Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/ckan@2.6.5
Typepypi
Namespace
Nameckan
Version2.6.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.10.7
Latest_non_vulnerable_version2.11.5
Affected_by_vulnerabilities
0
url VCID-5hj2-93n8-bubp
vulnerability_id VCID-5hj2-93n8-bubp
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-24372
reference_id
reference_type
scores
0
value 0.00218
scoring_system epss
scoring_elements 0.44448
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-24372
1
reference_url https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-upload-group-mimetypes
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:27:18Z/
url https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-upload-group-mimetypes
2
reference_url https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-upload-group-types
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:27:18Z/
url https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-upload-group-types
3
reference_url https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-upload-user-mimetypes
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:27:18Z/
url https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-upload-user-mimetypes
4
reference_url https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-upload-user-types
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:27:18Z/
url https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-upload-user-types
5
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
6
reference_url https://github.com/ckan/ckan/commit/7da6a26c6183e0a97a356d1b1d2407f3ecc7b9c8
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:27:18Z/
url https://github.com/ckan/ckan/commit/7da6a26c6183e0a97a356d1b1d2407f3ecc7b9c8
7
reference_url https://github.com/ckan/ckan/commit/a4fc5e06634ed51d653ab819a7efc8e62f816f68
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/commit/a4fc5e06634ed51d653ab819a7efc8e62f816f68
8
reference_url https://github.com/ckan/ckan/security/advisories/GHSA-7pq5-qcp6-mcww
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:27:18Z/
url https://github.com/ckan/ckan/security/advisories/GHSA-7pq5-qcp6-mcww
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-24372
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-24372
10
reference_url https://github.com/advisories/GHSA-7pq5-qcp6-mcww
reference_id GHSA-7pq5-qcp6-mcww
reference_type
scores
url https://github.com/advisories/GHSA-7pq5-qcp6-mcww
fixed_packages
0
url pkg:pypi/ckan@2.10.7
purl pkg:pypi/ckan@2.10.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.7
1
url pkg:pypi/ckan@2.11.2
purl pkg:pypi/ckan@2.11.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.11.2
aliases CVE-2025-24372, GHSA-7pq5-qcp6-mcww
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5hj2-93n8-bubp
1
url VCID-6epn-ddfg-8fe9
vulnerability_id VCID-6epn-ddfg-8fe9
summary Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in ckan.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32321
reference_id
reference_type
scores
0
value 0.02923
scoring_system epss
scoring_elements 0.86649
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32321
1
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
2
reference_url https://github.com/ckan/ckan/blob/2a6080e61d5601fa0e2a0317afd6a8e9b7abf6dd/CHANGELOG.rst
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-14T19:07:01Z/
url https://github.com/ckan/ckan/blob/2a6080e61d5601fa0e2a0317afd6a8e9b7abf6dd/CHANGELOG.rst
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32321
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32321
4
reference_url https://github.com/advisories/GHSA-446m-hmmm-hm8m
reference_id GHSA-446m-hmmm-hm8m
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-446m-hmmm-hm8m
5
reference_url https://github.com/ckan/ckan/security/advisories/GHSA-446m-hmmm-hm8m
reference_id GHSA-446m-hmmm-hm8m
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-14T19:07:01Z/
url https://github.com/ckan/ckan/security/advisories/GHSA-446m-hmmm-hm8m
fixed_packages
0
url pkg:pypi/ckan@2.9.9
purl pkg:pypi/ckan@2.9.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5hj2-93n8-bubp
1
vulnerability VCID-bah9-eeve-zybg
2
vulnerability VCID-q8zb-pgzr-rqgs
3
vulnerability VCID-t3gx-x14x-2bf9
4
vulnerability VCID-ueuv-2ufc-e7dq
5
vulnerability VCID-wc53-cp3f-2faa
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.9.9
1
url pkg:pypi/ckan@2.10.1
purl pkg:pypi/ckan@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5hj2-93n8-bubp
1
vulnerability VCID-bah9-eeve-zybg
2
vulnerability VCID-q8zb-pgzr-rqgs
3
vulnerability VCID-t3gx-x14x-2bf9
4
vulnerability VCID-ueuv-2ufc-e7dq
5
vulnerability VCID-wc53-cp3f-2faa
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.1
aliases CVE-2023-32321, GHSA-446m-hmmm-hm8m
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6epn-ddfg-8fe9
2
url VCID-bah9-eeve-zybg
vulnerability_id VCID-bah9-eeve-zybg
summary 
Potential log injection in reset user endpoint in CKAN
A user endpoint didn't perform filtering on an incoming parameter, which was added directly to the application log. This could lead to an attacker injecting false log entries or corrupt the log file format.

