Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/oro/platform@4.2.6
Typecomposer
Namespaceoro
Nameplatform
Version4.2.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.1.0-alpha.1
Latest_non_vulnerable_version5.1.4
Affected_by_vulnerabilities
0
url VCID-eh5a-tv8q-xkay
vulnerability_id VCID-eh5a-tv8q-xkay
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41951
reference_id
reference_type
scores
0
value 0.00414
scoring_system epss
scoring_elements 0.6195
published_at 2026-06-04T12:55:00Z
1
value 0.00414
scoring_system epss
scoring_elements 0.62007
published_at 2026-06-06T12:55:00Z
2
value 0.00414
scoring_system epss
scoring_elements 0.61999
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41951
1
reference_url https://github.com/oroinc/platform
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/oroinc/platform
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-41951
reference_id CVE-2022-41951
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-41951
3
reference_url https://github.com/advisories/GHSA-9v3j-4j64-p937
reference_id GHSA-9v3j-4j64-p937
reference_type
scores
url https://github.com/advisories/GHSA-9v3j-4j64-p937
4
reference_url https://github.com/oroinc/platform/security/advisories/GHSA-9v3j-4j64-p937
reference_id GHSA-9v3j-4j64-p937
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/oroinc/platform/security/advisories/GHSA-9v3j-4j64-p937
fixed_packages
0
url pkg:composer/oro/platform@5.0.8
purl pkg:composer/oro/platform@5.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eh5a-tv8q-xkay
1
vulnerability VCID-h2ur-dutp-gqba
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@5.0.8
1
url pkg:composer/oro/platform@5.0.9
purl pkg:composer/oro/platform@5.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h2ur-dutp-gqba
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@5.0.9
aliases CVE-2022-41951, GHSA-9v3j-4j64-p937
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eh5a-tv8q-xkay
1
url VCID-h2ur-dutp-gqba
vulnerability_id VCID-h2ur-dutp-gqba
summary 
Pinned entity creation form shows wrong data
Logged in user can access page state data of pinned pages of other users by pageId hash.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-45824
reference_id
reference_type
scores
0
value 0.0024
scoring_system epss
scoring_elements 0.47545
published_at 2026-06-06T12:55:00Z
1
value 0.0024
scoring_system epss
scoring_elements 0.47542
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-45824
1
reference_url https://github.com/oroinc/platform
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/oroinc/platform
2
reference_url https://github.com/oroinc/platform/commit/cf94df7595afca052796e26b299d2ce031e289cd
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:56:46Z/
url https://github.com/oroinc/platform/commit/cf94df7595afca052796e26b299d2ce031e289cd
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-45824
reference_id CVE-2023-45824
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-45824
4
reference_url https://github.com/advisories/GHSA-vxq2-p937-3px3
reference_id GHSA-vxq2-p937-3px3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vxq2-p937-3px3
5
reference_url https://github.com/oroinc/platform/security/advisories/GHSA-vxq2-p937-3px3
reference_id GHSA-vxq2-p937-3px3
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:56:46Z/
url https://github.com/oroinc/platform/security/advisories/GHSA-vxq2-p937-3px3
fixed_packages
0
url pkg:composer/oro/platform@5.0.0-alpha.1
purl pkg:composer/oro/platform@5.0.0-alpha.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eh5a-tv8q-xkay
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@5.0.0-alpha.1
1
url pkg:composer/oro/platform@5.1.0-alpha.1
purl pkg:composer/oro/platform@5.1.0-alpha.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@5.1.0-alpha.1
2
url pkg:composer/oro/platform@5.1.4
purl pkg:composer/oro/platform@5.1.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@5.1.4
aliases CVE-2023-45824, GHSA-vxq2-p937-3px3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h2ur-dutp-gqba
2
url VCID-htv9-tpny-7ycn
vulnerability_id VCID-htv9-tpny-7ycn
summary 
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
OroPlatform is a PHP Business Application Platform. an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that is vulnerable to Prototype Pollution. This issue has been patched Users unable to upgrade may configure a firewall to drop requests containing next strings: `__proto__`, `constructor[prototype]`, and `constructor.prototype` to mitigate this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-43852
reference_id
reference_type
scores
0
value 0.00626
scoring_system epss
scoring_elements 0.70646
published_at 2026-06-06T12:55:00Z
1
value 0.00626
scoring_system epss
scoring_elements 0.70595
published_at 2026-06-04T12:55:00Z
2
value 0.00626
scoring_system epss
scoring_elements 0.70637
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-43852
1
reference_url https://github.com/oroinc/platform
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/oroinc/platform
2
reference_url https://github.com/oroinc/platform/commit/62c26936b3adee9c20255dcd9f8ee5c299b464a9
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:47Z/
url https://github.com/oroinc/platform/commit/62c26936b3adee9c20255dcd9f8ee5c299b464a9
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-43852
reference_id CVE-2021-43852
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-43852
4
reference_url https://github.com/advisories/GHSA-jx5q-g37m-h5hj
reference_id GHSA-jx5q-g37m-h5hj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jx5q-g37m-h5hj
5
reference_url https://github.com/oroinc/platform/security/advisories/GHSA-jx5q-g37m-h5hj
reference_id GHSA-jx5q-g37m-h5hj
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:47Z/
url https://github.com/oroinc/platform/security/advisories/GHSA-jx5q-g37m-h5hj
fixed_packages
0
url pkg:composer/oro/platform@4.2.8
purl pkg:composer/oro/platform@4.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eh5a-tv8q-xkay
1
vulnerability VCID-h2ur-dutp-gqba
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@4.2.8
aliases CVE-2021-43852, GHSA-jx5q-g37m-h5hj
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-htv9-tpny-7ycn
3
url VCID-j1uw-vqqx-uuh2
vulnerability_id VCID-j1uw-vqqx-uuh2
summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in oro/platform.
