Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/decidim-meetings@0.25.0.rc2
Typegem
Namespace
Namedecidim-meetings
Version0.25.0.rc2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.28.3
Latest_non_vulnerable_version0.28.3
Affected_by_vulnerabilities
0
url VCID-v7wp-v5ww-mkga
vulnerability_id VCID-v7wp-v5ww-mkga
summary 
Exposure of Sensitive Information to an Unauthorized Actor
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections (e.g., public meetings). By default, this library allows filtering on all data attributes and associations. This allows an unauthenticated remote attacker to exfiltrate non-public data from the underlying database of a Decidim instance (e.g., exfiltrating data from the user table). This issue may lead to Sensitive Data Disclosure. The problem was patched in version 0.27.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34090
reference_id
reference_type
scores
0
value 0.0038
scoring_system epss
scoring_elements 0.59843
published_at 2026-06-05T12:55:00Z
1
value 0.0038
scoring_system epss
scoring_elements 0.59847
published_at 2026-06-06T12:55:00Z
2
value 0.0038
scoring_system epss
scoring_elements 0.59819
published_at 2026-06-08T12:55:00Z
3
value 0.0038
scoring_system epss
scoring_elements 0.59838
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34090
1
reference_url https://github.com/decidim/decidim
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/decidim/decidim
2
reference_url https://github.com/decidim/decidim/releases/tag/v0.27.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T15:26:40Z/
url https://github.com/decidim/decidim/releases/tag/v0.27.3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34090
reference_id CVE-2023-34090
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34090
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim/CVE-2023-34090.yml
reference_id CVE-2023-34090.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim/CVE-2023-34090.yml
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim-meetings/CVE-2023-34090.yml
reference_id CVE-2023-34090.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim-meetings/CVE-2023-34090.yml
6
reference_url https://github.com/advisories/GHSA-jm79-9pm4-vrw9
reference_id GHSA-jm79-9pm4-vrw9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jm79-9pm4-vrw9
7
reference_url https://github.com/decidim/decidim/security/advisories/GHSA-jm79-9pm4-vrw9
reference_id GHSA-jm79-9pm4-vrw9
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T15:26:40Z/
url https://github.com/decidim/decidim/security/advisories/GHSA-jm79-9pm4-vrw9
8
reference_url https://github.com/decidim/decidim/security/advisories/GHSA-jm79-9pm4-vrw9#advisory-comment-81110
reference_id GHSA-jm79-9pm4-vrw9#advisory-comment-81110
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T15:26:40Z/
url https://github.com/decidim/decidim/security/advisories/GHSA-jm79-9pm4-vrw9#advisory-comment-81110
fixed_packages
0
url pkg:gem/decidim-meetings@0.27.3
purl pkg:gem/decidim-meetings@0.27.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v7wp-v5ww-mkga
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/decidim-meetings@0.27.3
aliases CVE-2023-34090, GHSA-jm79-9pm4-vrw9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v7wp-v5ww-mkga
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/decidim-meetings@0.25.0.rc2