### Patches
This has been fixed in the CKAN 2.9.11 and 2.10.4 versions

### Workarounds
Override the `/user/reset` endpoint to filter the `id` parameter in order to exclude newlines
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27097
reference_id
reference_type
scores
0
value 0.00446
scoring_system epss
scoring_elements 0.63769
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27097
1
reference_url https://docs.ckan.org/en/2.10/changelog.html#v-2-10-4-2024-03-13
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.ckan.org/en/2.10/changelog.html#v-2-10-4-2024-03-13
2
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
3
reference_url https://github.com/ckan/ckan/commit/5fa133e7e9019573066455b5d442e93c62b3fc93
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/commit/5fa133e7e9019573066455b5d442e93c62b3fc93
4
reference_url https://github.com/ckan/ckan/commit/81b56c55e5e3651d7fcf9642cd5a489a9b62212c
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:05:35Z/
url https://github.com/ckan/ckan/commit/81b56c55e5e3651d7fcf9642cd5a489a9b62212c
5
reference_url https://github.com/ckan/ckan/commit/d81f411bff2da7347c343a83e17f5814475b5b64
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/commit/d81f411bff2da7347c343a83e17f5814475b5b64
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27097
reference_id CVE-2024-27097
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27097
7
reference_url https://github.com/advisories/GHSA-8g38-3m6v-232j
reference_id GHSA-8g38-3m6v-232j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8g38-3m6v-232j
8
reference_url https://github.com/ckan/ckan/security/advisories/GHSA-8g38-3m6v-232j
reference_id GHSA-8g38-3m6v-232j
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:05:35Z/
url https://github.com/ckan/ckan/security/advisories/GHSA-8g38-3m6v-232j
fixed_packages
0
url pkg:pypi/ckan@2.9.11
purl pkg:pypi/ckan@2.9.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5hj2-93n8-bubp
1
vulnerability VCID-q8zb-pgzr-rqgs
2
vulnerability VCID-ueuv-2ufc-e7dq
3
vulnerability VCID-wc53-cp3f-2faa
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.9.11
1
url pkg:pypi/ckan@2.10.4
purl pkg:pypi/ckan@2.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5hj2-93n8-bubp
1
vulnerability VCID-q8zb-pgzr-rqgs
2
vulnerability VCID-ueuv-2ufc-e7dq
3
vulnerability VCID-wc53-cp3f-2faa
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.4
aliases CVE-2024-27097, GHSA-8g38-3m6v-232j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bah9-eeve-zybg
3
url VCID-mfpa-jdxh-vfd3
vulnerability_id VCID-mfpa-jdxh-vfd3
summary 
Improper Privilege Management
CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the `ckan` user (equivalent to www-data) owned code and configuration files in the docker container and the `ckan` user had the permissions to use sudo. These issues allowed for code execution or privilege escalation if an arbitrary file write bug was available. Versions 2.9.9, 2.9.9-dev, 2.10.1, and 2.10.1-dev contain a patch.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32696
reference_id
reference_type
scores
0
value 0.00294
scoring_system epss
scoring_elements 0.52926
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32696
1
reference_url https://github.com/ckan/ckan-docker-base/commit/5483c46ce9b518a4e1b626ef7032cce2c1d75c7d
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T21:20:12Z/
url https://github.com/ckan/ckan-docker-base/commit/5483c46ce9b518a4e1b626ef7032cce2c1d75c7d
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32696
reference_id CVE-2023-32696
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-32696
3
reference_url https://github.com/ckan/ckan-docker-base/security/advisories/GHSA-c74x-xfvr-x5wg
reference_id GHSA-c74x-xfvr-x5wg
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T21:20:12Z/
url https://github.com/ckan/ckan-docker-base/security/advisories/GHSA-c74x-xfvr-x5wg
fixed_packages
0
url pkg:pypi/ckan@2.9.9
purl pkg:pypi/ckan@2.9.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5hj2-93n8-bubp
1
vulnerability VCID-bah9-eeve-zybg
2
vulnerability VCID-q8zb-pgzr-rqgs
3
vulnerability VCID-t3gx-x14x-2bf9
4
vulnerability VCID-ueuv-2ufc-e7dq
5
vulnerability VCID-wc53-cp3f-2faa
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.9.9
1
url pkg:pypi/ckan@2.10.1
purl pkg:pypi/ckan@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5hj2-93n8-bubp
1
vulnerability VCID-bah9-eeve-zybg
2
vulnerability VCID-q8zb-pgzr-rqgs
3
vulnerability VCID-t3gx-x14x-2bf9
4
vulnerability VCID-ueuv-2ufc-e7dq
5
vulnerability VCID-wc53-cp3f-2faa
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.1
aliases CVE-2023-32696, GHSA-c74x-xfvr-x5wg
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mfpa-jdxh-vfd3
4
url VCID-q8zb-pgzr-rqgs
vulnerability_id VCID-q8zb-pgzr-rqgs
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41674
