Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/intelliants/subrion@4.1.5

Type composer

Namespace intelliants

Name subrion

Version 4.1.5

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.2.0

Latest_non_vulnerable_version 4.2.2

Affected_by_vulnerabilities

url VCID-cr7s-r2rz-8ybh

vulnerability_id VCID-cr7s-r2rz-8ybh

summary

Cross-Site Request Forgery (CSRF)
There are CSRF vulnerabilities in Subrion CMS.

references

reference_url	https://github.com/intelliants/subrion/issues/547
reference_id
reference_type
scores
url	https://github.com/intelliants/subrion/issues/547

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-15063
reference_id	CVE-2017-15063
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-15063

fixed_packages

url	pkg:composer/intelliants/subrion@4.2.0
purl	pkg:composer/intelliants/subrion@4.2.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.0

aliases CVE-2017-15063

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cr7s-r2rz-8ybh

url VCID-tuub-vc8w-1qbu

vulnerability_id VCID-tuub-vc8w-1qbu

summary

Cross-Site Request Forgery (CSRF)
Subrion CMS 4.1.5 has CSRF in blog/delete/.

references

reference_url	https://github.com/intelliants/subrion/issues/477
reference_id
reference_type
scores
url	https://github.com/intelliants/subrion/issues/477

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-18366
reference_id	CVE-2017-18366
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-18366

reference_url	https://github.com/advisories/GHSA-c939-g732-48r8
reference_id	GHSA-c939-g732-48r8
reference_type
scores
url	https://github.com/advisories/GHSA-c939-g732-48r8

fixed_packages

aliases CVE-2017-18366, GHSA-c939-g732-48r8

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tuub-vc8w-1qbu

Fixing_vulnerabilities

url VCID-ncdz-29ff-53fr

vulnerability_id VCID-ncdz-29ff-53fr

summary

Cross-site Scripting
A Cross-site scripting allows remote attackers to inject arbitrary web script or HTML via the body to `blog/add/`.

references

reference_url	https://github.com/intelliants/subrion/issues/467
reference_id
reference_type
scores
url	https://github.com/intelliants/subrion/issues/467

reference_url	http://www.securityfocus.com/bid/99378
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/99378

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-10795
reference_id	CVE-2017-10795
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-10795

fixed_packages

url pkg:composer/intelliants/subrion@4.1.5

purl pkg:composer/intelliants/subrion@4.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cr7s-r2rz-8ybh

vulnerability	VCID-tuub-vc8w-1qbu

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.1.5

aliases CVE-2017-10795

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ncdz-29ff-53fr

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.1.5

Package Instance