Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/keystone@0.2.2
Typenpm
Namespace
Namekeystone
Version0.2.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-2yxf-3ebk-nbeu
vulnerability_id VCID-2yxf-3ebk-nbeu
summary 
Improper Input Validation
CSV Injection via a value that is mishandled in a CSV export.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-15879
reference_id
reference_type
scores
0
value 0.09815
scoring_system epss
scoring_elements 0.93123
published_at 2026-06-05T12:55:00Z
1
value 0.09815
scoring_system epss
scoring_elements 0.93112
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-15879
1
reference_url https://github.com/advisories/GHSA-6494-v9fq-fgq2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6494-v9fq-fgq2
2
reference_url https://github.com/keystonejs/keystone/pull/4478
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keystonejs/keystone/pull/4478
3
reference_url https://packetstormsecurity.com/files/144755/KeystoneJS-4.0.0-beta.5-Unauthenticated-CSV-Injection.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://packetstormsecurity.com/files/144755/KeystoneJS-4.0.0-beta.5-Unauthenticated-CSV-Injection.html
4
reference_url https://www.exploit-db.com/exploits/43053
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/43053
5
reference_url https://www.exploit-db.com/exploits/43053/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/43053/
6
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/nodejs/webapps/43053.txt
reference_id CVE-2017-15879
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/nodejs/webapps/43053.txt
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-15879
reference_id CVE-2017-15879
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-15879
fixed_packages
0
url pkg:npm/keystone@4.0.0-beta7
purl pkg:npm/keystone@4.0.0-beta7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keystone@4.0.0-beta7
1
url pkg:npm/keystone@4.1.0
purl pkg:npm/keystone@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ppy6-36tw-sqft
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keystone@4.1.0
aliases CVE-2017-15879, GHSA-6494-v9fq-fgq2
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2yxf-3ebk-nbeu
1
url VCID-9e59-6pzn-gyc1
vulnerability_id VCID-9e59-6pzn-gyc1
summary keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0087
reference_id
reference_type
scores
0
value 0.56131
scoring_system epss
scoring_elements 0.98145
published_at 2026-06-05T12:55:00Z
1
value 0.56131
scoring_system epss
scoring_elements 0.98143
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0087
1
reference_url https://github.com/keystonejs/keystone
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keystonejs/keystone
2
reference_url https://github.com/keystonejs/keystone/commit/96bf833a23b1a0a5d365cf394467a943cc481b38
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keystonejs/keystone/commit/96bf833a23b1a0a5d365cf394467a943cc481b38
3
reference_url https://huntr.dev/bounties/c9d7374f-2cb9-4bac-9c90-a965942f413e
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/c9d7374f-2cb9-4bac-9c90-a965942f413e
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0087
reference_id CVE-2022-0087
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0087
5
reference_url https://github.com/advisories/GHSA-hrgx-7j6v-xj82
reference_id GHSA-hrgx-7j6v-xj82
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hrgx-7j6v-xj82
6
reference_url https://github.com/keystonejs/keystone/security/advisories/GHSA-hrgx-7j6v-xj82
reference_id GHSA-hrgx-7j6v-xj82
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keystonejs/keystone/security/advisories/GHSA-hrgx-7j6v-xj82
fixed_packages
0
url pkg:npm/keystone@1.0.2
purl pkg:npm/keystone@1.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keystone@1.0.2
1
url pkg:npm/keystone@4.0.0-beta.1
purl pkg:npm/keystone@4.0.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yxf-3ebk-nbeu
1
vulnerability VCID-ndu1-2s48-pucm
2
vulnerability VCID-ppy6-36tw-sqft
3
vulnerability VCID-sw46-5p81-kqhv
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keystone@4.0.0-beta.1
aliases CVE-2022-0087, GHSA-hrgx-7j6v-xj82
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9e59-6pzn-gyc1
2
url VCID-m9p7-836k-pqfb
vulnerability_id VCID-m9p7-836k-pqfb
summary 
Cross-site Scripting
Cross-Site Scripting vulnerability in KeystoneJS allows remote authenticated administrators to inject arbitrary web script or HTML via the `content brief` or `content extended` field.
