Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40backstage/backend-app-api@0.0.0-nightly-20231208021611
Typenpm
Namespace@backstage
Namebackend-app-api
Version0.0.0-nightly-20231208021611
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.5.9-next.1
Latest_non_vulnerable_version0.5.9-next.1
Affected_by_vulnerabilities
0
url VCID-9dc5-rn3j-yyeh
vulnerability_id VCID-9dc5-rn3j-yyeh
summary A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6944.json
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6944.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6944
reference_id
reference_type
scores
0
value 0.00216
scoring_system epss
scoring_elements 0.44188
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6944
2
reference_url https://github.com/backstage/backstage
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/backstage/backstage
3
reference_url https://github.com/backstage/backstage/blob/master/docs/releases/v1.21.0-next.2-changelog.md
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/backstage/backstage/blob/master/docs/releases/v1.21.0-next.2-changelog.md
4
reference_url https://github.com/backstage/backstage/commit/0382db60f6c8e8715a702bde6408ad10a48d8e11
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/backstage/backstage/commit/0382db60f6c8e8715a702bde6408ad10a48d8e11
5
reference_url https://github.com/backstage/backstage/issues/21503
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/backstage/backstage/issues/21503
6
reference_url https://github.com/backstage/backstage/pull/21582
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/backstage/backstage/pull/21582
7
reference_url https://www.cve.org/CVERecord?id=CVE-2023-6944
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cve.org/CVERecord?id=CVE-2023-6944
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1.1::el9
reference_id cpe:/a:redhat:rhdh:1.1::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1.1::el9
9
reference_url https://access.redhat.com/security/cve/CVE-2023-6944
reference_id CVE-2023-6944
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T16:10:23Z/
url https://access.redhat.com/security/cve/CVE-2023-6944
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6944
reference_id CVE-2023-6944
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6944
11
reference_url https://github.com/advisories/GHSA-86rg-pf4c-5grg
reference_id GHSA-86rg-pf4c-5grg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-86rg-pf4c-5grg
12
reference_url https://access.redhat.com/errata/RHBA-2024:5869
reference_id RHBA-2024:5869
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T16:10:23Z/
url https://access.redhat.com/errata/RHBA-2024:5869
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2255204
reference_id show_bug.cgi?id=2255204
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T16:10:23Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2255204
fixed_packages
0
url pkg:npm/%40backstage/backend-app-api@0.5.9-next.1
purl pkg:npm/%40backstage/backend-app-api@0.5.9-next.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540backstage/backend-app-api@0.5.9-next.1
aliases CVE-2023-6944, GHSA-86rg-pf4c-5grg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9dc5-rn3j-yyeh
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540backstage/backend-app-api@0.0.0-nightly-20231208021611