Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/nextcloud-client@3.6.2-r0?arch=armhf&distroversion=v3.17&reponame=community
Typeapk
Namespacealpine
Namenextcloud-client
Version3.6.2-r0
Qualifiers
arch armhf
distroversion v3.17
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-zf4h-6atu-6yhu
vulnerability_id VCID-zf4h-6atu-6yhu
summary The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file type of the shared file, which on Windows can also sometimes mean that a file depending on the type, e.g. "vbs", is being executed. It is recommended that the Nextcloud Desktop client is upgraded to version 3.6.1. As a workaround, users can block the Nextcloud Desktop client 3.6.0 by setting the `minimum.supported.desktop.version` system config to `3.6.1` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing files can still be used. Another workaround would be to enforce shares to be accepted by setting the `sharing.force_share_accept` system config to `true` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing shares can still be abused.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41882
reference_id
reference_type
scores
0
value 0.00352
scoring_system epss
scoring_elements 0.57873
published_at 2026-06-04T12:55:00Z
1
value 0.00352
scoring_system epss
scoring_elements 0.57925
published_at 2026-06-05T12:55:00Z
2
value 0.00352
scoring_system epss
scoring_elements 0.57934
published_at 2026-06-06T12:55:00Z
3
value 0.00352
scoring_system epss
scoring_elements 0.57922
published_at 2026-06-07T12:55:00Z
4
value 0.00352
scoring_system epss
scoring_elements 0.57909
published_at 2026-06-08T12:55:00Z
5
value 0.00352
scoring_system epss
scoring_elements 0.57926
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41882
1
reference_url https://github.com/nextcloud/server/pull/34559
reference_id 34559
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:45Z/
url https://github.com/nextcloud/server/pull/34559
2
reference_url https://github.com/nextcloud/desktop/pull/5039
reference_id 5039
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:45Z/
url https://github.com/nextcloud/desktop/pull/5039
3
reference_url https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3w86-rm38-8w63
reference_id GHSA-3w86-rm38-8w63
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:45Z/
url https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3w86-rm38-8w63
4
reference_url https://github.com/nextcloud/desktop/releases/tag/v3.6.1
reference_id v3.6.1
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:45Z/
url https://github.com/nextcloud/desktop/releases/tag/v3.6.1
fixed_packages
0
url pkg:apk/alpine/nextcloud-client@3.6.2-r0?arch=armhf&distroversion=v3.17&reponame=community
purl pkg:apk/alpine/nextcloud-client@3.6.2-r0?arch=armhf&distroversion=v3.17&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nextcloud-client@3.6.2-r0%3Farch=armhf&distroversion=v3.17&reponame=community
aliases CVE-2022-41882
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zf4h-6atu-6yhu
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/nextcloud-client@3.6.2-r0%3Farch=armhf&distroversion=v3.17&reponame=community