Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40netlify/ipx@1.2.0
Typenpm
Namespace@netlify
Nameipx
Version1.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.2.3
Latest_non_vulnerable_version1.2.3
Affected_by_vulnerabilities
0
url VCID-qr69-a68p-1ff5
vulnerability_id VCID-qr69-a68p-1ff5
summary netlify-ipx is an on-Demand image optimization for Netlify using ipx. In versions prior to 1.2.3, an attacker can bypass the source image domain allowlist by sending specially crafted headers, causing the handler to load and return arbitrary images. Because the response is cached globally, this image will then be served to visitors without requiring those headers to be set. XSS can be achieved by requesting a malicious SVG with embedded scripts, which would then be served from the site domain. Note that this does not apply to images loaded in `<img>` tags, as scripts do not execute in this context. The image URL can be set in the header independently of the request URL, meaning any site images that have not previously been cached can have their cache poisoned. This problem has been fixed in version 1.2.3. As a workaround, cached content can be cleared by re-deploying the site.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39239
reference_id
reference_type
scores
0
value 0.00179
scoring_system epss
scoring_elements 0.39322
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39239
1
reference_url https://github.com/netlify/netlify-ipx
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netlify/netlify-ipx
2
reference_url https://github.com/netlify/netlify-ipx/commit/dfa7505a8d47a76fd527570dc40737a61500759b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netlify/netlify-ipx/commit/dfa7505a8d47a76fd527570dc40737a61500759b
3
reference_url https://github.com/netlify/netlify-ipx/pull/61
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netlify/netlify-ipx/pull/61
4
reference_url https://github.com/netlify/netlify-ipx/releases/tag/v1.2.3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netlify/netlify-ipx/releases/tag/v1.2.3
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39239
reference_id CVE-2022-39239
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39239
6
reference_url https://github.com/advisories/GHSA-9jjv-524m-jm98
reference_id GHSA-9jjv-524m-jm98
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9jjv-524m-jm98
7
reference_url https://github.com/netlify/netlify-ipx/security/advisories/GHSA-9jjv-524m-jm98
reference_id GHSA-9jjv-524m-jm98
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:57:10Z/
url https://github.com/netlify/netlify-ipx/security/advisories/GHSA-9jjv-524m-jm98
fixed_packages
0
url pkg:npm/%40netlify/ipx@1.2.3
purl pkg:npm/%40netlify/ipx@1.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540netlify/ipx@1.2.3
aliases CVE-2022-39239, GHSA-9jjv-524m-jm98
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qr69-a68p-1ff5
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540netlify/ipx@1.2.0