Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/%40adobe/git-server@0.9.18-pre.18

Type npm

Namespace @adobe

Name git-server

Version 0.9.18-pre.18

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.3.1

Latest_non_vulnerable_version 1.3.1

Affected_by_vulnerabilities

url VCID-hbjq-jft8-4kaa

vulnerability_id VCID-hbjq-jft8-4kaa

summary

Path Traversal
The `resolveRepositoryPath` function does not properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-9708

reference_id

reference_type

scores

value	0.03823
scoring_system	epss
scoring_elements	0.8834
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-9708

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-9708
reference_id	CVE-2020-9708
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-9708

fixed_packages

url	pkg:npm/%40adobe/git-server@1.3.1
purl	pkg:npm/%40adobe/git-server@1.3.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/%2540adobe/git-server@1.3.1

aliases CVE-2020-9708, GHSA-cgj4-x2hh-2x93

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hbjq-jft8-4kaa

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540adobe/git-server@0.9.18-pre.18

Package Instance