_url https://github.com/rubygems/bundler/issues/6501
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubygems/bundler/issues/6501
7
reference_url https://github.com/rubygems/bundler/pull/7416/commits/65cfebb041c454c246aaf32a177b0243915a9998
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubygems/bundler/pull/7416/commits/65cfebb041c454c246aaf32a177b0243915a9998
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bundler/CVE-2019-3881.yml
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bundler/CVE-2019-3881.yml
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3881
reference_id CVE-2019-3881
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-3881
10
reference_url https://security.gentoo.org/glsa/202408-22
reference_id GLSA-202408-22
reference_type
scores
url https://security.gentoo.org/glsa/202408-22
11
reference_url https://access.redhat.com/errata/RHSA-2021:2230
reference_id RHSA-2021:2230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2230
12
reference_url https://access.redhat.com/errata/RHSA-2021:2588
reference_id RHSA-2021:2588
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2588
13
reference_url https://usn.ubuntu.com/USN-4870-1/
reference_id USN-USN-4870-1
reference_type
scores
url https://usn.ubuntu.com/USN-4870-1/
fixed_packages
0
url pkg:gem/bundler@2.1.0
purl pkg:gem/bundler@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hpwx-fwdj-kfbt
1
vulnerability VCID-zz3m-f23k-6kec
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/bundler@2.1.0
aliases CVE-2019-3881, GHSA-g98m-96g9-wfjq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cgau-bf4b-zkeq
1
url VCID-hpwx-fwdj-kfbt
vulnerability_id VCID-hpwx-fwdj-kfbt
summary arbitrary command execution
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43809.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43809.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-43809
reference_id
reference_type
scores
0
value 0.01553
scoring_system epss
scoring_elements 0.81789
published_at 2026-06-08T12:55:00Z
1
value 0.01553
scoring_system epss
scoring_elements 0.81796
published_at 2026-06-07T12:55:00Z
2
value 0.01553
scoring_system epss
scoring_elements 0.81795
published_at 2026-06-05T12:55:00Z
3
value 0.01553
scoring_system epss
scoring_elements 0.81761
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-43809
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43809
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43809
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rubygems/rubygems
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubygems/rubygems
5
reference_url https://github.com/rubygems/rubygems/commit/0fad1ccfe9dd7a3c5b82c1496df3c2b4842870d3
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubygems/rubygems/commit/0fad1ccfe9dd7a3c5b82c1496df3c2b4842870d3
6
reference_url https://github.com/rubygems/rubygems/commit/a4f2f8ac17e6ce81c689527a8b6f14381060d95f
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubygems/rubygems/commit/a4f2f8ac17e6ce81c689527a8b6f14381060d95f
7
reference_url https://github.com/rubygems/rubygems/pull/5142
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubygems/rubygems/pull/5142
8
reference_url https://lists.debian.org/debian-lts-announce/2025/05/msg00015.html
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/05/msg00015.html
9
reference_url https://www.sonarsource.com/blog/securing-developer-tools-package-managers
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.sonarsource.com/blog/securing-developer-tools-package-managers
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2035260
reference_id 2035260
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2035260
11
reference_url https://security.archlinux.org/AVG-2615
reference_id AVG-2615
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2615
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-43809
reference_id CVE-2021-43809
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-43809
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bundler/CVE-2021-43809.yml
reference_id CVE-2021-43809.YML
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bundler/CVE-2021-43809.yml
14
reference_url https://github.com/advisories/GHSA-fj7f-vq84-fh43
reference_id GHSA-fj7f-vq84-fh43
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fj7f-vq84-fh43
15
reference_url https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh43
reference_id GHSA-fj7f-vq84-fh43
reference_type
scores
0
value 6.7
scoring_system cvssv3
scoring_elements
1
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh43
16
reference_url https://security.gentoo.org/glsa/202408-22
reference_id GLSA-202408-22
reference_type
scores
url https://security.gentoo.org/glsa/202408-22
17
reference_url https://access.redhat.com/errata/RHSA-2025:7539
reference_id RHSA-2025:7539
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7539
fixed_packages
0
url pkg:gem/bundler@2.2.33
purl pkg:gem/bundler@2.2.33
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/bundler@2.2.33
aliases CVE-2021-43809, GHSA-fj7f-vq84-fh43
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hpwx-fwdj-kfbt
2
url VCID-thdt-r7nj-q3bc
vulnerability_id VCID-thdt-r7nj-q3bc
summary 
Bundler allows attacker to inject arbitrary code via secondary Gem source
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source.  NOTE: this might overlap CVE-2013-0334.
references
0
reference_url http://collectiveidea.com/blog/archives/2016/10/06/bundlers-multiple-source-security-vulnerability
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://collectiveidea.com/blog/archives/2016/10/06/bundlers-multiple-source-security-vulnerability
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7954.json
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7954.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7954
reference_id
reference_type
scores
0
value 0.02779
scoring_system epss
scoring_elements 0.86339
published_at 2026-06-08T12:55:00Z
1
value 0.02779
scoring_system epss
scoring_elements 0.86332
published_at 2026-06-04T12:55:00Z
2
value 0.02779
scoring_system epss
scoring_elements 0.86353
published_at 2026-06-05T12:55:00Z
3
value 0.02779
scoring_system epss
scoring_elements 0.86355
published_at 2026-06-06T12:55:00Z
4
value 0.02779
scoring_system epss
scoring_elements 0.86351
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7954
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1381951
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1381951
4
reference_url https://collectiveidea.com/blog/archives/2016/10/06/bundlers-multiple-source-security-vulnerability
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://collectiveidea.com/blog/archives/2016/10/06/bundlers-multiple-source-security-vulnerability
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:C/I:C/A:C
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/bundler/bundler/issues/5051
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/bundler/bundler/issues/5051
7
reference_url https://github.com/bundler/bundler/issues/5062
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/bundler/bundler/issues/5062
8
reference_url https://github.com/rubygems/bundler
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubygems/bundler
9
reference_url https://web.archive.org/web/20170214030311/http://www.securityfocus.com/bid/93423
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170214030311/http://www.securityfocus.com/bid/93423
10
reference_url http://www.openwall.com/lists/oss-security/2016/10/04/5
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/10/04/5
11
reference_url http://www.openwall.com/lists/oss-security/2016/10/04/7
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/10/04/7
12
reference_url http://www.openwall.com/lists/oss-security/2016/10/05/3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/10/05/3
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-7954
reference_id CVE-2016-7954
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-7954
14
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bundler/CVE-2016-7954.yml
reference_id CVE-2016-7954.YML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bundler/CVE-2016-7954.yml
15
reference_url https://github.com/advisories/GHSA-jvgm-pfqv-887x
reference_id GHSA-jvgm-pfqv-887x
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jvgm-pfqv-887x
fixed_packages
0
url pkg:gem/bundler@2.0.0
purl pkg:gem/bundler@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cgau-bf4b-zkeq
1
vulnerability VCID-hpwx-fwdj-kfbt
2
vulnerability VCID-zz3m-f23k-6kec
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/bundler@2.0.0
aliases CVE-2016-7954, GHSA-jvgm-pfqv-887x
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-thdt-r7nj-q3bc
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/bundler@1.10.5