Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/%40andrei-tatar/nora-firebase-common@1.12.3

Type npm

Namespace @andrei-tatar

Name nora-firebase-common

Version 1.12.3

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-r7yb-q6bg-rqdy

vulnerability_id VCID-r7yb-q6bg-rqdy

summary An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-30564

reference_id

reference_type

scores

value	0.03842
scoring_system	epss
scoring_elements	0.88444
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-30564

reference_url

https://github.com/andrei-tatar/nora-firebase-common

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/andrei-tatar/nora-firebase-common

reference_url

https://github.com/andrei-tatar/nora-firebase-common/issues/9

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/andrei-tatar/nora-firebase-common/issues/9

reference_url

https://gist.github.com/mestrtee/5dc2c948c2057f98d3de0a9790903c6c

reference_id

5dc2c948c2057f98d3de0a9790903c6c

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-08-22T15:08:48Z/

url

https://gist.github.com/mestrtee/5dc2c948c2057f98d3de0a9790903c6c

reference_url

https://github.com/andrei-tatar/nora-firebase-common/commit/bf30b75d51be04f6c1f884561a223226c890f01b

reference_id

bf30b75d51be04f6c1f884561a223226c890f01b

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-08-22T15:08:48Z/

url

https://github.com/andrei-tatar/nora-firebase-common/commit/bf30b75d51be04f6c1f884561a223226c890f01b

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-30564

reference_id

CVE-2024-30564

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-30564

reference_url

https://github.com/advisories/GHSA-jjff-q3q4-5hh8

reference_id

GHSA-jjff-q3q4-5hh8

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jjff-q3q4-5hh8

fixed_packages

url	pkg:npm/%40andrei-tatar/nora-firebase-common@1.12.3
purl	pkg:npm/%40andrei-tatar/nora-firebase-common@1.12.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/%2540andrei-tatar/nora-firebase-common@1.12.3

aliases CVE-2024-30564, GHSA-jjff-q3q4-5hh8

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r7yb-q6bg-rqdy

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540andrei-tatar/nora-firebase-common@1.12.3

Package Instance