Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/squizlabs/php_codesniffer@2.7.0
Typecomposer
Namespacesquizlabs
Namephp_codesniffer
Version2.7.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.8.1
Latest_non_vulnerable_version3.0.1
Affected_by_vulnerabilities
0
url VCID-9hmc-9e7p-43cq
vulnerability_id VCID-9hmc-9e7p-43cq
summary 
Arbitrary shell execution
Uses of `shell_exec()` and `exec()` were not escaping filenames and configuration settings in most cases.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/squizlabs/php_codesniffer/2017-03-01.yaml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/squizlabs/php_codesniffer/2017-03-01.yaml
1
reference_url https://github.com/squizlabs/PHP_CodeSniffer
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/squizlabs/PHP_CodeSniffer
2
reference_url https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/2.8.1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/2.8.1
3
reference_url https://github.com/advisories/GHSA-mhfv-8rc9-w38c
reference_id GHSA-mhfv-8rc9-w38c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mhfv-8rc9-w38c
fixed_packages
0
url pkg:composer/squizlabs/php_codesniffer@2.8.1
purl pkg:composer/squizlabs/php_codesniffer@2.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/squizlabs/php_codesniffer@2.8.1
aliases GHSA-mhfv-8rc9-w38c, GMS-2022-514
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9hmc-9e7p-43cq
1
url VCID-hdht-gm7m-jfez
vulnerability_id VCID-hdht-gm7m-jfez
summary 
Arbitrary shell execution
This release contains a fix for a security advisory related to the improper handling of shell commands. Uses of `shell_exec()` and `exec()` were not escaping filenames and configuration settings in most cases A properly crafted filename or configuration option would allow for arbitrary code execution when using some features.
references
0
reference_url https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/2.8.1
reference_id
reference_type
scores
url https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/2.8.1
fixed_packages
aliases GMS-2017-112
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hdht-gm7m-jfez
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/squizlabs/php_codesniffer@2.7.0