reference_id
reference_type
scores
0
value 0.00475
scoring_system epss
scoring_elements 0.6512
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41674
1
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
2
reference_url https://github.com/ckan/ckan/commit/f6b032cd7082d784938165bbd113557639002ca7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:30:28Z/
url https://github.com/ckan/ckan/commit/f6b032cd7082d784938165bbd113557639002ca7
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41674
reference_id CVE-2024-41674
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41674
4
reference_url https://github.com/advisories/GHSA-2rqw-cfhc-35fh
reference_id GHSA-2rqw-cfhc-35fh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2rqw-cfhc-35fh
5
reference_url https://github.com/ckan/ckan/security/advisories/GHSA-2rqw-cfhc-35fh
reference_id GHSA-2rqw-cfhc-35fh
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:30:28Z/
url https://github.com/ckan/ckan/security/advisories/GHSA-2rqw-cfhc-35fh
fixed_packages
0
url pkg:pypi/ckan@2.10.5
purl pkg:pypi/ckan@2.10.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5hj2-93n8-bubp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.5
aliases CVE-2024-41674, GHSA-2rqw-cfhc-35fh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q8zb-pgzr-rqgs
5
url VCID-t3gx-x14x-2bf9
vulnerability_id VCID-t3gx-x14x-2bf9
summary 
Improper Handling of Length Parameter Inconsistency
CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the `/dataset/new` endpoint (including either the auth cookie or the `Authorization` header) with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server. To trigger this error, the attacker need to have permissions to create or edit datasets. This vulnerability has been patched in CKAN 2.10.3 and 2.9.10.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-50248
reference_id
reference_type
scores
0
value 0.00181
scoring_system epss
scoring_elements 0.39592
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-50248
1
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
2
reference_url https://github.com/ckan/ckan/commit/bd02018b65c5b81d7ede195d00d0fcbac3aa33be
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/commit/bd02018b65c5b81d7ede195d00d0fcbac3aa33be
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50248
reference_id CVE-2023-50248
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-50248
4
reference_url https://github.com/advisories/GHSA-7fgc-89cx-w8j5
reference_id GHSA-7fgc-89cx-w8j5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7fgc-89cx-w8j5
5
reference_url https://github.com/ckan/ckan/security/advisories/GHSA-7fgc-89cx-w8j5
reference_id GHSA-7fgc-89cx-w8j5
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/security/advisories/GHSA-7fgc-89cx-w8j5
fixed_packages
0
url pkg:pypi/ckan@2.9.10
purl pkg:pypi/ckan@2.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5hj2-93n8-bubp
1
vulnerability VCID-bah9-eeve-zybg
2
vulnerability VCID-q8zb-pgzr-rqgs
3
vulnerability VCID-ueuv-2ufc-e7dq
4
vulnerability VCID-wc53-cp3f-2faa
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.9.10
1
url pkg:pypi/ckan@2.10.3
purl pkg:pypi/ckan@2.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5hj2-93n8-bubp
1
vulnerability VCID-bah9-eeve-zybg
2
vulnerability VCID-q8zb-pgzr-rqgs
3
vulnerability VCID-ueuv-2ufc-e7dq
4
vulnerability VCID-wc53-cp3f-2faa
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.3
aliases CVE-2023-50248, GHSA-7fgc-89cx-w8j5
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t3gx-x14x-2bf9
6
url VCID-w6cg-ubux-qbfg
vulnerability_id VCID-w6cg-ubux-qbfg
summary CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43685
reference_id
reference_type
scores
0
value 0.00864
scoring_system epss
scoring_elements 0.75405
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43685
1
reference_url https://ckan.org
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://ckan.org
2
reference_url https://ckan.org/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T04:13:30Z/
url https://ckan.org/
3
reference_url https://ckan.org/blog/get-latest-patch-releases-your-ckan-site-october-2022
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T04:13:30Z/
url https://ckan.org/blog/get-latest-patch-releases-your-ckan-site-october-2022
4
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ckan/PYSEC-2022-42987.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/ckan/PYSEC-2022-42987.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-43685
reference_id CVE-2022-43685
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-43685
7
reference_url https://github.com/advisories/GHSA-m2xp-jxfg-qq6g
reference_id GHSA-m2xp-jxfg-qq6g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m2xp-jxfg-qq6g
fixed_packages
0
url pkg:pypi/ckan@2.9.7
purl pkg:pypi/ckan@2.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5hj2-93n8-bubp
