Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/couchbase@3.0.2
Typepypi
Namespace
Namecouchbase
Version3.0.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.2.6
Latest_non_vulnerable_version3.2.6
Affected_by_vulnerabilities
0
url VCID-bnvg-c9hg-dqas
vulnerability_id VCID-bnvg-c9hg-dqas
summary An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output.
references
0
reference_url https://docs.couchbase.com/server/current/release-notes/relnotes.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://docs.couchbase.com/server/current/release-notes/relnotes.html
1
reference_url https://forums.couchbase.com/tags/security
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://forums.couchbase.com/tags/security
2
reference_url https://www.couchbase.com/alerts/
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://www.couchbase.com/alerts/
fixed_packages
0
url pkg:pypi/couchbase@3.2.6
purl pkg:pypi/couchbase@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/couchbase@3.2.6
aliases CVE-2025-52490, PYSEC-2025-101
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bnvg-c9hg-dqas
Fixing_vulnerabilities
0
url VCID-j2eh-qvxx-gub3
vulnerability_id VCID-j2eh-qvxx-gub3
summary An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, the admin credentials provided to the Admin REST API are ignored, resulting in privilege escalation for unauthenticated users. The Public REST API is not impacted by this issue. A workaround is to replace X.509 certificate based authentication with Username and Password authentication inside the bootstrap configuration.
references
0
reference_url https://forums.couchbase.com/tags/security
reference_id
reference_type
scores
url https://forums.couchbase.com/tags/security
1
reference_url https://www.couchbase.com/alerts
reference_id
reference_type
scores
url https://www.couchbase.com/alerts
fixed_packages
0
url pkg:pypi/couchbase@3.0.2
purl pkg:pypi/couchbase@3.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bnvg-c9hg-dqas
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/couchbase@3.0.2
aliases CVE-2022-32563, PYSEC-2022-207
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j2eh-qvxx-gub3
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/couchbase@3.0.2