Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/commons-vfs@2.1-4%2Bdeb12u1?distro=trixie
Typedeb
Namespacedebian
Namecommons-vfs
Version2.1-4+deb12u1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.1-5
Latest_non_vulnerable_version2.1-5
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-fqud-jqqb-gkb8
vulnerability_id VCID-fqud-jqqb-gkb8
summary 
Apache Commons VFS Exposure of Sensitive Information to an Unauthorized Actor
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS.

The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is to mask the password in the exception message
This issue affects Apache Commons VFS: before 2.10.0.

Users are recommended to upgrade to version 2.10.0, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-30474
reference_id
reference_type
scores
0
value 0.00109
scoring_system epss
scoring_elements 0.28767
published_at 2026-06-05T12:55:00Z
1
value 0.00109
scoring_system epss
scoring_elements 0.28672
published_at 2026-06-09T12:55:00Z
2
value 0.00109
scoring_system epss
scoring_elements 0.28663
published_at 2026-06-08T12:55:00Z
3
value 0.00109
scoring_system epss
scoring_elements 0.28697
published_at 2026-06-07T12:55:00Z
4
value 0.00109
scoring_system epss
scoring_elements 0.28732
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-30474
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30474
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30474
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/commons-vfs
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-vfs
4
reference_url https://issues.apache.org/jira/browse/VFS-169
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:03:56Z/
url https://issues.apache.org/jira/browse/VFS-169
5
reference_url https://lists.apache.org/thread/w6ztgnbk6ccry3470x191g3xwrpgy6f4
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:03:56Z/
url https://lists.apache.org/thread/w6ztgnbk6ccry3470x191g3xwrpgy6f4
6
reference_url http://www.openwall.com/lists/oss-security/2025/03/23/2
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/03/23/2
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101946
reference_id 1101946
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101946
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-30474
reference_id CVE-2025-30474
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-30474
9
reference_url https://github.com/advisories/GHSA-3936-3gx6-49c4
reference_id GHSA-3936-3gx6-49c4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3936-3gx6-49c4
fixed_packages
0
url pkg:deb/debian/commons-vfs@2.0-1?distro=trixie
purl pkg:deb/debian/commons-vfs@2.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/commons-vfs@2.0-1%3Fdistro=trixie
1
url pkg:deb/debian/commons-vfs@2.1-2?distro=trixie
purl pkg:deb/debian/commons-vfs@2.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/commons-vfs@2.1-2%3Fdistro=trixie
2
url pkg:deb/debian/commons-vfs@2.1-4%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/commons-vfs@2.1-4%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/commons-vfs@2.1-4%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/commons-vfs@2.1-5?distro=trixie
purl pkg:deb/debian/commons-vfs@2.1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/commons-vfs@2.1-5%3Fdistro=trixie
aliases CVE-2025-30474, GHSA-3936-3gx6-49c4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fqud-jqqb-gkb8
1
url VCID-uc95-g9bd-nfhg
vulnerability_id VCID-uc95-g9bd-nfhg
summary 
Apache Commons VFS Has Relative Path Traversal Vulnerability
Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0.

The FileObject API in Commons VFS has a 'resolveFile' method that
takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of
the base file". However, when the path contains encoded ".."
characters (for example, "%2E%2E/bar.txt"), it might return file objects that are not
a descendent of the base file, without throwing an exception.
This issue affects Apache Commons VFS: before 2.10.0.

Users are recommended to upgrade to version 2.10.0, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27553.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27553.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27553
reference_id
reference_type
scores
0
value 0.0071
scoring_system epss
scoring_elements 0.72609
published_at 2026-06-08T12:55:00Z
1
value 0.0071
scoring_system epss
scoring_elements 0.72622
published_at 2026-06-07T12:55:00Z
2
value 0.0071
scoring_system epss
scoring_elements 0.7264
published_at 2026-06-06T12:55:00Z
3
value 0.0071
scoring_system epss
scoring_elements 0.72633
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27553
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27553
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27553
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/commons-vfs
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-vfs
5
reference_url https://lists.apache.org/thread/cnzqowyw9r2pl263cylmxhnvh41hyjcb
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T13:43:35Z/
url https://lists.apache.org/thread/cnzqowyw9r2pl263cylmxhnvh41hyjcb
6
reference_url https://lists.debian.org/debian-lts-announce/2025/04/msg00006.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/04/msg00006.html
7
reference_url http://www.openwall.com/lists/oss-security/2025/03/23/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/03/23/1
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101204
reference_id 1101204
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101204
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2354334
reference_id 2354334
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2354334
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27553
reference_id CVE-2025-27553
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27553
11
reference_url https://github.com/advisories/GHSA-9q4x-fr4m-jp86
reference_id GHSA-9q4x-fr4m-jp86
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9q4x-fr4m-jp86
12
reference_url https://access.redhat.com/errata/RHSA-2025:10548
reference_id RHSA-2025:10548
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10548
fixed_packages
0
url pkg:deb/debian/commons-vfs@2.1-2?distro=trixie
purl pkg:deb/debian/commons-vfs@2.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/commons-vfs@2.1-2%3Fdistro=trixie
1
url pkg:deb/debian/commons-vfs@2.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/commons-vfs@2.1-2%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/commons-vfs@2.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/commons-vfs@2.1-4%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/commons-vfs@2.1-4%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/commons-vfs@2.1-4%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/commons-vfs@2.1-5?distro=trixie
purl pkg:deb/debian/commons-vfs@2.1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/commons-vfs@2.1-5%3Fdistro=trixie
aliases CVE-2025-27553, GHSA-9q4x-fr4m-jp86
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uc95-g9bd-nfhg
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/commons-vfs@2.1-4%252Bdeb12u1%3Fdistro=trixie