Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/pimcore/pimcore@11.3.1
Typecomposer
Namespacepimcore
Namepimcore
Version11.3.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version12.3.4
Latest_non_vulnerable_version12.3.7
Affected_by_vulnerabilities
0
url VCID-cbz2-sxrt-rffn
vulnerability_id VCID-cbz2-sxrt-rffn
summary Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the http_error_log file stores the $_COOKIE and $_SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through the Pimcore backend. This vulnerability is fixed in 12.3.1 and 11.5.14.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23493
reference_id
reference_type
scores
0
value 1e-05
scoring_system epss
scoring_elements 1e-05
published_at 2026-06-14T12:55:00Z
1
value 1e-05
scoring_system epss
scoring_elements 5e-05
published_at 2026-06-12T12:55:00Z
2
value 1e-05
scoring_system epss
scoring_elements 2e-05
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23493
1
reference_url https://github.com/pimcore/pimcore/commit/002ec7d5f84973819236796e5b314703b58e8601
reference_id 002ec7d5f84973819236796e5b314703b58e8601
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T19:02:04Z/
url https://github.com/pimcore/pimcore/commit/002ec7d5f84973819236796e5b314703b58e8601
2
reference_url https://github.com/pimcore/pimcore/pull/18918
reference_id 18918
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T19:02:04Z/
url https://github.com/pimcore/pimcore/pull/18918
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-23493
reference_id CVE-2026-23493
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-23493
4
reference_url https://github.com/advisories/GHSA-q433-j342-rp9h
reference_id GHSA-q433-j342-rp9h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q433-j342-rp9h
5
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-q433-j342-rp9h
reference_id GHSA-q433-j342-rp9h
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T19:02:04Z/
url https://github.com/pimcore/pimcore/security/advisories/GHSA-q433-j342-rp9h
6
reference_url https://github.com/pimcore/pimcore/releases/tag/v11.5.14
reference_id v11.5.14
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T19:02:04Z/
url https://github.com/pimcore/pimcore/releases/tag/v11.5.14
7
reference_url https://github.com/pimcore/pimcore/releases/tag/v12.3.1
reference_id v12.3.1
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T19:02:04Z/
url https://github.com/pimcore/pimcore/releases/tag/v12.3.1
fixed_packages
0
url pkg:composer/pimcore/pimcore@11.5.14
purl pkg:composer/pimcore/pimcore@11.5.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-em5a-b39y-6qgc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.5.14
1
url pkg:composer/pimcore/pimcore@12.3.1
purl pkg:composer/pimcore/pimcore@12.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-em5a-b39y-6qgc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@12.3.1
aliases CVE-2026-23493, GHSA-q433-j342-rp9h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbz2-sxrt-rffn
1
url VCID-em5a-b39y-6qgc
vulnerability_id VCID-em5a-b39y-6qgc
summary Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameterized queries. Exploiting this issue requires admin authentication. An attacker with admin panel access can extract the full database including password hashes of other admin users. Version 12.3.3 contains a patch.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27461
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02341
published_at 2026-06-14T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02334
published_at 2026-06-13T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.0234
published_at 2026-06-12T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02342
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27461
1
reference_url https://github.com/pimcore/pimcore/pull/18991
reference_id 18991
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:56:21Z/
url https://github.com/pimcore/pimcore/pull/18991
2
reference_url https://github.com/pimcore/pimcore/commit/1c3925fbec4895abeb21e5c244a83679c4e4a6f4
reference_id 1c3925fbec4895abeb21e5c244a83679c4e4a6f4
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:56:21Z/
url https://github.com/pimcore/pimcore/commit/1c3925fbec4895abeb21e5c244a83679c4e4a6f4
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27461
reference_id CVE-2026-27461
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27461
4
reference_url https://github.com/advisories/GHSA-vxg3-v4p6-f3fp
reference_id GHSA-vxg3-v4p6-f3fp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vxg3-v4p6-f3fp
