Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/renovate@39.2.1
Typenpm
Namespace
Namerenovate
Version39.2.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version42.96.3
Latest_non_vulnerable_version43.102.11
Affected_by_vulnerabilities
0
url VCID-21z4-ctcp-8kej
vulnerability_id VCID-21z4-ctcp-8kej
summary 
Renovate vulnerable to arbitrary command injection via hermit manager and maliciously named dependencies
The user-provided string `depName` in the `hermit` manager is appended to the `./hermit install` and `./hermit uninstall` commands without proper sanitization.
references
0
reference_url https://github.com/renovatebot/renovate
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/renovatebot/renovate
1
reference_url https://github.com/advisories/GHSA-36j9-mx87-2cff
reference_id GHSA-36j9-mx87-2cff
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-36j9-mx87-2cff
2
reference_url https://github.com/renovatebot/renovate/security/advisories/GHSA-36j9-mx87-2cff
reference_id GHSA-36j9-mx87-2cff
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/renovatebot/renovate/security/advisories/GHSA-36j9-mx87-2cff
fixed_packages
0
url pkg:npm/renovate@40.33.0
purl pkg:npm/renovate@40.33.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f7m-xufh-rybj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/renovate@40.33.0
aliases GHSA-36j9-mx87-2cff
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-21z4-ctcp-8kej
1
url VCID-2f7m-xufh-rybj
vulnerability_id VCID-2f7m-xufh-rybj
summary 
Renovate vulnerable to arbitrary command injection via Gradle Wrapper and malicious `distributionUrl`
Renovate can be tricked into executing shell code while updating the Gradle Wrapper. A malicious `distributionUrl` in `gradle/wrapper/gradle-wrapper.properties` can lead to command execution in the Renovate runtime.
references
0
reference_url https://github.com/renovatebot/renovate
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/renovatebot/renovate
1
reference_url https://github.com/renovatebot/renovate/releases/tag/42.68.5
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/renovatebot/renovate/releases/tag/42.68.5
2
reference_url https://github.com/advisories/GHSA-pfq2-hh62-7m96
reference_id GHSA-pfq2-hh62-7m96
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pfq2-hh62-7m96
3
reference_url https://github.com/renovatebot/renovate/security/advisories/GHSA-pfq2-hh62-7m96
reference_id GHSA-pfq2-hh62-7m96
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/renovatebot/renovate/security/advisories/GHSA-pfq2-hh62-7m96
fixed_packages
0
url pkg:npm/renovate@42.68.5
purl pkg:npm/renovate@42.68.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-thg8-1rbz-xbf5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/renovate@42.68.5
aliases GHSA-pfq2-hh62-7m96
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2f7m-xufh-rybj
2
url VCID-9mu9-t4wj-bqey
vulnerability_id VCID-9mu9-t4wj-bqey
summary 
Renovate vulnerable to arbitrary command injection via helmv3 manager and malicious Chart.yaml file
The user-provided string `repository` in the `helmv3` manager is appended to the `helm registry login` command without proper sanitization.
references
0
reference_url https://github.com/renovatebot/renovate
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/renovatebot/renovate
1
reference_url https://github.com/advisories/GHSA-3f44-xw83-3pmg
reference_id GHSA-3f44-xw83-3pmg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3f44-xw83-3pmg
2
reference_url https://github.com/renovatebot/renovate/security/advisories/GHSA-3f44-xw83-3pmg
reference_id GHSA-3f44-xw83-3pmg
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/renovatebot/renovate/security/advisories/GHSA-3f44-xw83-3pmg
fixed_packages
0
url pkg:npm/renovate@40.33.0
purl pkg:npm/renovate@40.33.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f7m-xufh-rybj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/renovate@40.33.0
aliases GHSA-3f44-xw83-3pmg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mu9-t4wj-bqey
3
url VCID-t99z-u8z3-ybbe
vulnerability_id VCID-t99z-u8z3-ybbe
summary 
Renovate vulnerable to arbitrary command injection via npm manager and malicious Renovate configuration
The user-provided string `packageName` in the `npm` manager is appended to the `npm install` command during lock maintenance without proper sanitization.
references
0
reference_url https://github.com/renovatebot/renovate
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/renovatebot/renovate
1
reference_url https://github.com/advisories/GHSA-fr4j-65pv-gjjj
reference_id GHSA-fr4j-65pv-gjjj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fr4j-65pv-gjjj
2
reference_url https://github.com/renovatebot/renovate/security/advisories/GHSA-fr4j-65pv-gjjj
reference_id GHSA-fr4j-65pv-gjjj
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/renovatebot/renovate/security/advisories/GHSA-fr4j-65pv-gjjj
fixed_packages
0
url pkg:npm/renovate@40.33.0
purl pkg:npm/renovate@40.33.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f7m-xufh-rybj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/renovate@40.33.0
aliases GHSA-fr4j-65pv-gjjj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t99z-u8z3-ybbe
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/renovate@39.2.1