Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/statamic/cms@5.73.22
Typecomposer
Namespacestatamic
Namecms
Version5.73.22
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version6.15.0
Latest_non_vulnerable_version6.18.1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-7qzu-6kuv-9uh1
vulnerability_id VCID-7qzu-6kuv-9uh1
summary Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.22 and 6.18.1, the Glide image proxy's URL validation could be bypassed using an IP representation that wasn't normalized before the public-IP check. An unauthenticated user could cause the server to make HTTP requests to internal addresses — including loopback, private network, and cloud metadata endpoints. This affects sites that pass user-supplied URLs to Glide. Sites running PHP 8.3 or newer are not affected. This vulnerability is fixed in 5.73.22 and 6.18.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45660
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.1402
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45660
1
reference_url https://github.com/statamic/cms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/statamic/cms
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45660
reference_id CVE-2026-45660
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45660
3
reference_url https://github.com/advisories/GHSA-pf9c-ch8r-2958
reference_id GHSA-pf9c-ch8r-2958
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pf9c-ch8r-2958
4
reference_url https://github.com/statamic/cms/security/advisories/GHSA-pf9c-ch8r-2958
reference_id GHSA-pf9c-ch8r-2958
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T19:36:25Z/
url https://github.com/statamic/cms/security/advisories/GHSA-pf9c-ch8r-2958
fixed_packages
0
url pkg:composer/statamic/cms@5.73.22
purl pkg:composer/statamic/cms@5.73.22
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@5.73.22
1
url pkg:composer/statamic/cms@6.18.1
purl pkg:composer/statamic/cms@6.18.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@6.18.1
aliases CVE-2026-45660, GHSA-pf9c-ch8r-2958
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7qzu-6kuv-9uh1
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@5.73.22