Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/solspace/craft-freeform@3.13.14
Typecomposer
Namespacesolspace
Namecraft-freeform
Version3.13.14
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.1.23
Latest_non_vulnerable_version5.14.7
Affected_by_vulnerabilities
0
url VCID-2p2x-cu65-t3g5
vulnerability_id VCID-2p2x-cu65-t3g5
summary 
solspace/craft-freeform Exposed to Known Axios Vulnerabilities via Precompiled Assets
The latest versions of both 4.x and 5.x are using Axios versions < 1.7.5 and as such are subject to known vulnerabilities as per: https://security.snyk.io/package/npm/axios
references
0
reference_url https://github.com/solspace/craft-freeform
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/solspace/craft-freeform
1
reference_url https://github.com/advisories/GHSA-rwr8-xrpw-9qf5
reference_id GHSA-rwr8-xrpw-9qf5
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rwr8-xrpw-9qf5
2
reference_url https://github.com/solspace/craft-freeform/security/advisories/GHSA-rwr8-xrpw-9qf5
reference_id GHSA-rwr8-xrpw-9qf5
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/solspace/craft-freeform/security/advisories/GHSA-rwr8-xrpw-9qf5
fixed_packages
0
url pkg:composer/solspace/craft-freeform@4.1.22
purl pkg:composer/solspace/craft-freeform@4.1.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ztwx-5smd-yuan
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/solspace/craft-freeform@4.1.22
1
url pkg:composer/solspace/craft-freeform@5.5.9
purl pkg:composer/solspace/craft-freeform@5.5.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n9hg-pqvt-xfaj
1
vulnerability VCID-z5t1-phnb-6bat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/solspace/craft-freeform@5.5.9
aliases GHSA-rwr8-xrpw-9qf5
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2p2x-cu65-t3g5
1
url VCID-ztwx-5smd-yuan
vulnerability_id VCID-ztwx-5smd-yuan
summary 
solspace/craft-freeform Vulnerable to XSS in `PhpSpreadsheet` HTML Writer Due to Unsanitized Styling Data
_Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server._

\PhpOffice\PhpSpreadsheet\Writer\Html doesn't sanitize spreadsheet styling information such as font names, allowing an attacker to inject arbitrary JavaScript on the page.
references
0
reference_url https://github.com/solspace/craft-freeform
reference_id
reference_type
scores
0
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/solspace/craft-freeform
1
reference_url https://github.com/solspace/craft-freeform/releases/tag/v4.1.23
reference_id
reference_type
scores
0
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/solspace/craft-freeform/releases/tag/v4.1.23
2
reference_url https://github.com/advisories/GHSA-44jg-mv3h-wj6g
reference_id GHSA-44jg-mv3h-wj6g
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-44jg-mv3h-wj6g
3
reference_url https://github.com/solspace/craft-freeform/security/advisories/GHSA-44jg-mv3h-wj6g
reference_id GHSA-44jg-mv3h-wj6g
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/solspace/craft-freeform/security/advisories/GHSA-44jg-mv3h-wj6g
4
reference_url https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-wgmf-q9vr-vww6
reference_id GHSA-wgmf-q9vr-vww6
reference_type
scores
0
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-wgmf-q9vr-vww6
fixed_packages
0
url pkg:composer/solspace/craft-freeform@4.1.23
purl pkg:composer/solspace/craft-freeform@4.1.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/solspace/craft-freeform@4.1.23
aliases GHSA-44jg-mv3h-wj6g
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ztwx-5smd-yuan
Fixing_vulnerabilities
Risk_score1.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/solspace/craft-freeform@3.13.14