Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/pacparser@1.4.2

Type pypi

Namespace

Name pacparser

Version 1.4.2

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-yjjr-re41-dbde

vulnerability_id VCID-yjjr-re41-dbde

summary pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-37360

reference_id

reference_type

scores

value	0.00064
scoring_system	epss
scoring_elements	0.2
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-37360

reference_url

https://github.com/manugarg/pacparser/security/advisories/GHSA-62q6-v997-f7v9

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AC:L/AV:L/A:L/C:L/I:L/PR:N/S:U/UI:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T16:13:44Z/

url

https://github.com/manugarg/pacparser/security/advisories/GHSA-62q6-v997-f7v9

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041425
reference_id	1041425
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041425

fixed_packages

url	pkg:pypi/pacparser@1.4.2
purl	pkg:pypi/pacparser@1.4.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/pacparser@1.4.2

aliases CVE-2023-37360, GHSA-62q6-v997-f7v9, PYSEC-2023-93

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yjjr-re41-dbde

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pacparser@1.4.2

Package Instance