Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/league/flysystem@1.0.57
Typecomposer
Namespaceleague
Nameflysystem
Version1.0.57
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.1.4
Latest_non_vulnerable_version2.1.1
Affected_by_vulnerabilities
0
url VCID-z2s5-ydqf-suec
vulnerability_id VCID-z2s5-ydqf-suec
summary Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the path or filename of an uploaded file, the supplied path or filename is not checked against unicode chars, the supplied pathname checked against an extension deny-list, not an allow-list, the supplied path or filename contains a unicode whitespace char in the extension, the uploaded file is stored in a directory that allows PHP code to be executed. Given these conditions are met a user can upload and execute arbitrary code on the system under attack. The unicode whitespace removal has been replaced with a rejection (exception). For 1.x users, upgrade to 1.1.4. For 2.x users, upgrade to 2.1.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32708
reference_id
reference_type
scores
0
value 0.07327
scoring_system epss
scoring_elements 0.91877
published_at 2026-06-11T12:55:00Z
1
value 0.07327
scoring_system epss
scoring_elements 0.91905
published_at 2026-06-12T12:55:00Z
2
value 0.07327
scoring_system epss
scoring_elements 0.91913
published_at 2026-06-13T12:55:00Z
3
value 0.07327
scoring_system epss
scoring_elements 0.91909
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32708
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32708
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32708
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/league/flysystem/CVE-2021-32708.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/league/flysystem/CVE-2021-32708.yaml
3
reference_url https://github.com/thephpleague/flysystem
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/thephpleague/flysystem
4
reference_url https://github.com/thephpleague/flysystem/commit/a3c694de9f7e844b76f9d1b61296ebf6e8d89d74
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/thephpleague/flysystem/commit/a3c694de9f7e844b76f9d1b61296ebf6e8d89d74
5
reference_url https://github.com/thephpleague/flysystem/commit/f3ad69181b8afed2c9edf7be5a2918144ff4ea32
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/thephpleague/flysystem/commit/f3ad69181b8afed2c9edf7be5a2918144ff4ea32
6
reference_url https://github.com/thephpleague/flysystem/security/advisories/GHSA-9f46-5r25-5wfm
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/thephpleague/flysystem/security/advisories/GHSA-9f46-5r25-5wfm
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWPTENBYKI2IG47GI4DHAACLNRLTWUR5
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWPTENBYKI2IG47GI4DHAACLNRLTWUR5
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWPTENBYKI2IG47GI4DHAACLNRLTWUR5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWPTENBYKI2IG47GI4DHAACLNRLTWUR5/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNZSWK4GOMJOOHKLZEOE5AQSLC4DNCRZ
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNZSWK4GOMJOOHKLZEOE5AQSLC4DNCRZ
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNZSWK4GOMJOOHKLZEOE5AQSLC4DNCRZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNZSWK4GOMJOOHKLZEOE5AQSLC4DNCRZ/
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32708
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32708
12
reference_url https://packagist.org/packages/league/flysystem
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/league/flysystem
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990288
reference_id 990288
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990288
14
reference_url https://github.com/advisories/GHSA-9f46-5r25-5wfm
reference_id GHSA-9f46-5r25-5wfm
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9f46-5r25-5wfm
fixed_packages
0
url pkg:composer/league/flysystem@1.1.4
purl pkg:composer/league/flysystem@1.1.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/league/flysystem@1.1.4
1
url pkg:composer/league/flysystem@2.1.1
purl pkg:composer/league/flysystem@2.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/league/flysystem@2.1.1
aliases CVE-2021-32708, GHSA-9f46-5r25-5wfm
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z2s5-ydqf-suec
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/league/flysystem@1.0.57