Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40tutao/tutanota-utils@3.112.9
Typenpm
Namespace@tutao
Nametutanota-utils
Version3.112.9
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version314.251111.0
Latest_non_vulnerable_version314.251111.0
Affected_by_vulnerabilities
0
url VCID-ctaz-dkc3-s3ch
vulnerability_id VCID-ctaz-dkc3-s3ch
summary 
Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature
Users importing contacts from untrusted sources.

Specifically crafted contact data can lead to some of DOM modifications for the link button next to the field e.g. the link address can be overriden. CSS can be manipulated to give the button arbitrary look and change it's size so that any click on the screen would lead to the specified URL. Modifying event listeners does *not* seem to be possible so no JS can be executed (which would also be prevented by CSP).
references
0
reference_url https://github.com/tutao/tutanota
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/tutao/tutanota
1
reference_url https://github.com/tutao/tutanota/blob/452700a96d490646550ad2a02229973590291faf/src/mail-app/contacts/view/ContactViewer.ts#L326
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/tutao/tutanota/blob/452700a96d490646550ad2a02229973590291faf/src/mail-app/contacts/view/ContactViewer.ts#L326
2
reference_url https://github.com/tutao/tutanota/blob/452700a96d490646550ad2a02229973590291faf/src/mail-app/contacts/view/ContactViewer.ts#L341
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/tutao/tutanota/blob/452700a96d490646550ad2a02229973590291faf/src/mail-app/contacts/view/ContactViewer.ts#L341
3
reference_url https://github.com/tutao/tutanota/blob/452700a96d490646550ad2a02229973590291faf/src/mail-app/contacts/view/ContactViewer.ts#L356
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/tutao/tutanota/blob/452700a96d490646550ad2a02229973590291faf/src/mail-app/contacts/view/ContactViewer.ts#L356
4
reference_url https://github.com/tutao/tutanota/blob/452700a96d490646550ad2a02229973590291faf/src/mail-app/contacts/view/ContactViewer.ts#L391
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/tutao/tutanota/blob/452700a96d490646550ad2a02229973590291faf/src/mail-app/contacts/view/ContactViewer.ts#L391
5
reference_url https://github.com/tutao/tutanota/blob/452700a96d490646550ad2a02229973590291faf/src/mail-app/contacts/view/ContactViewer.ts#L415
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/tutao/tutanota/blob/452700a96d490646550ad2a02229973590291faf/src/mail-app/contacts/view/ContactViewer.ts#L415
6
reference_url https://github.com/tutao/tutanota/commit/e28345f5f78f628f9d5c04e785f79543f01dca8b
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/tutao/tutanota/commit/e28345f5f78f628f9d5c04e785f79543f01dca8b
7
reference_url https://github.com/advisories/GHSA-24v3-254g-jv85
reference_id GHSA-24v3-254g-jv85
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-24v3-254g-jv85
8
reference_url https://github.com/tutao/tutanota/security/advisories/GHSA-24v3-254g-jv85
reference_id GHSA-24v3-254g-jv85
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/tutao/tutanota/security/advisories/GHSA-24v3-254g-jv85
fixed_packages
0
url pkg:npm/%40tutao/tutanota-utils@314.251111.0
purl pkg:npm/%40tutao/tutanota-utils@314.251111.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540tutao/tutanota-utils@314.251111.0
aliases GHSA-24v3-254g-jv85
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ctaz-dkc3-s3ch
Fixing_vulnerabilities
Risk_score1.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540tutao/tutanota-utils@3.112.9