Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/datapizza-ai-core@0.0.2
Typepypi
Namespace
Namedatapizza-ai-core
Version0.0.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.0.8
Latest_non_vulnerable_version0.0.8
Affected_by_vulnerabilities
0
url VCID-hb73-52rk-cke9
vulnerability_id VCID-hb73-52rk-cke9
summary A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special elements used in a template engine. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2969
reference_id
reference_type
scores
0
value 0.00092
scoring_system epss
scoring_elements 0.25902
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2969
1
reference_url https://github.com/datapizza-labs/datapizza-ai
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/datapizza-labs/datapizza-ai
2
reference_url https://vuldb.com/?ctiid.347336
reference_id ?ctiid.347336
reference_type
scores
0
value 5.8
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
3
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
4
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T17:04:35Z/
url https://vuldb.com/?ctiid.347336
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2969
reference_id CVE-2026-2969
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2969
4
reference_url https://github.com/advisories/GHSA-q5xx-fxv3-xxqf
reference_id GHSA-q5xx-fxv3-xxqf
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q5xx-fxv3-xxqf
5
reference_url https://vuldb.com/?id.347336
reference_id ?id.347336
reference_type
scores
0
value 5.8
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
3
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
4
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T17:04:35Z/
url https://vuldb.com/?id.347336
6
reference_url https://github.com/hacktivesec/datapizza-ai-disclosure/blob/main/ssti.md
reference_id ssti.md
reference_type
scores
0
value 5.8
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
4
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T17:04:35Z/
url https://github.com/hacktivesec/datapizza-ai-disclosure/blob/main/ssti.md
7
reference_url https://github.com/hacktivesec/datapizza-ai-disclosure/blob/main/ssti.md#poc
reference_id ssti.md#poc
reference_type
scores
0
value 5.8
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T17:04:35Z/
url https://github.com/hacktivesec/datapizza-ai-disclosure/blob/main/ssti.md#poc
8
reference_url https://vuldb.com/?submit.755357
reference_id ?submit.755357
reference_type
scores
0
value 5.8
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
3
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
4
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T17:04:35Z/
url https://vuldb.com/?submit.755357
fixed_packages
0
url pkg:pypi/datapizza-ai-core@0.0.3
purl pkg:pypi/datapizza-ai-core@0.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-y9bt-w9gu-8ucu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/datapizza-ai-core@0.0.3
aliases CVE-2026-2969, GHSA-q5xx-fxv3-xxqf
risk_score 2.6
exploitability 0.5
weighted_severity 5.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hb73-52rk-cke9
1
url VCID-y9bt-w9gu-8ucu
vulnerability_id VCID-y9bt-w9gu-8ucu
summary A vulnerability has been found in datapizza-labs datapizza-ai 0.0.2. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high complexity level is associated with this attack. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2970
reference_id
reference_type
scores
0
value 0.00035
scoring_system epss
scoring_elements 0.10935
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2970
1
reference_url https://github.com/datapizza-labs/datapizza-ai
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/datapizza-labs/datapizza-ai
2
reference_url https://vuldb.com/?ctiid.347337
reference_id ?ctiid.347337
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:A/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 4.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
4
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T17:03:58Z/
url https://vuldb.com/?ctiid.347337
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2970
reference_id CVE-2026-2970
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2970
4
reference_url https://github.com/advisories/GHSA-hg58-x52p-859c
reference_id GHSA-hg58-x52p-859c
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hg58-x52p-859c
5
reference_url https://vuldb.com/?id.347337
reference_id ?id.347337
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:A/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 4.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
4
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T17:03:58Z/
url https://vuldb.com/?id.347337
6
reference_url https://vuldb.com/?submit.755363
reference_id ?submit.755363
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:A/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 4.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
4
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T17:03:58Z/
url https://vuldb.com/?submit.755363
7
reference_url https://github.com/hacktivesec/datapizza-ai-disclosure/blob/main/unsafe-deserialization.md
reference_id unsafe-deserialization.md
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:A/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 4.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
4
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T17:03:58Z/
url https://github.com/hacktivesec/datapizza-ai-disclosure/blob/main/unsafe-deserialization.md
8
reference_url https://github.com/hacktivesec/datapizza-ai-disclosure/blob/main/unsafe-deserialization.md#poc
reference_id unsafe-deserialization.md#poc
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:A/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 4.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T17:03:58Z/
url https://github.com/hacktivesec/datapizza-ai-disclosure/blob/main/unsafe-deserialization.md#poc
fixed_packages
0
url pkg:pypi/datapizza-ai-core@0.0.8
purl pkg:pypi/datapizza-ai-core@0.0.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/datapizza-ai-core@0.0.8
aliases CVE-2026-2970, GHSA-hg58-x52p-859c
risk_score 2.0
exploitability 0.5
weighted_severity 4.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y9bt-w9gu-8ucu
Fixing_vulnerabilities
Risk_score2.6
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/datapizza-ai-core@0.0.2