Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/contao/core-bundle@4.9.40
Typecomposer
Namespacecontao
Namecore-bundle
Version4.9.40
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version4.9.42
Latest_non_vulnerable_version5.6.5
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-mt93-hcnp-13ah
vulnerability_id VCID-mt93-hcnp-13ah
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Contao is an open source content management system. Prior to versions 4.9.40, 4.13.21, and 5.1.4, logged in users can list arbitrary system files in the file manager by manipulating the Ajax request. However, it is not possible to read the contents of these files. Users should update to Contao 4.9.40, 4.13.21 or 5.1.4 to receive a patch. There are no known workarounds.
references
0
reference_url https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager
reference_id
reference_type
scores
url https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager
1
reference_url https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager.html
reference_id
reference_type
scores
url https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager.html
2
reference_url https://github.com/contao/contao/commit/6f3e705f4ff23f4419563d09d8485793569f31df
reference_id
reference_type
scores
url https://github.com/contao/contao/commit/6f3e705f4ff23f4419563d09d8485793569f31df
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29200
reference_id CVE-2023-29200
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-29200
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2023-29200.yaml
reference_id CVE-2023-29200.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2023-29200.yaml
5
reference_url https://github.com/advisories/GHSA-fp7q-xhhw-6rj3
reference_id GHSA-fp7q-xhhw-6rj3
reference_type
scores
url https://github.com/advisories/GHSA-fp7q-xhhw-6rj3
6
reference_url https://github.com/contao/contao/security/advisories/GHSA-fp7q-xhhw-6rj3
reference_id GHSA-fp7q-xhhw-6rj3
reference_type
scores
url https://github.com/contao/contao/security/advisories/GHSA-fp7q-xhhw-6rj3
fixed_packages
0
url pkg:composer/contao/core-bundle@4.9.40
purl pkg:composer/contao/core-bundle@4.9.40
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.9.40
1
url pkg:composer/contao/core-bundle@4.13.21
purl pkg:composer/contao/core-bundle@4.13.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.13.21
2
url pkg:composer/contao/core-bundle@5.1.4
purl pkg:composer/contao/core-bundle@5.1.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.1.4
aliases CVE-2023-29200, GHSA-fp7q-xhhw-6rj3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mt93-hcnp-13ah
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.9.40