Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/getgrav/grav@1.7.42%2B1
Typecomposer
Namespacegetgrav
Namegrav
Version1.7.42+1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.0-beta.4
Latest_non_vulnerable_version2.0.0-rc.2
Affected_by_vulnerabilities
0
url VCID-ru55-uj84-p3dr
vulnerability_id VCID-ru55-uj84-p3dr
summary 
Return of Wrong Status Code
Grav is a file-based Web-platform built in PHP. Grav is subject to a server side template injection (SSTI) vulnerability. The fix for another SSTI vulnerability using `|map`, `|filter` and `|reduce` twigs implemented in the commit `71bbed1` introduces bypass of the denylist due to incorrect return value from `isDangerousFunction()`, which allows to execute the payload prepending double backslash (`\\`). The `isDangerousFunction()` check in version 1.7.42 and onwards retuns `false` value instead of `true` when the `\` symbol is found in the `$name`. This vulnerability can be exploited if the attacker has access to: 1. an Administrator account, or 2. a non-administrator, user account that has Admin panel access and Create/Update page permissions. A fix for this vulnerability has been introduced in commit `b4c6210` and is included in release version `1.7.42.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-37897
reference_id
reference_type
scores
0
value 0.00118
scoring_system epss
scoring_elements 0.30282
published_at 2026-06-05T12:55:00Z
1
value 0.00118
scoring_system epss
scoring_elements 0.30217
published_at 2026-06-07T12:55:00Z
2
value 0.00118
scoring_system epss
scoring_elements 0.30247
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-37897
1
reference_url https://github.com/getgrav/grav
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav
2
reference_url https://github.com/getgrav/grav/commit/71bbed12f950de8335006d7f91112263d8504f1b
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-18T16:06:14Z/
url https://github.com/getgrav/grav/commit/71bbed12f950de8335006d7f91112263d8504f1b
3
reference_url https://github.com/getgrav/grav/commit/b4c62101a43051fc7f5349c7d0a5b6085375c1d7
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-18T16:06:14Z/
url https://github.com/getgrav/grav/commit/b4c62101a43051fc7f5349c7d0a5b6085375c1d7
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-37897
reference_id CVE-2023-37897
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-37897
5
reference_url https://github.com/advisories/GHSA-9436-3gmp-4f53
reference_id GHSA-9436-3gmp-4f53
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9436-3gmp-4f53
6
reference_url https://github.com/getgrav/grav/security/advisories/GHSA-9436-3gmp-4f53
reference_id GHSA-9436-3gmp-4f53
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-18T16:06:14Z/
url https://github.com/getgrav/grav/security/advisories/GHSA-9436-3gmp-4f53
fixed_packages
0
url pkg:composer/getgrav/grav@1.7.42%2B2
purl pkg:composer/getgrav/grav@1.7.42%2B2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.42%252B2
1
url pkg:composer/getgrav/grav@1.7.42.2
purl pkg:composer/getgrav/grav@1.7.42.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ps5-3k43-p3fa
1
vulnerability VCID-4a2z-37a3-2qaw
2
vulnerability VCID-5kr2-3ywy-9kcn
3
vulnerability VCID-6a4v-d3zb-67cq
4
vulnerability VCID-6quf-qqqk-43a1
5
vulnerability VCID-6tq3-4hkt-y3au
6
vulnerability VCID-7jaz-7xjc-kka1
7
vulnerability VCID-9j1y-z47y-xudz
8
vulnerability VCID-9tu1-4n1t-6bgv
9
vulnerability VCID-a375-aqzf-r7gw
10
vulnerability VCID-a8df-4jgt-gba4
11
vulnerability VCID-a8y8-y4zt-zqbv
12
vulnerability VCID-aa7e-n85b-wbdm
13
vulnerability VCID-abwg-zvc9-w7dq
14
vulnerability VCID-agks-r1vd-u3d6
15
vulnerability VCID-athb-nf3a-yyga
16
vulnerability VCID-b41u-g5gk-jfbw
17
vulnerability VCID-bafn-ne38-nucy
18
vulnerability VCID-bhhz-z132-zkhb
19
vulnerability VCID-bwvg-jg4z-nyhp
20
vulnerability VCID-c9jy-y2dh-x3dg
21
vulnerability VCID-e61c-rd9y-wyhs
22
vulnerability VCID-egxp-rctq-xyh8
23
vulnerability VCID-esjd-ztwe-c3h1
24
vulnerability VCID-f3wx-5ayr-tqga
25
vulnerability VCID-fmmu-r77k-c7g2
26
vulnerability VCID-k8fd-bqpk-2qg8
27
vulnerability VCID-kbnn-6uws-kqh9
28
vulnerability VCID-p1u7-9mk4-fkcr
29
vulnerability VCID-p5d4-8rvg-uqem
30
vulnerability VCID-r2dh-em54-nyfz
31
vulnerability VCID-rcyu-yu31-n7gu
32
vulnerability VCID-rj4b-8dyu-juen
33
vulnerability VCID-seer-x4fd-e7ge
34
vulnerability VCID-ss11-shq5-qqae
35
vulnerability VCID-tkxm-vt8p-tqgv
36
vulnerability VCID-u7yn-d7uj-57bh
37
vulnerability VCID-v8u1-nbxw-a7fr
38
vulnerability VCID-v9n7-vann-6fa5
39
vulnerability VCID-vm87-35gf-eyft
40
vulnerability VCID-xj7v-ry9d-dfh1
41
vulnerability VCID-y7vc-cx37-7ubs
42
vulnerability VCID-yh73-zyju-vqge
43
vulnerability VCID-ymnw-h6as-fbe5
44
vulnerability VCID-zg5t-uqx2-87fw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.42.2
aliases CVE-2023-37897, GHSA-9436-3gmp-4f53
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ru55-uj84-p3dr
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.42%252B1