Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:nuget/C1CMS.Assemblies@6.1.6325.31805

Type nuget

Namespace

Name C1CMS.Assemblies

Version 6.1.6325.31805

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.12.8122.18346

Latest_non_vulnerable_version 6.12.8122.18346

Affected_by_vulnerabilities

url VCID-2hwx-v8yy-r3hk

vulnerability_id VCID-2hwx-v8yy-r3hk

summary C1 CMS is an open-source, .NET based Content Management System (CMS). Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery (SSRF) by causing the server to make arbitrary GET requests to other servers in the local network or on localhost. The attacker may also truncate arbitrary files to zero size (effectively delete them) leading to denial of service (DoS) or altering application logic. The authenticated user may unknowingly perform the actions by visiting a specially crafted site. Patched in C1 CMS v6.12, no known workarounds exist.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-24789

reference_id

reference_type

scores

value	0.00266
scoring_system	epss
scoring_elements	0.50433
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-24789

reference_url

https://github.com/Orckestra/C1-CMS-Foundation

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/Orckestra/C1-CMS-Foundation

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-24789

reference_id

CVE-2022-24789

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-24789

reference_url

https://github.com/advisories/GHSA-8pp6-8x4q-c5mx

reference_id

GHSA-8pp6-8x4q-c5mx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8pp6-8x4q-c5mx

reference_url

https://github.com/Orckestra/C1-CMS-Foundation/security/advisories/GHSA-j9c2-gr6m-pp45

reference_id

GHSA-j9c2-gr6m-pp45

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:24Z/

url

https://github.com/Orckestra/C1-CMS-Foundation/security/advisories/GHSA-j9c2-gr6m-pp45

reference_url

https://github.com/Orckestra/C1-CMS-Foundation/releases/tag/v6.12

reference_id

v6.12

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:24Z/

url

https://github.com/Orckestra/C1-CMS-Foundation/releases/tag/v6.12

fixed_packages

url	pkg:nuget/C1CMS.Assemblies@6.12.8122.18346
purl	pkg:nuget/C1CMS.Assemblies@6.12.8122.18346
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/C1CMS.Assemblies@6.12.8122.18346

aliases CVE-2022-24789, GHSA-8pp6-8x4q-c5mx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2hwx-v8yy-r3hk

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/C1CMS.Assemblies@6.1.6325.31805

Package Instance