Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-9jrq-5m9c-jyan

Summary

Malware in color-string
Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Aliases

alias	GHSA-3q87-f72r-3gm6

Fixed_packages

Affected_packages

url pkg:npm/color-string@2.1.1

purl pkg:npm/color-string@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9jrq-5m9c-jyan

vulnerability	VCID-xjnw-azww-suf1

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/color-string@2.1.1

References

reference_url	https://github.com/github/advisory-database/issues/6099
reference_id
reference_type
scores
url	https://github.com/github/advisory-database/issues/6099

reference_url	https://github.com/advisories/GHSA-3q87-f72r-3gm6
reference_id	GHSA-3q87-f72r-3gm6
reference_type
scores
url	https://github.com/advisories/GHSA-3q87-f72r-3gm6

Weaknesses

cwe_id	506
name	Embedded Malicious Code
description	The product contains code that appears to be malicious in nature.

Exploits

Severity_range_score null

Exploitability 0.5

Weighted_severity 0.0

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9jrq-5m9c-jyan

Vulnerability Instance