Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/intelliants/subrion@4.0.5

Type composer

Namespace intelliants

Name subrion

Version 4.0.5

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.1.0

Latest_non_vulnerable_version 4.2.2

Affected_by_vulnerabilities

url VCID-1488-cs1g-9bh5

vulnerability_id VCID-1488-cs1g-9bh5

summary

Cross-Site Request Forgery (CSRF)
Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter.

references

reference_url	https://web.archive.org/web/20210126223835/http://www.securityfocus.com/bid/97091
reference_id
reference_type
scores
url	https://web.archive.org/web/20210126223835/http://www.securityfocus.com/bid/97091

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-6068
reference_id	CVE-2017-6068
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-6068

reference_url	https://github.com/advisories/GHSA-q4h5-g3w8-f9x7
reference_id	GHSA-q4h5-g3w8-f9x7
reference_type
scores
url	https://github.com/advisories/GHSA-q4h5-g3w8-f9x7

fixed_packages

aliases CVE-2017-6068, GHSA-q4h5-g3w8-f9x7

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1488-cs1g-9bh5

url VCID-3a5n-ebnm-dkh3

vulnerability_id VCID-3a5n-ebnm-dkh3

summary

Code Injection
A vulnerability in `includes/classes/ia` allows remote attackers to conduct PHP Object Injection attacks via crafted deserialized data in a salt cookie in a login request.

references

reference_url	https://github.com/intelliants/subrion/issues/297
reference_id
reference_type
scores
url	https://github.com/intelliants/subrion/issues/297

reference_url	http://www.securityfocus.com/bid/95688
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95688

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-5543
reference_id	CVE-2017-5543
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-5543

fixed_packages

url	pkg:composer/intelliants/subrion@4.1.0
purl	pkg:composer/intelliants/subrion@4.1.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.1.0

aliases CVE-2017-5543

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3a5n-ebnm-dkh3

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.0.5

Package Instance