Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-a3p7-p8e5-auhj

Summary

Malware in color-name
Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Aliases

alias	GHSA-m99c-cfww-cxqx

Fixed_packages

Affected_packages

url pkg:npm/color-name@2.0.1

purl pkg:npm/color-name@2.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3p7-p8e5-auhj

vulnerability	VCID-p8y5-zfmu-duhg

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/color-name@2.0.1

References

reference_url	https://github.com/github/advisory-database/issues/6099
reference_id
reference_type
scores
url	https://github.com/github/advisory-database/issues/6099

reference_url	https://github.com/advisories/GHSA-m99c-cfww-cxqx
reference_id	GHSA-m99c-cfww-cxqx
reference_type
scores
url	https://github.com/advisories/GHSA-m99c-cfww-cxqx

Weaknesses

cwe_id	506
name	Embedded Malicious Code
description	The product contains code that appears to be malicious in nature.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a3p7-p8e5-auhj

Vulnerability Instance