Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/graphite-web@1.1.0

Type pypi

Namespace

Name graphite-web

Version 1.1.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-axe7-qp46-rqc9

vulnerability_id VCID-axe7-qp46-rqc9

summary A vulnerability was found in Graphite Web. It has been classified as problematic. Affected is an unknown function of the component Absolute Time Range Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216744.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4730.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4730.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-4730

reference_id

reference_type

scores

value	0.00418
scoring_system	epss
scoring_elements	0.62229
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-4730

reference_url

https://github.com/graphite-project/graphite-web

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/graphite-project/graphite-web

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-4730

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-4730

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026992
reference_id	1026992
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026992

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2160334
reference_id	2160334
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2160334

reference_url

https://github.com/graphite-project/graphite-web/issues/2746

reference_id

2746

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-09T17:15:31Z/

url

https://github.com/graphite-project/graphite-web/issues/2746

reference_url

https://github.com/graphite-project/graphite-web/pull/2785

reference_id

2785

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-09T17:15:31Z/

url

https://github.com/graphite-project/graphite-web/pull/2785

reference_url

https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23

reference_id

2f178f490e10efc03cd1d27c72f64ecab224eb23

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-09T17:15:31Z/

url

https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23

reference_url

https://github.com/advisories/GHSA-m973-4vpc-x43c

reference_id

GHSA-m973-4vpc-x43c

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m973-4vpc-x43c

reference_url

https://vuldb.com/?id.216744

reference_id

?id.216744

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-09T17:15:31Z/

url

https://vuldb.com/?id.216744

reference_url	https://usn.ubuntu.com/6243-1/
reference_id	USN-6243-1
reference_type
scores
url	https://usn.ubuntu.com/6243-1/

fixed_packages

aliases CVE-2022-4730, GHSA-m973-4vpc-x43c

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-axe7-qp46-rqc9

url VCID-nnux-k7r5-vqez

vulnerability_id VCID-nnux-k7r5-vqez

summary A vulnerability was found in Graphite Web and classified as problematic. This issue affects some unknown processing of the component Template Name Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216743.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4729.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4729.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-4729

reference_id

reference_type

scores

value	0.00179
scoring_system	epss
scoring_elements	0.39375
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-4729

reference_url

https://github.com/graphite-project/graphite-web

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/graphite-project/graphite-web

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-4729

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-4729

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026992
reference_id	1026992
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026992

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2160331
reference_id	2160331
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2160331

reference_url

https://github.com/graphite-project/graphite-web/issues/2745

reference_id

2745

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-09T17:14:44Z/

url

https://github.com/graphite-project/graphite-web/issues/2745

reference_url

https://github.com/graphite-project/graphite-web/pull/2785

reference_id

2785

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-09T17:14:44Z/

url

https://github.com/graphite-project/graphite-web/pull/2785

reference_url

https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23

reference_id

2f178f490e10efc03cd1d27c72f64ecab224eb23

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-09T17:14:44Z/

url

https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23

reference_url

https://github.com/advisories/GHSA-q99p-78hp-xg5c

reference_id

GHSA-q99p-78hp-xg5c

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q99p-78hp-xg5c

reference_url

https://vuldb.com/?id.216743

reference_id

?id.216743

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-09T17:14:44Z/

url

https://vuldb.com/?id.216743

reference_url	https://usn.ubuntu.com/6243-1/
reference_id	USN-6243-1
reference_type
scores
url	https://usn.ubuntu.com/6243-1/

fixed_packages

aliases CVE-2022-4729, GHSA-q99p-78hp-xg5c

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nnux-k7r5-vqez

url VCID-u2dg-vem3-jbb8

vulnerability_id VCID-u2dg-vem3-jbb8

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18638.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18638.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-18638

reference_id

reference_type

scores

value	0.91616
scoring_system	epss
scoring_elements	0.99694
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-18638

reference_url

https://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html#second-bug-internal-graphite-ssrf

