Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/ezsystems/ezplatform@1.13.5-rc2
Typecomposer
Namespaceezsystems
Nameezplatform
Version1.13.5-rc2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.0-alpha1
Latest_non_vulnerable_version3.0.0-beta1
Affected_by_vulnerabilities
0
url VCID-7khh-2839-s3aw
vulnerability_id VCID-7khh-2839-s3aw
summary eZ Platform Prevent accepting app.php in URL in Platform.sh
references
0
reference_url https://github.com/ezsystems/ezplatform
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform
1
reference_url https://github.com/ezsystems/ezplatform/commit/34ce86722b36a172e587068fe64a84faa7320cc2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform/commit/34ce86722b36a172e587068fe64a84faa7320cc2
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezplatform/2019-09-03-2.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezplatform/2019-09-03-2.yaml
3
reference_url https://share.ez.no/community-project/security-advisories/ezsa-2019-007-prevent-accepting-app.php-in-url-in-platform.sh
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://share.ez.no/community-project/security-advisories/ezsa-2019-007-prevent-accepting-app.php-in-url-in-platform.sh
4
reference_url https://github.com/advisories/GHSA-qhjc-hg94-245v
reference_id GHSA-qhjc-hg94-245v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qhjc-hg94-245v
fixed_packages
0
url pkg:composer/ezsystems/ezplatform@1.13.5.1
purl pkg:composer/ezsystems/ezplatform@1.13.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a2s5-4bsk-mugp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform@1.13.5.1
1
url pkg:composer/ezsystems/ezplatform@1.13.5%2B1
purl pkg:composer/ezsystems/ezplatform@1.13.5%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform@1.13.5%252B1
2
url pkg:composer/ezsystems/ezplatform@2.5.4
purl pkg:composer/ezsystems/ezplatform@2.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a2s5-4bsk-mugp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform@2.5.4
aliases GHSA-qhjc-hg94-245v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7khh-2839-s3aw
1
url VCID-a2s5-4bsk-mugp
vulnerability_id VCID-a2s5-4bsk-mugp
summary 
Any storage file can be downloaded from p.sh if full server path is known
The default configuration for platform.sh (.platform.app.yaml) allows access to uploaded files if you know or can guess their location, regardless of whether roles grant content read access to the content containing those files. If you're using Legacy Bridge, the default configuration also allows access to certain legacy files that should not be readable, including the legacy var directory and extension directories.
references
0
reference_url https://developers.ibexa.co/security-advisories/ibexa-sa-2021-006-storage-and-legacy-files-accessible-if-path-is-known
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://developers.ibexa.co/security-advisories/ibexa-sa-2021-006-storage-and-legacy-files-accessible-if-path-is-known
1
reference_url https://github.com/ezsystems/ezplatform
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform
2
reference_url https://github.com/ezsystems/ezplatform/security/advisories/GHSA-2rh5-jvgx-pgw3
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform/security/advisories/GHSA-2rh5-jvgx-pgw3
3
reference_url https://github.com/advisories/GHSA-2rh5-jvgx-pgw3
reference_id GHSA-2rh5-jvgx-pgw3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2rh5-jvgx-pgw3
fixed_packages
0
url pkg:composer/ezsystems/ezplatform@1.13.6%2B1
purl pkg:composer/ezsystems/ezplatform@1.13.6%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform@1.13.6%252B1
1
url pkg:composer/ezsystems/ezplatform@2.0.0-alpha1
purl pkg:composer/ezsystems/ezplatform@2.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform@2.0.0-alpha1
2
url pkg:composer/ezsystems/ezplatform@2.5.24%2B1
purl pkg:composer/ezsystems/ezplatform@2.5.24%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform@2.5.24%252B1
3
url pkg:composer/ezsystems/ezplatform@3.0.0-beta1
purl pkg:composer/ezsystems/ezplatform@3.0.0-beta1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform@3.0.0-beta1
aliases GHSA-2rh5-jvgx-pgw3, GMS-2021-46
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a2s5-4bsk-mugp
2
url VCID-b8sz-22mu-5kgu
vulnerability_id VCID-b8sz-22mu-5kgu
summary eZ Platform Rules to disable executable access are ignored on Platform.sh (eZ Cloud)
references
0
reference_url https://github.com/ezsystems/ezplatform
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform
1
reference_url https://github.com/ezsystems/ezplatform/commit/773dddc0d8fe4fda34d2153a401eeaa6cc30b1ff
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform/commit/773dddc0d8fe4fda34d2153a401eeaa6cc30b1ff
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezplatform/2019-09-03-1.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezplatform/2019-09-03-1.yaml
3
reference_url https://share.ez.no/community-project/security-advisories/ezsa-2019-006-rules-to-disable-executable-access-are-ignored-on-platform.sh-ez-cloud
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://share.ez.no/community-project/security-advisories/ezsa-2019-006-rules-to-disable-executable-access-are-ignored-on-platform.sh-ez-cloud
4
reference_url https://github.com/advisories/GHSA-6xch-2vxx-5pvr
reference_id GHSA-6xch-2vxx-5pvr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6xch-2vxx-5pvr
fixed_packages
0
url pkg:composer/ezsystems/ezplatform@1.13.5.1
purl pkg:composer/ezsystems/ezplatform@1.13.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a2s5-4bsk-mugp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform@1.13.5.1
1
url pkg:composer/ezsystems/ezplatform@1.13.5%2B1
purl pkg:composer/ezsystems/ezplatform@1.13.5%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform@1.13.5%252B1
2
url pkg:composer/ezsystems/ezplatform@2.5.4
purl pkg:composer/ezsystems/ezplatform@2.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a2s5-4bsk-mugp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform@2.5.4
aliases GHSA-6xch-2vxx-5pvr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b8sz-22mu-5kgu
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform@1.13.5-rc2