Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/decidim-templates@0.26.5
Typegem
Namespace
Namedecidim-templates
Version0.26.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-en2n-zx4a-tbc9
vulnerability_id VCID-en2n-zx4a-tbc9
summary 
Decidim has broken access control in templates
### Impact

The `templates` module does not enforce the correct permissions, allowing any logged-in user to access to this functionality in the administration panel. An attacker could use this vulnerability to change, create or delete templates of surveys.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36465
reference_id
reference_type
scores
0
value 0.0007
scoring_system epss
scoring_elements 0.21605
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36465
1
reference_url https://github.com/decidim/decidim
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/decidim/decidim
2
reference_url https://github.com/decidim/decidim/releases/tag/v0.26.8
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T18:47:43Z/
url https://github.com/decidim/decidim/releases/tag/v0.26.8
3
reference_url https://github.com/decidim/decidim/releases/tag/v0.27.4
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T18:47:43Z/
url https://github.com/decidim/decidim/releases/tag/v0.27.4
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim/CVE-2023-36465.yml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim/CVE-2023-36465.yml
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim-templates/CVE-2023-36465.yml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim-templates/CVE-2023-36465.yml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36465
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36465
7
reference_url https://github.com/advisories/GHSA-639h-86hw-qcjq
reference_id GHSA-639h-86hw-qcjq
reference_type
scores
url https://github.com/advisories/GHSA-639h-86hw-qcjq
8
reference_url https://github.com/decidim/decidim/security/advisories/GHSA-639h-86hw-qcjq
reference_id GHSA-639h-86hw-qcjq
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
2
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T18:47:43Z/
url https://github.com/decidim/decidim/security/advisories/GHSA-639h-86hw-qcjq
fixed_packages
0
url pkg:gem/decidim-templates@0.26.8
purl pkg:gem/decidim-templates@0.26.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-en2n-zx4a-tbc9
1
vulnerability VCID-ep6m-9wr9-8kgy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/decidim-templates@0.26.8
1
url pkg:gem/decidim-templates@0.27.4
purl pkg:gem/decidim-templates@0.27.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-en2n-zx4a-tbc9
1
vulnerability VCID-ep6m-9wr9-8kgy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/decidim-templates@0.27.4
aliases CVE-2023-36465, GHSA-639h-86hw-qcjq
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-en2n-zx4a-tbc9
1
url VCID-ep6m-9wr9-8kgy
vulnerability_id VCID-ep6m-9wr9-8kgy
summary 
Server-Side Request Forgery (SSRF)
Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access also to the session cookie in order to see this resource. This URL does not allow modifying the resource but it may allow attackers to gain access to information which was not meant to be public. The issue is fixed in version 0.27.5 and 0.28.0. As a workaround, disable the templates functionality or remove all available templates.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-47635
reference_id
reference_type
scores
0
value 0.00105
scoring_system epss
scoring_elements 0.28111
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-47635
1
reference_url https://github.com/decidim/decidim
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/decidim/decidim
2
reference_url https://github.com/decidim/decidim/blob/3187bdfd40ea1c57c2c12512b09a7fec0b2bed08/decidim-templates/app/controllers/decidim/templates/admin/questionnaire_templates_controller.rb#L11
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:23:33Z/
url https://github.com/decidim/decidim/blob/3187bdfd40ea1c57c2c12512b09a7fec0b2bed08/decidim-templates/app/controllers/decidim/templates/admin/questionnaire_templates_controller.rb#L11
3
reference_url https://github.com/decidim/decidim/commit/5542227be66e3b6d7530f5b536069bce09376660
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:23:33Z/
url https://github.com/decidim/decidim/commit/5542227be66e3b6d7530f5b536069bce09376660
4
reference_url https://github.com/decidim/decidim/commit/57a4b467787448307b5d9b01ce6e2c8502e121ac
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:23:33Z/
url https://github.com/decidim/decidim/commit/57a4b467787448307b5d9b01ce6e2c8502e121ac
5
reference_url https://github.com/decidim/decidim/pull/11743
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:23:33Z/
url https://github.com/decidim/decidim/pull/11743
6
reference_url https://github.com/decidim/decidim/pull/6247
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:23:33Z/
url https://github.com/decidim/decidim/pull/6247
7
reference_url https://github.com/decidim/decidim/releases/tag/v0.27.5
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:23:33Z/
url https://github.com/decidim/decidim/releases/tag/v0.27.5
8
reference_url https://github.com/decidim/decidim/releases/tag/v0.28.0
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:23:33Z/
url https://github.com/decidim/decidim/releases/tag/v0.28.0
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-47635
reference_id CVE-2023-47635
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-47635
10
reference_url https://github.com/advisories/GHSA-f3qm-vfc3-jg6v
reference_id GHSA-f3qm-vfc3-jg6v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f3qm-vfc3-jg6v
11
reference_url https://github.com/decidim/decidim/security/advisories/GHSA-f3qm-vfc3-jg6v
reference_id GHSA-f3qm-vfc3-jg6v
reference_type
scores
0
value 4.5
scoring_system cvssv3
scoring_elements
1
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:23:33Z/
url https://github.com/decidim/decidim/security/advisories/GHSA-f3qm-vfc3-jg6v
fixed_packages
0
url pkg:gem/decidim-templates@0.27.5
purl pkg:gem/decidim-templates@0.27.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ep6m-9wr9-8kgy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/decidim-templates@0.27.5
aliases CVE-2023-47635, GHSA-f3qm-vfc3-jg6v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ep6m-9wr9-8kgy
Fixing_vulnerabilities
Risk_score4.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/decidim-templates@0.26.5