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html#second-bug-internal-graphite-ssrf

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/graphite-project/graphite-web

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/graphite-project/graphite-web

reference_url

https://github.com/graphite-project/graphite-web/commit/71726a0e41a5263f49b973a7b856505a5b931c1f

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/graphite-project/graphite-web/commit/71726a0e41a5263f49b973a7b856505a5b931c1f

reference_url

https://github.com/graphite-project/graphite-web/issues/2008

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/graphite-project/graphite-web/issues/2008

reference_url

https://github.com/graphite-project/graphite-web/pull/2499

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/graphite-project/graphite-web/pull/2499

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/graphite-web/PYSEC-2019-151.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/graphite-web/PYSEC-2019-151.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2019/10/msg00030.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/10/msg00030.html

reference_url

https://www.youtube.com/watch?v=ds4Gp4xoaeA

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.youtube.com/watch?v=ds4Gp4xoaeA

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2001847
reference_id	2001847
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2001847

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-18638

reference_id

CVE-2017-18638

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-18638

reference_url

https://github.com/advisories/GHSA-vfj6-275q-4pvm

reference_id

GHSA-vfj6-275q-4pvm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vfj6-275q-4pvm

reference_url

https://github.com/graphite-project/graphite-web/security/advisories/GHSA-vfj6-275q-4pvm

reference_id

GHSA-vfj6-275q-4pvm

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/graphite-project/graphite-web/security/advisories/GHSA-vfj6-275q-4pvm

reference_url	https://usn.ubuntu.com/6243-1/
reference_id	USN-6243-1
reference_type
scores
url	https://usn.ubuntu.com/6243-1/

fixed_packages

url pkg:pypi/graphite-web@1.1.6

purl pkg:pypi/graphite-web@1.1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-axe7-qp46-rqc9

vulnerability	VCID-nnux-k7r5-vqez

vulnerability	VCID-u2mw-71gv-jqh2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/graphite-web@1.1.6

aliases CVE-2017-18638, GHSA-vfj6-275q-4pvm, PYSEC-2019-151

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u2dg-vem3-jbb8

url VCID-u2mw-71gv-jqh2

vulnerability_id VCID-u2mw-71gv-jqh2

summary A vulnerability has been found in Graphite Web and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. VDB-216742 is the identifier assigned to this vulnerability.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4728.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4728.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-4728

reference_id

reference_type

scores

value	0.00429
scoring_system	epss
scoring_elements	0.62947
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-4728

reference_url

https://github.com/graphite-project/graphite-web

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/graphite-project/graphite-web

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-4728

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-4728

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026992
reference_id	1026992
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026992

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2160335
reference_id	2160335
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2160335

reference_url

https://github.com/graphite-project/graphite-web/issues/2744

reference_id

2744

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-09T17:15:05Z/

url

https://github.com/graphite-project/graphite-web/issues/2744

reference_url

https://github.com/graphite-project/graphite-web/pull/2785

reference_id

2785

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-09T17:15:05Z/

url

https://github.com/graphite-project/graphite-web/pull/2785

reference_url

https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23

reference_id

2f178f490e10efc03cd1d27c72f64ecab224eb23

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-09T17:15:05Z/

url

https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23

reference_url

https://github.com/advisories/GHSA-3c5x-4hvx-qrrr

reference_id

GHSA-3c5x-4hvx-qrrr

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3c5x-4hvx-qrrr

reference_url

https://vuldb.com/?id.216742

reference_id

?id.216742

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-09T17:15:05Z/

url

https://vuldb.com/?id.216742

reference_url	https://usn.ubuntu.com/6243-1/
reference_id	USN-6243-1
reference_type
scores
url	https://usn.ubuntu.com/6243-1/

fixed_packages

aliases CVE-2022-4728, GHSA-3c5x-4hvx-qrrr

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u2mw-71gv-jqh2

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/graphite-web@1.1.0

Package Instance