Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/ezsystems/ezplatform-admin-ui@1.5.23
Typecomposer
Namespaceezsystems
Nameezplatform-admin-ui
Version1.5.23
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.5.29
Latest_non_vulnerable_version4.0.0-alpha1
Affected_by_vulnerabilities
0
url VCID-f92h-8qrg-y7hu
vulnerability_id VCID-f92h-8qrg-y7hu
summary 
eZ Platform users with the Company admin role can assign any role to any user
Critical severity. Users with the Company admin role (introduced by the company account feature in v4) can assign any role to any user. This also applies to any other user that has the role / assign policy. Any subtree limitation in place does not have any effect.

The role / assign policy is typically only given to administrators, which limits the scope in most cases, but please verify who has this policy in your installaton. The fix ensures that subtree limitations are working as intended.
references
0
reference_url https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips
1
reference_url https://github.com/ezsystems/ezplatform-admin-ui
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-admin-ui
2
reference_url https://github.com/ezsystems/ezplatform-admin-ui/commit/29e156a7bbecca5abd946c99546a261679587d29
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-admin-ui/commit/29e156a7bbecca5abd946c99546a261679587d29
3
reference_url https://github.com/ezsystems/ezplatform-admin-ui/security/advisories/GHSA-pcpm-vc4v-cmvx
reference_id
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-admin-ui/security/advisories/GHSA-pcpm-vc4v-cmvx
4
reference_url https://github.com/advisories/GHSA-pcpm-vc4v-cmvx
reference_id GHSA-pcpm-vc4v-cmvx
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pcpm-vc4v-cmvx
fixed_packages
0
url pkg:composer/ezsystems/ezplatform-admin-ui@1.5.29
purl pkg:composer/ezsystems/ezplatform-admin-ui@1.5.29
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-admin-ui@1.5.29
1
url pkg:composer/ezsystems/ezplatform-admin-ui@2.0.0-beta1
purl pkg:composer/ezsystems/ezplatform-admin-ui@2.0.0-beta1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-admin-ui@2.0.0-beta1
2
url pkg:composer/ezsystems/ezplatform-admin-ui@2.3.26
purl pkg:composer/ezsystems/ezplatform-admin-ui@2.3.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mvfg-usks-2kbh
1
vulnerability VCID-xgcm-dm2j-27br
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-admin-ui@2.3.26
3
url pkg:composer/ezsystems/ezplatform-admin-ui@4.0.0-alpha1
purl pkg:composer/ezsystems/ezplatform-admin-ui@4.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-admin-ui@4.0.0-alpha1
aliases GHSA-pcpm-vc4v-cmvx, GMS-2022-6752
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f92h-8qrg-y7hu
1
url VCID-hukt-ewec-u7fh
vulnerability_id VCID-hukt-ewec-u7fh
summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ezsystems/ezplatform-admin-ui.
references
0
reference_url https://developers.ibexa.co/security-advisories/ibexa-sa-2021-010-xss-in-richtext-custom-tag-attributes
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://developers.ibexa.co/security-advisories/ibexa-sa-2021-010-xss-in-richtext-custom-tag-attributes
1
reference_url https://github.com/ezsystems/ezplatform-admin-ui
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-admin-ui
2
reference_url https://github.com/advisories/GHSA-9jp8-cwwx-p64q
reference_id GHSA-9jp8-cwwx-p64q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9jp8-cwwx-p64q
3
reference_url https://github.com/ezsystems/ezplatform-admin-ui/security/advisories/GHSA-9jp8-cwwx-p64q
reference_id GHSA-9jp8-cwwx-p64q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-admin-ui/security/advisories/GHSA-9jp8-cwwx-p64q
fixed_packages
0
url pkg:composer/ezsystems/ezplatform-admin-ui@1.5.25.1
purl pkg:composer/ezsystems/ezplatform-admin-ui@1.5.25.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f92h-8qrg-y7hu
1
vulnerability VCID-wv2u-9bsk-3kdw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-admin-ui@1.5.25.1
1
url pkg:composer/ezsystems/ezplatform-admin-ui@1.5.25%2B1
purl pkg:composer/ezsystems/ezplatform-admin-ui@1.5.25%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-admin-ui@1.5.25%252B1
aliases GHSA-9jp8-cwwx-p64q, GMS-2021-109
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hukt-ewec-u7fh
2
url VCID-wv2u-9bsk-3kdw
vulnerability_id VCID-wv2u-9bsk-3kdw
summary 
Improper Certificate Validation
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path. This affects eZ Platform v2.5 only. The maintainers resolved it by replacing node-sass 4.11 with sass 1.32.13. This issue also affects ezsystems/ezplatform and ezsystems/ezplatform-page-builder.
references
0
reference_url https://developers.ibexa.co/security-advisories/ibexa-sa-2022-002-vulnerability-in-node-sass
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://developers.ibexa.co/security-advisories/ibexa-sa-2022-002-vulnerability-in-node-sass
1
reference_url https://github.com/ezsystems/ezplatform-admin-ui
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-admin-ui
2
reference_url https://github.com/ezsystems/ezplatform-admin-ui/releases/tag/v1.5.27
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-admin-ui/releases/tag/v1.5.27
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-24025
reference_id CVE-2020-24025
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-24025
4
reference_url https://github.com/advisories/GHSA-6v6p-g8cg-2hgg
reference_id GHSA-6v6p-g8cg-2hgg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6v6p-g8cg-2hgg
5
reference_url https://github.com/ezsystems/ezplatform-admin-ui/security/advisories/GHSA-6v6p-g8cg-2hgg
reference_id GHSA-6v6p-g8cg-2hgg
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-admin-ui/security/advisories/GHSA-6v6p-g8cg-2hgg
6
reference_url https://github.com/advisories/GHSA-r8f7-9pfq-mjmv
reference_id GHSA-r8f7-9pfq-mjmv
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-r8f7-9pfq-mjmv
fixed_packages
0
url pkg:composer/ezsystems/ezplatform-admin-ui@1.5.27
purl pkg:composer/ezsystems/ezplatform-admin-ui@1.5.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f92h-8qrg-y7hu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-admin-ui@1.5.27
aliases GHSA-6v6p-g8cg-2hgg, GMS-2022-564
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wv2u-9bsk-3kdw
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-admin-ui@1.5.23