Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/craftcms/cms@4.5.10
Typecomposer
Namespacecraftcms
Namecms
Version4.5.10
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.5.11
Latest_non_vulnerable_version5.9.18
Affected_by_vulnerabilities
0
url VCID-jhen-vhqx-n7dr
vulnerability_id VCID-jhen-vhqx-n7dr
summary 
Improper Privilege Management
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.
references
0
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
1
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16
2
reference_url https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16
3
reference_url https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa
4
reference_url https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843
5
reference_url https://github.com/craftcms/cms/pull/13931
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/pull/13931
6
reference_url https://github.com/craftcms/cms/pull/13932
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/pull/13932
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21622
reference_id CVE-2024-21622
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-21622
8
reference_url https://github.com/advisories/GHSA-j5g9-j7r4-6qvx
reference_id GHSA-j5g9-j7r4-6qvx
reference_type
scores
url https://github.com/advisories/GHSA-j5g9-j7r4-6qvx
9
reference_url https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx
reference_id GHSA-j5g9-j7r4-6qvx
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx
fixed_packages
0
url pkg:composer/craftcms/cms@4.5.11
purl pkg:composer/craftcms/cms@4.5.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.5.11
aliases CVE-2024-21622, GHSA-j5g9-j7r4-6qvx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jhen-vhqx-n7dr
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.5.10