1
vulnerability VCID-6epn-ddfg-8fe9
2
vulnerability VCID-bah9-eeve-zybg
3
vulnerability VCID-mfpa-jdxh-vfd3
4
vulnerability VCID-q8zb-pgzr-rqgs
5
vulnerability VCID-t3gx-x14x-2bf9
6
vulnerability VCID-ueuv-2ufc-e7dq
7
vulnerability VCID-wc53-cp3f-2faa
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.9.7
aliases CVE-2022-43685, GHSA-m2xp-jxfg-qq6g, PYSEC-2022-42987
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w6cg-ubux-qbfg
7
url VCID-wc53-cp3f-2faa
vulnerability_id VCID-wc53-cp3f-2faa
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43371
reference_id
reference_type
scores
0
value 0.00317
scoring_system epss
scoring_elements 0.55019
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43371
1
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
2
reference_url https://github.com/ckan/ckan/commit/382beaec98cb331f2a030459ef043c50eaf5ad53
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/commit/382beaec98cb331f2a030459ef043c50eaf5ad53
3
reference_url https://github.com/ckan/ckan/commit/8601183cc2fc87277ea5b33ff75c3a5610812ab5
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/commit/8601183cc2fc87277ea5b33ff75c3a5610812ab5
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-43371
reference_id CVE-2024-43371
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-43371
5
reference_url https://github.com/advisories/GHSA-g9ph-j5vj-f8wm
reference_id GHSA-g9ph-j5vj-f8wm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g9ph-j5vj-f8wm
6
reference_url https://github.com/ckan/ckan/security/advisories/GHSA-g9ph-j5vj-f8wm
reference_id GHSA-g9ph-j5vj-f8wm
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T19:17:36Z/
url https://github.com/ckan/ckan/security/advisories/GHSA-g9ph-j5vj-f8wm
fixed_packages
0
url pkg:pypi/ckan@2.10.5
purl pkg:pypi/ckan@2.10.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5hj2-93n8-bubp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.5
aliases CVE-2024-43371, GHSA-g9ph-j5vj-f8wm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wc53-cp3f-2faa
8
url VCID-zqyk-rq9a-eked
vulnerability_id VCID-zqyk-rq9a-eked
summary 
Use of Insufficiently Random Values
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the `.env` file, that key was shared across different CKAN instances, making it easy to forge authentication requests. Users overriding the default secret key in their own `.env` file are not affected by this issue. Note that the legacy images (ckan/ckan) located in the main CKAN repo are not affected by this issue. The affected images are ckan/ckan-docker, (ckan/ckan-base images), okfn/docker-ckan (openknowledge/ckan-base and openknowledge/ckan-dev images) keitaroinc/docker-ckan (keitaro/ckan images).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22746
reference_id
reference_type
scores
0
value 0.00374
scoring_system epss
scoring_elements 0.5933
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22746
1
reference_url https://github.com/ckan/ckan/commit/44af0f0a148fcc0e0fbcf02fe69b7db13459a84b
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:04Z/
url https://github.com/ckan/ckan/commit/44af0f0a148fcc0e0fbcf02fe69b7db13459a84b
2
reference_url https://github.com/ckan/ckan/commit/4c22c135fa486afa13855d1cdb9765eaf418d2aa
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:04Z/
url https://github.com/ckan/ckan/commit/4c22c135fa486afa13855d1cdb9765eaf418d2aa
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22746
reference_id CVE-2023-22746
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-22746
4
reference_url https://github.com/ckan/ckan/security/advisories/GHSA-pr8j-v4c8-h62x
reference_id GHSA-pr8j-v4c8-h62x
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:04Z/
url https://github.com/ckan/ckan/security/advisories/GHSA-pr8j-v4c8-h62x
fixed_packages
0
url pkg:pypi/ckan@2.8.12
purl pkg:pypi/ckan@2.8.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5hj2-93n8-bubp
1
vulnerability VCID-6epn-ddfg-8fe9
2
vulnerability VCID-bah9-eeve-zybg
3
vulnerability VCID-mfpa-jdxh-vfd3
4
vulnerability VCID-q8zb-pgzr-rqgs
5
vulnerability VCID-t3gx-x14x-2bf9
6
vulnerability VCID-ueuv-2ufc-e7dq
7
vulnerability VCID-w6cg-ubux-qbfg
8
vulnerability VCID-wc53-cp3f-2faa
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.8.12
1
url pkg:pypi/ckan@2.9.7
purl pkg:pypi/ckan@2.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5hj2-93n8-bubp
1
vulnerability VCID-6epn-ddfg-8fe9
2
vulnerability VCID-bah9-eeve-zybg
3
vulnerability VCID-mfpa-jdxh-vfd3
4
vulnerability VCID-q8zb-pgzr-rqgs
5
vulnerability VCID-t3gx-x14x-2bf9
6
vulnerability VCID-ueuv-2ufc-e7dq
7
vulnerability VCID-wc53-cp3f-2faa
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.9.7
aliases CVE-2023-22746, GHSA-pr8j-v4c8-h62x
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zqyk-rq9a-eked
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.6.5