{"url":"http://public2.vulnerablecode.io/api/packages/513516?format=json","purl":"pkg:composer/cachethq/cachet@2.0.0-RC5","type":"composer","namespace":"cachethq","name":"cachet","version":"2.0.0-RC5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.0","latest_non_vulnerable_version":"2.5.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/342547?format=json","vulnerability_id":"VCID-94cv-cc1n-zbh5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39173","reference_id":"","reference_type":"","scores":[{"value":"0.037","scoring_system":"epss","scoring_elements":"0.88217","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39173"},{"reference_url":"https://blog.sonarsource.com/cachet-code-execution-via-laravel-configuration-injection","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.sonarsource.com/cachet-code-execution-via-laravel-configuration-injection"},{"reference_url":"https://github.com/fiveai/Cachet","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/fiveai/Cachet"},{"reference_url":"https://github.com/fiveai/Cachet/releases/tag/v2.5.1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/fiveai/Cachet/releases/tag/v2.5.1"},{"reference_url":"https://github.com/fiveai/Cachet/security/advisories/GHSA-r67m-m8c7-jp83","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/fiveai/Cachet/security/advisories/GHSA-r67m-m8c7-jp83"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39173","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39173"},{"reference_url":"https://github.com/advisories/GHSA-r67m-m8c7-jp83","reference_id":"GHSA-r67m-m8c7-jp83","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r67m-m8c7-jp83"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382885?format=json","purl":"pkg:composer/cachethq/cachet@2.5.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cachethq/cachet@2.5.1"}],"aliases":["CVE-2021-39173","GHSA-r67m-m8c7-jp83"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-94cv-cc1n-zbh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/128833?format=json","vulnerability_id":"VCID-mwbt-wn3j-qqh7","summary":"Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch contains a patch for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43661","reference_id":"","reference_type":"","scores":[{"value":"0.18169","scoring_system":"epss","scoring_elements":"0.95339","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43661"},{"reference_url":"https://github.com/cachethq/cachet","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cachethq/cachet"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43661","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43661"},{"reference_url":"https://github.com/cachethq/cachet/commit/6fb043e109d2a262ce3974e863c54e9e5f5e0587","reference_id":"6fb043e109d2a262ce3974e863c54e9e5f5e0587","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:45:32Z/"}],"url":"https://github.com/cachethq/cachet/commit/6fb043e109d2a262ce3974e863c54e9e5f5e0587"},{"reference_url":"https://github.com/advisories/GHSA-hv79-p62r-wg3p","reference_id":"GHSA-hv79-p62r-wg3p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hv79-p62r-wg3p"},{"reference_url":"https://github.com/cachethq/cachet/security/advisories/GHSA-hv79-p62r-wg3p","reference_id":"GHSA-hv79-p62r-wg3p","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:45:32Z/"}],"url":"https://github.com/cachethq/cachet/security/advisories/GHSA-hv79-p62r-wg3p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379162?format=json","purl":"pkg:composer/cachethq/cachet@2.4.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cachethq/cachet@2.4.0"}],"aliases":["CVE-2023-43661","GHSA-hv79-p62r-wg3p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mwbt-wn3j-qqh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/342539?format=json","vulnerability_id":"VCID-pte7-qsjh-fbg1","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39165","reference_id":"","reference_type":"","scores":[{"value":"0.80411","scoring_system":"epss","scoring_elements":"0.99151","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39165"},{"reference_url":"https://github.com/fiveai/Cachet/commit/27bca8280419966ba80c6fa283d985ddffa84bb6","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/fiveai/Cachet/commit/27bca8280419966ba80c6fa283d985ddffa84bb6"},{"reference_url":"https://github.com/fiveai/Cachet/security/advisories/GHSA-79mg-4w23-4fqc","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/fiveai/Cachet/security/advisories/GHSA-79mg-4w23-4fqc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39165","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39165"},{"reference_url":"https://github.com/advisories/GHSA-79mg-4w23-4fqc","reference_id":"GHSA-79mg-4w23-4fqc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-79mg-4w23-4fqc"}],"fixed_packages":[],"aliases":["CVE-2021-39165","GHSA-79mg-4w23-4fqc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pte7-qsjh-fbg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/342548?format=json","vulnerability_id":"VCID-qhp2-sje7-7fcv","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39174","reference_id":"","reference_type":"","scores":[{"value":"0.5172","scoring_system":"epss","scoring_elements":"0.97958","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39174"},{"reference_url":"https://blog.sonarsource.com/cachet-code-execution-via-laravel-configuration-injection","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.sonarsource.com/cachet-code-execution-via-laravel-configuration-injection"},{"reference_url":"https://github.com/cachethq/Cachet","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cachethq/Cachet"},{"reference_url":"https://github.com/fiveai/Cachet/releases/tag/v2.5.1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/fiveai/Cachet/releases/tag/v2.5.1"},{"reference_url":"https://github.com/fiveai/Cachet/security/advisories/GHSA-88f9-7xxh-c688","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/fiveai/Cachet/security/advisories/GHSA-88f9-7xxh-c688"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39174","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39174"},{"reference_url":"https://github.com/advisories/GHSA-88f9-7xxh-c688","reference_id":"GHSA-88f9-7xxh-c688","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-88f9-7xxh-c688"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382885?format=json","purl":"pkg:composer/cachethq/cachet@2.5.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cachethq/cachet@2.5.1"}],"aliases":["CVE-2021-39174","GHSA-88f9-7xxh-c688"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qhp2-sje7-7fcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/342546?format=json","vulnerability_id":"VCID-vnyk-n5a8-7qbj","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39172","reference_id":"","reference_type":"","scores":[{"value":"0.52026","scoring_system":"epss","scoring_elements":"0.97973","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39172"},{"reference_url":"https://blog.sonarsource.com/cachet-code-execution-via-laravel-configuration-injection","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.sonarsource.com/cachet-code-execution-via-laravel-configuration-injection"},{"reference_url":"https://github.com/fiveai/Cachet","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/fiveai/Cachet"},{"reference_url":"https://github.com/fiveai/Cachet/commit/6442976c25930cb370c65a22784b9caee7ed1de2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/fiveai/Cachet/commit/6442976c25930cb370c65a22784b9caee7ed1de2"},{"reference_url":"https://github.com/fiveai/Cachet/releases/tag/v2.5.1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/fiveai/Cachet/releases/tag/v2.5.1"},{"reference_url":"https://github.com/fiveai/Cachet/security/advisories/GHSA-9jxw-cfrh-jxq6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/fiveai/Cachet/security/advisories/GHSA-9jxw-cfrh-jxq6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39172","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39172"},{"reference_url":"https://github.com/advisories/GHSA-9jxw-cfrh-jxq6","reference_id":"GHSA-9jxw-cfrh-jxq6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9jxw-cfrh-jxq6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382885?format=json","purl":"pkg:composer/cachethq/cachet@2.5.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cachethq/cachet@2.5.1"}],"aliases":["CVE-2021-39172","GHSA-9jxw-cfrh-jxq6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vnyk-n5a8-7qbj"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/cachethq/cachet@2.0.0-RC5"}