references
0
reference_url http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report
1
reference_url http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report/
reference_id
reference_type
scores
url http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report/
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-15881
reference_id
reference_type
scores
0
value 0.00466
scoring_system epss
scoring_elements 0.64737
published_at 2026-06-04T12:55:00Z
1
value 0.00466
scoring_system epss
scoring_elements 0.64778
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-15881
3
reference_url https://github.com/advisories/GHSA-7cv6-gvx3-m54m
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-7cv6-gvx3-m54m
4
reference_url https://github.com/keystonejs/keystone/issues/4437
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keystonejs/keystone/issues/4437
5
reference_url https://github.com/keystonejs/keystone/pull/4478
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keystonejs/keystone/pull/4478
6
reference_url https://securelayer7.net/download/pdf/KeystoneJS-Pentest-Report-SecureLayer7.pdf
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://securelayer7.net/download/pdf/KeystoneJS-Pentest-Report-SecureLayer7.pdf
7
reference_url https://www.npmjs.com/advisories/981
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/981
8
reference_url http://www.securityfocus.com/bid/101541
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/101541
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-15881
reference_id CVE-2017-15881
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-15881
fixed_packages
0
url pkg:npm/keystone@4.0.0-beta.1
purl pkg:npm/keystone@4.0.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yxf-3ebk-nbeu
1
vulnerability VCID-ndu1-2s48-pucm
2
vulnerability VCID-ppy6-36tw-sqft
3
vulnerability VCID-sw46-5p81-kqhv
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keystone@4.0.0-beta.1
1
url pkg:npm/keystone@4.0.0-beta7
purl pkg:npm/keystone@4.0.0-beta7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keystone@4.0.0-beta7
2
url pkg:npm/keystone@4.1.0
purl pkg:npm/keystone@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ppy6-36tw-sqft
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keystone@4.1.0
aliases CVE-2017-15881, GHSA-7cv6-gvx3-m54m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m9p7-836k-pqfb
3
url VCID-ndu1-2s48-pucm
vulnerability_id VCID-ndu1-2s48-pucm
summary 
Cross-site Scripting
Possible Cross-site scripting via the "Contact Us feature".
references
0
reference_url http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report
1
reference_url http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report/
reference_id
reference_type
scores
url http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report/
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-15878
reference_id
reference_type
scores
0
value 0.03604
scoring_system epss
scoring_elements 0.87985
published_at 2026-06-04T12:55:00Z
1
value 0.03604
scoring_system epss
scoring_elements 0.88006
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-15878
3
reference_url https://github.com/advisories/GHSA-7qcx-jmrc-h2rr
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-7qcx-jmrc-h2rr
4
reference_url https://github.com/keystonejs/keystone
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keystonejs/keystone
5
reference_url https://github.com/keystonejs/keystone/pull/4478
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keystonejs/keystone/pull/4478
6
reference_url https://packetstormsecurity.com/files/144756/KeystoneJS-4.0.0-beta.5-Unauthenticated-Stored-Cross-Site-Scripting.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packetstormsecurity.com/files/144756/KeystoneJS-4.0.0-beta.5-Unauthenticated-Stored-Cross-Site-Scripting.html
7
reference_url https://securelayer7.net/download/pdf/KeystoneJS-Pentest-Report-SecureLayer7.pdf
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://securelayer7.net/download/pdf/KeystoneJS-Pentest-Report-SecureLayer7.pdf
8
reference_url https://www.exploit-db.com/exploits/43054
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/43054
9
reference_url https://www.exploit-db.com/exploits/43054/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/43054/
10
reference_url https://www.npmjs.com/advisories/980
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/980
11
reference_url http://www.securityfocus.com/bid/101541
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/101541
12
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/nodejs/webapps/43054.txt
reference_id CVE-2017-15878
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/nodejs/webapps/43054.txt
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-15878
reference_id CVE-2017-15878
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-15878
fixed_packages
0
url pkg:npm/keystone@4.0.0
purl pkg:npm/keystone@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yxf-3ebk-nbeu