references
0
reference_url https://github.com/advisories/GHSA-rrgw-3hg3-9x8c
reference_id GHSA-rrgw-3hg3-9x8c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rrgw-3hg3-9x8c
1
reference_url https://github.com/oroinc/platform-er/security/advisories/GHSA-rrgw-3hg3-9x8c
reference_id GHSA-rrgw-3hg3-9x8c
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/oroinc/platform-er/security/advisories/GHSA-rrgw-3hg3-9x8c
fixed_packages
0
url pkg:composer/oro/platform@4.2.8
purl pkg:composer/oro/platform@4.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eh5a-tv8q-xkay
1
vulnerability VCID-h2ur-dutp-gqba
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@4.2.8
aliases GHSA-rrgw-3hg3-9x8c, GMS-2022-24
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j1uw-vqqx-uuh2
4
url VCID-mk5p-7x3m-v7hb
vulnerability_id VCID-mk5p-7x3m-v7hb
summary 
Improper Access Control
OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32062
reference_id
reference_type
scores
0
value 0.00195
scoring_system epss
scoring_elements 0.41344
published_at 2026-06-05T12:55:00Z
1
value 0.00195
scoring_system epss
scoring_elements 0.41347
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32062
1
reference_url https://github.com/oroinc/crm
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/oroinc/crm
2
reference_url https://github.com/oroinc/OroCalendarBundle/commit/460a8ffb63b10c76f2fa26d53512164851c4909b
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/oroinc/OroCalendarBundle/commit/460a8ffb63b10c76f2fa26d53512164851c4909b
3
reference_url https://github.com/oroinc/OroCalendarBundle/commit/5f4734aa02088191c1c1d90ac0909f48610fe531
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/oroinc/OroCalendarBundle/commit/5f4734aa02088191c1c1d90ac0909f48610fe531
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32062
reference_id CVE-2023-32062
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32062
5
reference_url https://github.com/advisories/GHSA-x2xm-p6vq-482g
reference_id GHSA-x2xm-p6vq-482g
reference_type
scores
url https://github.com/advisories/GHSA-x2xm-p6vq-482g
6
reference_url https://github.com/oroinc/crm/security/advisories/GHSA-x2xm-p6vq-482g
reference_id GHSA-x2xm-p6vq-482g
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/oroinc/crm/security/advisories/GHSA-x2xm-p6vq-482g
fixed_packages
0
url pkg:composer/oro/platform@4.2.7
purl pkg:composer/oro/platform@4.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eh5a-tv8q-xkay
1
vulnerability VCID-h2ur-dutp-gqba
2
vulnerability VCID-htv9-tpny-7ycn
3
vulnerability VCID-j1uw-vqqx-uuh2
4
vulnerability VCID-mp7m-9665-uqb6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@4.2.7
1
url pkg:composer/oro/platform@5.0.7
purl pkg:composer/oro/platform@5.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eh5a-tv8q-xkay
1
vulnerability VCID-h2ur-dutp-gqba
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@5.0.7
2
url pkg:composer/oro/platform@5.1.1
purl pkg:composer/oro/platform@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h2ur-dutp-gqba
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@5.1.1
aliases CVE-2023-32062, GHSA-x2xm-p6vq-482g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mk5p-7x3m-v7hb
5
url VCID-mp7m-9665-uqb6
vulnerability_id VCID-mp7m-9665-uqb6
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
OroPlatform is a PHP Business Application Platform.An attacker must have permission to create or edit an email template. For successful payload, execution the attacked user must preview a vulnerable email template. There are no workarounds that address this vulnerability. Users are advised to upgrade as soon as is possible.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41236
reference_id
reference_type
scores
0
value 0.005
scoring_system epss
scoring_elements 0.66298
published_at 2026-06-04T12:55:00Z
1
value 0.005
scoring_system epss
scoring_elements 0.66357
published_at 2026-06-06T12:55:00Z
2
value 0.005
scoring_system epss
scoring_elements 0.66348
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41236
1
reference_url https://github.com/oroinc/platform
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/oroinc/platform
2
reference_url https://github.com/oroinc/platform/commit/2a089c971fc70bc63baf8770d29ee515ce5a415a
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:50Z/
url https://github.com/oroinc/platform/commit/2a089c971fc70bc63baf8770d29ee515ce5a415a
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41236
reference_id CVE-2021-41236
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41236
4
reference_url https://github.com/advisories/GHSA-qv7g-j98v-8pp7
reference_id GHSA-qv7g-j98v-8pp7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qv7g-j98v-8pp7
5
reference_url https://github.com/oroinc/platform/security/advisories/GHSA-qv7g-j98v-8pp7
reference_id GHSA-qv7g-j98v-8pp7
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:50Z/
url https://github.com/oroinc/platform/security/advisories/GHSA-qv7g-j98v-8pp7
fixed_packages
0
url pkg:composer/oro/platform@4.2.8
purl pkg:composer/oro/platform@4.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eh5a-tv8q-xkay
1
vulnerability VCID-h2ur-dutp-gqba
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@4.2.8
aliases CVE-2021-41236, GHSA-qv7g-j98v-8pp7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mp7m-9665-uqb6
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@4.2.6