Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/vagrant@0.1.4.pre.a
Typegem
Namespace
Namevagrant
Version0.1.4.pre.a
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-dcwn-sxzk-7yas
vulnerability_id VCID-dcwn-sxzk-7yas
summary 
HashiCorp Vagrant has code injection vulnerability through default synced folders
An authenticated virtual machine escape vulnerability exists in
HashiCorp Vagrant versions 2.4.6 and below when using the default
synced folder configuration. By design, Vagrant automatically mounts
the host system’s project directory into the guest VM under /vagrant
(or C:\vagrant on Windows). This includes the Vagrantfile configuration
file, which is a Ruby script evaluated by the host every time a vagrant
command is executed in the project directory. If a low-privileged
attacker obtains shell access to the guest VM, they can append
arbitrary Ruby code to the mounted Vagrantfile. When a user on the
host later runs any vagrant command, the injected code is executed
on the host with that user’s privileges.

While this shared-folder behavior is well-documented by Vagrant, the
security implications of Vagrantfile execution from guest-writable
storage are not explicitly addressed. This effectively enables
guest-to-host code execution in multi-tenant or adversarial VM scenarios.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-34075.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-34075.json
1
reference_url https://developer.hashicorp.com/vagrant
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://developer.hashicorp.com/vagrant
2
reference_url https://developer.hashicorp.com/vagrant/docs/synced-folders/basic_usage
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://developer.hashicorp.com/vagrant/docs/synced-folders/basic_usage
3
reference_url https://developer.hashicorp.com/vagrant/docs/vagrantfile
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://developer.hashicorp.com/vagrant/docs/vagrantfile
4
reference_url https://github.com/advisories/GHSA-hqp6-mjw3-f586
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hqp6-mjw3-f586
5
reference_url https://github.com/hashicorp/vagrant
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/vagrant
6
reference_url https://github.com/hashicorp/vagrant/commit/abe87b2fdc124ef426c016d44d2f6f4792f0cbe3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/vagrant/commit/abe87b2fdc124ef426c016d44d2f6f4792f0cbe3
7
reference_url https://github.com/hashicorp/vagrant/issues/13688
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/vagrant/issues/13688
8
reference_url https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/local/vagrant_synced_folder_vagrantfile_breakout.rb
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/local/vagrant_synced_folder_vagrantfile_breakout.rb
9
reference_url https://vulncheck.com/advisories/hashicorp-vagrant-synced-folder-vagrantfile-breakout
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vulncheck.com/advisories/hashicorp-vagrant-synced-folder-vagrantfile-breakout
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2375965
reference_id 2375965
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2375965
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-34075
reference_id CVE-2025-34075
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-34075
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/vagrant/CVE-2025-34075.yml
reference_id CVE-2025-34075.YML
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/vagrant/CVE-2025-34075.yml
fixed_packages
0
url pkg:gem/vagrant@2.4.7
purl pkg:gem/vagrant@2.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dcwn-sxzk-7yas
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/vagrant@2.4.7
aliases CVE-2025-34075, GHSA-hqp6-mjw3-f586
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dcwn-sxzk-7yas
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/vagrant@0.1.4.pre.a