1
vulnerability VCID-m9p7-836k-pqfb
2
vulnerability VCID-ppy6-36tw-sqft
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keystone@4.0.0
aliases CVE-2017-15878, GHSA-7qcx-jmrc-h2rr
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ndu1-2s48-pucm
4
url VCID-ppy6-36tw-sqft
vulnerability_id VCID-ppy6-36tw-sqft
summary 
Missing Authorization
Keystone is an open source headless CMS for Node.js — built with GraphQL and React. When `ui.isAccessAllowed` is set as `undefined`, the `adminMeta` GraphQL query is publicly accessible (no session required). This is different to the behaviour of the default AdminUI middleware, which by default will only be publicly accessible (no session required) if a `session` strategy is not defined. This vulnerability does not affect developers using the `@keystone-6/auth` package, or any users that have written their own `ui.isAccessAllowed` (that is to say, `isAccessAllowed` is not `undefined`). This vulnerability does affect users who believed that their `session` strategy will, by default, enforce that `adminMeta` is inaccessible by the public in accordance with that strategy; akin to the behaviour of the AdminUI middleware. This vulnerability has been patched in `@keystone-6/core` version `5.5.1`. Users are advised to upgrade. Users unable to upgrade may opt to write their own `isAccessAllowed` functionality to work-around this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-40027
reference_id
reference_type
scores
0
value 0.00321
scoring_system epss
scoring_elements 0.55427
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-40027
1
reference_url https://github.com/keystonejs/keystone
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keystonejs/keystone
2
reference_url https://github.com/keystonejs/keystone/commit/650e27e6e9b42abfb94c340c8470faf61f0ff284
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T17:45:13Z/
url https://github.com/keystonejs/keystone/commit/650e27e6e9b42abfb94c340c8470faf61f0ff284
3
reference_url https://github.com/keystonejs/keystone/pull/8771
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T17:45:13Z/
url https://github.com/keystonejs/keystone/pull/8771
4
reference_url https://github.com/keystonejs/keystone/releases/tag/2023-08-15
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keystonejs/keystone/releases/tag/2023-08-15
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-40027
reference_id CVE-2023-40027
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-40027
6
reference_url https://github.com/advisories/GHSA-9cvc-v7wm-992c
reference_id GHSA-9cvc-v7wm-992c
reference_type
scores
url https://github.com/advisories/GHSA-9cvc-v7wm-992c
7
reference_url https://github.com/keystonejs/keystone/security/advisories/GHSA-9cvc-v7wm-992c
reference_id GHSA-9cvc-v7wm-992c
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T17:45:13Z/
url https://github.com/keystonejs/keystone/security/advisories/GHSA-9cvc-v7wm-992c
fixed_packages
0
url pkg:npm/keystone@5.5.1
purl pkg:npm/keystone@5.5.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keystone@5.5.1
aliases CVE-2023-40027, GHSA-9cvc-v7wm-992c
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ppy6-36tw-sqft
5
url VCID-qs56-6vgh-6uaz
vulnerability_id VCID-qs56-6vgh-6uaz
summary 
Authentication Weakness in keystone
Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-9240
reference_id
reference_type
scores
0
value 0.00237
scoring_system epss
scoring_elements 0.46887
published_at 2026-06-04T12:55:00Z
1
value 0.00237
scoring_system epss
scoring_elements 0.46953
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-9240
1
reference_url https://nodesecurity.io/advisories/60
reference_id
reference_type
scores
url https://nodesecurity.io/advisories/60
2
reference_url https://www.npmjs.com/advisories/60
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/60
3
reference_url https://www.npmjs.com/package/keystone
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/keystone
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-9240
reference_id CVE-2015-9240
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-9240
5
reference_url https://github.com/advisories/GHSA-39pj-gq8q-9pfj
reference_id GHSA-39pj-gq8q-9pfj
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-39pj-gq8q-9pfj
fixed_packages
0
url pkg:npm/keystone@0.3.16
purl pkg:npm/keystone@0.3.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yxf-3ebk-nbeu
1
vulnerability VCID-9e59-6pzn-gyc1
2
vulnerability VCID-m9p7-836k-pqfb
3
vulnerability VCID-ndu1-2s48-pucm
4
vulnerability VCID-ppy6-36tw-sqft
5
vulnerability VCID-sw46-5p81-kqhv
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keystone@0.3.16
aliases CVE-2015-9240, GHSA-39pj-gq8q-9pfj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qs56-6vgh-6uaz
6
url VCID-sw46-5p81-kqhv
vulnerability_id VCID-sw46-5p81-kqhv
summary 
Cross-Site Request Forgery (CSRF)
KeystoneJS allows application-wide CSRF bypass by removing the CSRF parameter and value.
