Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/neos/form@5.1.2
Typecomposer
Namespaceneos
Nameform
Version5.1.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.1.3
Latest_non_vulnerable_version5.2.0
Affected_by_vulnerabilities
0
url VCID-dg4j-s4ux-mybj
vulnerability_id VCID-dg4j-s4ux-mybj
summary 
Improper Input Validation
neos/forms is an open source framework to build web forms. By crafting a special `GET` request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form Finishers cause side effects even if no form values have been sent. Form Finishers can be adjusted in a way that they only execute an action if the submitted form contains some expected data. Alternatively a custom Finisher can be added as first finisher.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32697
reference_id
reference_type
scores
0
value 0.00396
scoring_system epss
scoring_elements 0.60765
published_at 2026-06-05T12:55:00Z
1
value 0.00396
scoring_system epss
scoring_elements 0.6076
published_at 2026-06-09T12:55:00Z
2
value 0.00396
scoring_system epss
scoring_elements 0.60744
published_at 2026-06-08T12:55:00Z
3
value 0.00396
scoring_system epss
scoring_elements 0.60761
published_at 2026-06-07T12:55:00Z
4
value 0.00396
scoring_system epss
scoring_elements 0.60717
published_at 2026-06-04T12:55:00Z
5
value 0.00396
scoring_system epss
scoring_elements 0.60772
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32697
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/neos/form/CVE-2021-32697.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/neos/form/CVE-2021-32697.yaml
2
reference_url https://github.com/neos/form/commit/049d415295be8d4a0478ccba97dba1bb81649567
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/neos/form/commit/049d415295be8d4a0478ccba97dba1bb81649567
3
reference_url https://github.com/neos/form/commit/69de4219b1f58157e2be6b05811463875d75c246
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/neos/form/commit/69de4219b1f58157e2be6b05811463875d75c246
4
reference_url https://github.com/neos/form-ghsa-m5vx-8chx-qvmm/pull/1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/neos/form-ghsa-m5vx-8chx-qvmm/pull/1
5
reference_url https://github.com/neos/form/releases/tag/5.1.3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/neos/form/releases/tag/5.1.3
6
reference_url https://github.com/neos/form/security/advisories/GHSA-m5vx-8chx-qvmm
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/neos/form/security/advisories/GHSA-m5vx-8chx-qvmm
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32697
reference_id CVE-2021-32697
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32697
8
reference_url https://github.com/advisories/GHSA-m5vx-8chx-qvmm
reference_id GHSA-m5vx-8chx-qvmm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m5vx-8chx-qvmm
fixed_packages
0
url pkg:composer/neos/form@5.1.3
purl pkg:composer/neos/form@5.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/neos/form@5.1.3
1
url pkg:composer/neos/form@5.2.0
purl pkg:composer/neos/form@5.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/neos/form@5.2.0
aliases CVE-2021-32697, GHSA-m5vx-8chx-qvmm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dg4j-s4ux-mybj
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/neos/form@5.1.2