Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/delayed_job@2.0.5

Type gem

Namespace

Name delayed_job

Version 2.0.5

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.0.0.beta1

Latest_non_vulnerable_version 4.0.0.beta1

Affected_by_vulnerabilities

url VCID-hwjv-tyhu-u3dc

vulnerability_id VCID-hwjv-tyhu-u3dc

summary

Man-in-the-Middle
This package is vulnerable to Man-in-the-middle (MitM) attacks due to attacks due to downloading gems over an insecure protocol. Without a secure connection, it is possible for an attacker to intercept this connection and alter the packages received. In serious cases, this may even lead to Remote Code Execution (RCE) on your host server.

references

reference_url	https://github.com/collectiveidea/delayed_job/commit/03c34c4a9b41a5d5d7594457c7c25044d215dd63
reference_id
reference_type
scores
url	https://github.com/collectiveidea/delayed_job/commit/03c34c4a9b41a5d5d7594457c7c25044d215dd63

fixed_packages

url	pkg:gem/delayed_job@4.0.0.beta1
purl	pkg:gem/delayed_job@4.0.0.beta1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/delayed_job@4.0.0.beta1

aliases GMS-2013-2

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hwjv-tyhu-u3dc

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/delayed_job@2.0.5

Package Instance