Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/ckan@2.0
Typepypi
Namespace
Nameckan
Version2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.9.7
Latest_non_vulnerable_version2.11.4
Affected_by_vulnerabilities
0
url VCID-t3gx-x14x-2bf9
vulnerability_id VCID-t3gx-x14x-2bf9
summary 
Improper Handling of Length Parameter Inconsistency
CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the `/dataset/new` endpoint (including either the auth cookie or the `Authorization` header) with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server. To trigger this error, the attacker need to have permissions to create or edit datasets. This vulnerability has been patched in CKAN 2.10.3 and 2.9.10.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-50248
reference_id
reference_type
scores
0
value 0.00181
scoring_system epss
scoring_elements 0.39592
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-50248
1
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
2
reference_url https://github.com/ckan/ckan/commit/bd02018b65c5b81d7ede195d00d0fcbac3aa33be
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/commit/bd02018b65c5b81d7ede195d00d0fcbac3aa33be
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50248
reference_id CVE-2023-50248
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-50248
4
reference_url https://github.com/advisories/GHSA-7fgc-89cx-w8j5
reference_id GHSA-7fgc-89cx-w8j5
reference_type
scores
url https://github.com/advisories/GHSA-7fgc-89cx-w8j5
5
reference_url https://github.com/ckan/ckan/security/advisories/GHSA-7fgc-89cx-w8j5
reference_id GHSA-7fgc-89cx-w8j5
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/security/advisories/GHSA-7fgc-89cx-w8j5
fixed_packages
0
url pkg:pypi/ckan@2.9.10
purl pkg:pypi/ckan@2.9.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.9.10
1
url pkg:pypi/ckan@2.10.3
purl pkg:pypi/ckan@2.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.3
aliases CVE-2023-50248, GHSA-7fgc-89cx-w8j5
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t3gx-x14x-2bf9
1
url VCID-w6cg-ubux-qbfg
vulnerability_id VCID-w6cg-ubux-qbfg
summary CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43685
reference_id
reference_type
scores
0
value 0.00864
scoring_system epss
scoring_elements 0.75405
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43685
1
reference_url https://ckan.org
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://ckan.org
2
reference_url https://ckan.org/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T04:13:30Z/
url https://ckan.org/
3
reference_url https://ckan.org/blog/get-latest-patch-releases-your-ckan-site-october-2022
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T04:13:30Z/
url https://ckan.org/blog/get-latest-patch-releases-your-ckan-site-october-2022
4
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ckan/PYSEC-2022-42987.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/ckan/PYSEC-2022-42987.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-43685
reference_id CVE-2022-43685
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-43685
7
reference_url https://github.com/advisories/GHSA-m2xp-jxfg-qq6g
reference_id GHSA-m2xp-jxfg-qq6g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m2xp-jxfg-qq6g
fixed_packages
0
url pkg:pypi/ckan@2.9.7
purl pkg:pypi/ckan@2.9.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.9.7
aliases CVE-2022-43685, GHSA-m2xp-jxfg-qq6g, PYSEC-2022-42987
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w6cg-ubux-qbfg
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.0