5
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-vxg3-v4p6-f3fp
reference_id GHSA-vxg3-v4p6-f3fp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:56:21Z/
url https://github.com/pimcore/pimcore/security/advisories/GHSA-vxg3-v4p6-f3fp
6
reference_url https://github.com/pimcore/pimcore/releases/tag/v12.3.3
reference_id v12.3.3
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:56:21Z/
url https://github.com/pimcore/pimcore/releases/tag/v12.3.3
fixed_packages
0
url pkg:composer/pimcore/pimcore@12.0.0-RC1
purl pkg:composer/pimcore/pimcore@12.0.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cbz2-sxrt-rffn
1
vulnerability VCID-ha34-7pm3-pqgm
2
vulnerability VCID-vgqm-xjtk-yffe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@12.0.0-RC1
1
url pkg:composer/pimcore/pimcore@12.3.3
purl pkg:composer/pimcore/pimcore@12.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-reqw-yyg8-wugv
1
vulnerability VCID-xjuf-ar4q-uyfz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@12.3.3
aliases CVE-2026-27461, GHSA-vxg3-v4p6-f3fp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-em5a-b39y-6qgc
2
url VCID-ha34-7pm3-pqgm
vulnerability_id VCID-ha34-7pm3-pqgm
summary Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL comments (--) and catching syntax errors, the fix is insufficient. Attackers can still inject SQL payloads that do not rely on comments and infer database information via blind techniques. This vulnerability affects the admin interface and can lead to database information disclosure. This vulnerability is fixed in 12.3.1 and 11.5.14.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23492
reference_id
reference_type
scores
0
value 4e-05
scoring_system epss
scoring_elements 0.00141
published_at 2026-06-14T12:55:00Z
1
value 4e-05
scoring_system epss
scoring_elements 0.0015
published_at 2026-06-12T12:55:00Z
2
value 5e-05
scoring_system epss
scoring_elements 0.00243
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23492
1
reference_url https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3
reference_id 25ad8674886f2b938243cbe13e33e204a2e35cc3
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-01-14T21:14:38Z/
url https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-23492
reference_id CVE-2026-23492
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-23492
3
reference_url https://github.com/advisories/GHSA-6mhm-gcpf-5gr8
reference_id GHSA-6mhm-gcpf-5gr8
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6mhm-gcpf-5gr8
4
reference_url https://github.com/advisories/GHSA-qvr7-7g55-69xj
reference_id GHSA-qvr7-7g55-69xj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qvr7-7g55-69xj
5
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-qvr7-7g55-69xj
reference_id GHSA-qvr7-7g55-69xj
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-01-14T21:14:38Z/
url https://github.com/pimcore/pimcore/security/advisories/GHSA-qvr7-7g55-69xj
fixed_packages
0
url pkg:composer/pimcore/pimcore@11.5.14
purl pkg:composer/pimcore/pimcore@11.5.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-em5a-b39y-6qgc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.5.14
1
url pkg:composer/pimcore/pimcore@12.3.1
purl pkg:composer/pimcore/pimcore@12.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-em5a-b39y-6qgc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@12.3.1
aliases CVE-2026-23492, GHSA-qvr7-7g55-69xj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ha34-7pm3-pqgm
3
url VCID-p5rs-jqqj-dudg
vulnerability_id VCID-p5rs-jqqj-dudg
summary Pimcore is an open source data and experience management platform. Prior to version 11.5.4, authenticated users can craft a filter string used to cause a SQL injection. Version 11.5.4 fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27617
reference_id
reference_type
scores
0
value 0.00544
scoring_system epss
scoring_elements 0.68286
published_at 2026-06-12T12:55:00Z
1
value 0.00544
scoring_system epss
scoring_elements 0.68296
published_at 2026-06-14T12:55:00Z
2
value 0.00544
scoring_system epss
scoring_elements 0.68197
published_at 2026-06-11T12:55:00Z
3
value 0.00544
scoring_system epss
scoring_elements 0.68298
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27617
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27617
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27617
2
reference_url https://github.com/pimcore/pimcore/commit/19a8520895484e68fd254773e32476565d91deea
reference_id 19a8520895484e68fd254773e32476565d91deea
