Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40diez/generation@10.6.0-beta.1
Typenpm
Namespace@diez
Namegeneration
Version10.6.0-beta.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-k5kv-zwx5-k7dy
vulnerability_id VCID-k5kv-zwx5-k7dy
summary 
Command Injection
The @diez/generation npm package is a client for Diez. The `locateFont` method of @diez/generation has a command injection vulnerability. Clients of the @diez/generation library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32830
reference_id
reference_type
scores
0
value 0.002
scoring_system epss
scoring_elements 0.41926
published_at 2026-06-04T12:55:00Z
1
value 0.002
scoring_system epss
scoring_elements 0.41957
published_at 2026-06-09T12:55:00Z
2
value 0.002
scoring_system epss
scoring_elements 0.41984
published_at 2026-06-07T12:55:00Z
3
value 0.002
scoring_system epss
scoring_elements 0.42013
published_at 2026-06-06T12:55:00Z
4
value 0.002
scoring_system epss
scoring_elements 0.42002
published_at 2026-06-05T12:55:00Z
5
value 0.002
scoring_system epss
scoring_elements 0.41949
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32830
1
reference_url https://github.com/diez/diez
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/diez/diez
2
reference_url https://securitylab.github.com/advisories/GHSL-2021-061-diez-generation-cmd-injection
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://securitylab.github.com/advisories/GHSL-2021-061-diez-generation-cmd-injection
3
reference_url https://securitylab.github.com/advisories/GHSL-2021-061-diez-generation-cmd-injection/
reference_id
reference_type
scores
url https://securitylab.github.com/advisories/GHSL-2021-061-diez-generation-cmd-injection/
4
reference_url https://www.npmjs.com/package/@diez/generation
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/@diez/generation
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32830
reference_id CVE-2021-32830
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32830
6
reference_url https://github.com/advisories/GHSA-8c3f-x5f9-6h62
reference_id GHSA-8c3f-x5f9-6h62
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8c3f-x5f9-6h62
fixed_packages
aliases CVE-2021-32830, GHSA-8c3f-x5f9-6h62
risk_score 1.8
exploitability 0.5
weighted_severity 3.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k5kv-zwx5-k7dy
Fixing_vulnerabilities
Risk_score1.8
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540diez/generation@10.6.0-beta.1