references
0
reference_url http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report
1
reference_url http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report/
reference_id
reference_type
scores
url http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report/
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16570
reference_id
reference_type
scores
0
value 0.00198
scoring_system epss
scoring_elements 0.41748
published_at 2026-06-04T12:55:00Z
1
value 0.00198
scoring_system epss
scoring_elements 0.41824
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16570
3
reference_url https://github.com/advisories/GHSA-q43c-g2g7-6gxj
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-q43c-g2g7-6gxj
4
reference_url https://github.com/keystonejs/keystone/issues/4437
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keystonejs/keystone/issues/4437
5
reference_url https://github.com/keystonejs/keystone/pull/4478
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keystonejs/keystone/pull/4478
6
reference_url https://securelayer7.net/download/pdf/KeystoneJS-Pentest-Report-SecureLayer7.pdf
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://securelayer7.net/download/pdf/KeystoneJS-Pentest-Report-SecureLayer7.pdf
7
reference_url https://snyk.io/vuln/SNYK-JS-KEYSTONE-449663
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-KEYSTONE-449663
8
reference_url https://www.exploit-db.com/exploits/43922
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/43922
9
reference_url https://www.exploit-db.com/exploits/43922/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/43922/
10
reference_url https://www.npmjs.com/advisories/979
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/979
11
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/nodejs/webapps/43922.html
reference_id CVE-2017-16570
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/nodejs/webapps/43922.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16570
reference_id CVE-2017-16570
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16570
fixed_packages
0
url pkg:npm/keystone@4.0.0-beta.7
purl pkg:npm/keystone@4.0.0-beta.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yxf-3ebk-nbeu
1
vulnerability VCID-ndu1-2s48-pucm
2
vulnerability VCID-ppy6-36tw-sqft
3
vulnerability VCID-sw46-5p81-kqhv
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keystone@4.0.0-beta.7
1
url pkg:npm/keystone@4.0.0
purl pkg:npm/keystone@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yxf-3ebk-nbeu
1
vulnerability VCID-m9p7-836k-pqfb
2
vulnerability VCID-ppy6-36tw-sqft
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keystone@4.0.0
aliases CVE-2017-16570, GHSA-q43c-g2g7-6gxj
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sw46-5p81-kqhv
7
url VCID-yynq-xbdy-2ff7
vulnerability_id VCID-yynq-xbdy-2ff7
summary 
Authentication Weakness
Due to a bug in the the default sign in functionality, incomplete email addresses could be matched. A correct password is still required to complete sign in.
references
fixed_packages
0
url pkg:npm/keystone@0.3.16
purl pkg:npm/keystone@0.3.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yxf-3ebk-nbeu
1
vulnerability VCID-9e59-6pzn-gyc1
2
vulnerability VCID-m9p7-836k-pqfb
3
vulnerability VCID-ndu1-2s48-pucm
4
vulnerability VCID-ppy6-36tw-sqft
5
vulnerability VCID-sw46-5p81-kqhv
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keystone@0.3.16
aliases GMS-2015-50
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yynq-xbdy-2ff7
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/keystone@0.2.2