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T15:29:36Z/
url https://github.com/pimcore/pimcore/commit/19a8520895484e68fd254773e32476565d91deea
3
reference_url https://github.com/advisories/GHSA-qjpx-5m2p-5pgh
reference_id GHSA-qjpx-5m2p-5pgh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qjpx-5m2p-5pgh
4
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-qjpx-5m2p-5pgh
reference_id GHSA-qjpx-5m2p-5pgh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T15:29:36Z/
url https://github.com/pimcore/pimcore/security/advisories/GHSA-qjpx-5m2p-5pgh
5
reference_url https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Multiselect.php#L332-L347
reference_id Multiselect.php#L332-L347
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T15:29:36Z/
url https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Multiselect.php#L332-L347
6
reference_url https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Extension/RelationFilterConditionParser.php#L29-L47
reference_id RelationFilterConditionParser.php#L29-L47
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T15:29:36Z/
url https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Extension/RelationFilterConditionParser.php#L29-L47
fixed_packages
0
url pkg:composer/pimcore/pimcore@11.5.4
purl pkg:composer/pimcore/pimcore@11.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cbz2-sxrt-rffn
1
vulnerability VCID-em5a-b39y-6qgc
2
vulnerability VCID-ha34-7pm3-pqgm
3
vulnerability VCID-vgqm-xjtk-yffe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.5.4
aliases CVE-2025-27617, GHSA-qjpx-5m2p-5pgh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p5rs-jqqj-dudg
4
url VCID-vgqm-xjtk-yffe
vulnerability_id VCID-vgqm-xjtk-yffe
summary Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for reading or listing static routes. In Pimcore, static routes are custom URL patterns defined via the backend interface or the var/config/staticroutes.php file, including details like regex-based patterns, controllers, variables, and priorities. These routes are registered automatically through the PimcoreStaticRoutesBundle and integrated into the MVC routing system. Testing revealed that an authenticated backend user lacking explicit permissions was able to invoke the endpoint (e.g., GET /api/static-routes) and retrieve sensitive route configurations. This vulnerability is fixed in 12.3.1 and 11.5.14.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23494
reference_id
reference_type
scores
0
value 1e-05
scoring_system epss
scoring_elements 8e-05
published_at 2026-06-14T12:55:00Z
1
value 1e-05
scoring_system epss
scoring_elements 0.00015
published_at 2026-06-12T12:55:00Z
2
value 1e-05
scoring_system epss
scoring_elements 9e-05
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23494
1
reference_url https://github.com/pimcore/pimcore/pull/18893
reference_id 18893
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T18:08:08Z/
url https://github.com/pimcore/pimcore/pull/18893
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-23494
reference_id CVE-2026-23494
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-23494
3
reference_url https://github.com/advisories/GHSA-m3r2-724c-pwgf
reference_id GHSA-m3r2-724c-pwgf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m3r2-724c-pwgf
4
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-m3r2-724c-pwgf
reference_id GHSA-m3r2-724c-pwgf
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T18:08:08Z/
url https://github.com/pimcore/pimcore/security/advisories/GHSA-m3r2-724c-pwgf
5
reference_url https://github.com/pimcore/pimcore/releases/tag/v11.5.14
reference_id v11.5.14
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T18:08:08Z/
url https://github.com/pimcore/pimcore/releases/tag/v11.5.14
6
reference_url https://github.com/pimcore/pimcore/releases/tag/v12.3.1
reference_id v12.3.1
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T18:08:08Z/
url https://github.com/pimcore/pimcore/releases/tag/v12.3.1
fixed_packages
0
url pkg:composer/pimcore/pimcore@11.5.14
purl pkg:composer/pimcore/pimcore@11.5.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-em5a-b39y-6qgc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.5.14
1
url pkg:composer/pimcore/pimcore@12.3.1
purl pkg:composer/pimcore/pimcore@12.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-em5a-b39y-6qgc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@12.3.1
aliases CVE-2026-23494, GHSA-m3r2-724c-pwgf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgqm-xjtk-yffe
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.3.1