Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/nextcloud-client@3.6.6-r0?arch=ppc64le&distroversion=v3.23&reponame=community
Typeapk
Namespacealpine
Namenextcloud-client
Version3.6.6-r0
Qualifiers
arch ppc64le
distroversion v3.23
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.8.1-r0
Latest_non_vulnerable_version3.8.1-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1c78-fuew-dfep
vulnerability_id VCID-1c78-fuew-dfep
summary The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28997
reference_id
reference_type
scores
0
value 0.00571
scoring_system epss
scoring_elements 0.69033
published_at 2026-06-05T12:55:00Z
1
value 0.00571
scoring_system epss
scoring_elements 0.69041
published_at 2026-06-09T12:55:00Z
2
value 0.00571
scoring_system epss
scoring_elements 0.6902
published_at 2026-06-08T12:55:00Z
3
value 0.00571
scoring_system epss
scoring_elements 0.69036
published_at 2026-06-07T12:55:00Z
4
value 0.00571
scoring_system epss
scoring_elements 0.69043
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28997
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28997
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28997
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/nextcloud/desktop/pull/5324
reference_id 5324
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T15:32:23Z/
url https://github.com/nextcloud/desktop/pull/5324
4
reference_url https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4p33-rw27-j5fc
reference_id GHSA-4p33-rw27-j5fc
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T15:32:23Z/
url https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4p33-rw27-j5fc
5
reference_url https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_DanieleCoppola.pdf
reference_id report_DanieleCoppola.pdf
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T15:32:23Z/
url https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_DanieleCoppola.pdf
fixed_packages
0
url pkg:apk/alpine/nextcloud-client@3.6.6-r0?arch=ppc64le&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/nextcloud-client@3.6.6-r0?arch=ppc64le&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nextcloud-client@3.6.6-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community
aliases CVE-2023-28997
risk_score 3.0
exploitability 0.5
weighted_severity 6.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1c78-fuew-dfep
1
url VCID-7458-u6fv-cke3
vulnerability_id VCID-7458-u6fv-cke3
summary The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as `strong`, `em` and `head` lines in the UI of the desktop client. The lack of sanitisation may allow for javascript injection. It is recommended that the Nextcloud Desktop Client is upgraded to 3.6.3. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23942
reference_id
reference_type
scores
0
value 0.01669
scoring_system epss
scoring_elements 0.82476
published_at 2026-06-05T12:55:00Z
1
value 0.01669
scoring_system epss
scoring_elements 0.82447
published_at 2026-06-04T12:55:00Z
2
value 0.01669
scoring_system epss
scoring_elements 0.82466
published_at 2026-06-08T12:55:00Z
3
value 0.01669
scoring_system epss
scoring_elements 0.82473
published_at 2026-06-07T12:55:00Z
4
value 0.01669
scoring_system epss
scoring_elements 0.82475
published_at 2026-06-06T12:55:00Z
5
value 0.01776
scoring_system epss
scoring_elements 0.8305
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23942
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23942
2
reference_url https://hackerone.com/reports/1788598
reference_id 1788598
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:23Z/
url https://hackerone.com/reports/1788598
3
reference_url https://github.com/nextcloud/desktop/pull/5233
reference_id 5233
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:23Z/
url https://github.com/nextcloud/desktop/pull/5233
4
reference_url https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64qc-vf6v-8xgg
reference_id GHSA-64qc-vf6v-8xgg
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:23Z/
url https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64qc-vf6v-8xgg
fixed_packages
0
url pkg:apk/alpine/nextcloud-client@3.6.6-r0?arch=ppc64le&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/nextcloud-client@3.6.6-r0?arch=ppc64le&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nextcloud-client@3.6.6-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community
aliases CVE-2023-23942
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7458-u6fv-cke3
2
url VCID-fccs-37jy-nbex
vulnerability_id VCID-fccs-37jy-nbex
summary The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure, and add new files.​ Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28998
reference_id
reference_type
scores
0
value 0.00487
scoring_system epss
scoring_elements 0.65847
published_at 2026-06-05T12:55:00Z
1
value 0.00487
scoring_system epss
scoring_elements 0.65852
published_at 2026-06-09T12:55:00Z
2
value 0.00487
scoring_system epss
scoring_elements 0.65834
published_at 2026-06-08T12:55:00Z
3
value 0.00487
scoring_system epss
scoring_elements 0.65844
published_at 2026-06-07T12:55:00Z
4
value 0.00487
scoring_system epss
scoring_elements 0.65858
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28998
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28998
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28998
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/nextcloud/desktop/pull/5323
reference_id 5323
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T15:31:37Z/
url https://github.com/nextcloud/desktop/pull/5323
4
reference_url https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jh3g-wpwv-cqgr
reference_id GHSA-jh3g-wpwv-cqgr
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T15:31:37Z/
url https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jh3g-wpwv-cqgr
5
reference_url https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_DanieleCoppola.pdf
reference_id report_DanieleCoppola.pdf
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T15:31:37Z/
url https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_DanieleCoppola.pdf
fixed_packages
0
url pkg:apk/alpine/nextcloud-client@3.6.6-r0?arch=ppc64le&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/nextcloud-client@3.6.6-r0?arch=ppc64le&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nextcloud-client@3.6.6-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community
aliases CVE-2023-28998
risk_score 3.0
exploitability 0.5
weighted_severity 6.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fccs-37jy-nbex
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/nextcloud-client@3.6.6-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community