Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/babel-plugin-polyfill-es-shims@0.10.0
Typenpm
Namespace
Namebabel-plugin-polyfill-es-shims
Version0.10.0
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-29ms-zrq7-mqcr
vulnerability_id VCID-29ms-zrq7-mqcr
summary Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any "polyfill provider" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45133.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45133.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-45133
reference_id
reference_type
scores
0
value 0.00093
scoring_system epss
scoring_elements 0.26027
published_at 2026-06-11T12:55:00Z
1
value 0.00093
scoring_system epss
scoring_elements 0.26227
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-45133
2
reference_url https://babeljs.io/blog/2023/10/16/cve-2023-45133
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://babeljs.io/blog/2023/10/16/cve-2023-45133
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45133
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45133
4
reference_url https://github.com/babel/babel
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/babel/babel
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-45133
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-45133
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053880
reference_id 1053880
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053880
7
reference_url https://github.com/babel/babel/pull/16033
reference_id 16033
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T15:45:41Z/
url https://github.com/babel/babel/pull/16033
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2245102
reference_id 2245102
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2245102
9
reference_url https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82
reference_id b13376b346946e3f62fc0848c1d2a23223314c82
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T15:45:41Z/
url https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82
10
reference_url https://www.debian.org/security/2023/dsa-5528
reference_id dsa-5528
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T15:45:41Z/
url https://www.debian.org/security/2023/dsa-5528
11
reference_url https://github.com/advisories/GHSA-67hx-6x53-jw92
reference_id GHSA-67hx-6x53-jw92
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-67hx-6x53-jw92
12
reference_url https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92
reference_id GHSA-67hx-6x53-jw92
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T15:45:41Z/
url https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92
13
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html
reference_id msg00026.html
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T15:45:41Z/
url https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html
14
reference_url https://github.com/babel/babel/releases/tag/v7.23.2
reference_id v7.23.2
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T15:45:41Z/
url https://github.com/babel/babel/releases/tag/v7.23.2
15
reference_url https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4
reference_id v8.0.0-alpha.4
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T15:45:41Z/
url https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4
fixed_packages
0
url pkg:npm/babel-plugin-polyfill-es-shims@0.10.0
purl pkg:npm/babel-plugin-polyfill-es-shims@0.10.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/babel-plugin-polyfill-es-shims@0.10.0
aliases CVE-2023-45133, GHSA-67hx-6x53-jw92
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-29ms-zrq7-mqcr
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/babel-plugin-polyfill-es-shims@0.10.0