Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-a2dy-bh2t-3qfy
SummaryKanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly uses the PicoDB library to update/insert new information. Version 1.2.31 contains a fix for this issue.
Aliases
0
alias CVE-2023-36813
Fixed_packages
0
url pkg:deb/debian/kanboard@1.2.31%2Bds-1?distro=sid
purl pkg:deb/debian/kanboard@1.2.31%2Bds-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kanboard@1.2.31%252Bds-1%3Fdistro=sid
1
url pkg:deb/debian/kanboard@1.2.51%2Bds-2?distro=sid
purl pkg:deb/debian/kanboard@1.2.51%2Bds-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kanboard@1.2.51%252Bds-2%3Fdistro=sid
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36813
reference_id
reference_type
scores
0
value 0.00088
scoring_system epss
scoring_elements 0.25201
published_at 2026-06-06T12:55:00Z
1
value 0.00088
scoring_system epss
scoring_elements 0.25101
published_at 2026-06-09T12:55:00Z
2
value 0.00088
scoring_system epss
scoring_elements 0.25093
published_at 2026-06-08T12:55:00Z
3
value 0.00088
scoring_system epss
scoring_elements 0.25151
published_at 2026-06-07T12:55:00Z
4
value 0.00088
scoring_system epss
scoring_elements 0.25215
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36813
1
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040265
reference_id 1040265
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040265
2
reference_url https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6a3e0a
reference_id 25b93343baeaf8ad018dcd87b094e47a5c6a3e0a
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-18T19:03:17Z/
url https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6a3e0a
3
reference_url https://www.debian.org/security/2023/dsa-5454
reference_id dsa-5454
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-18T19:03:17Z/
url https://www.debian.org/security/2023/dsa-5454
4
reference_url https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx
reference_id GHSA-9gvq-78jp-jxcx
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-18T19:03:17Z/
url https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx
5
reference_url https://github.com/kanboard/kanboard/releases/tag/v1.2.31
reference_id v1.2.31
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-18T19:03:17Z/
url https://github.com/kanboard/kanboard/releases/tag/v1.2.31
Weaknesses
0
cwe_id 89
name Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
description The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
Exploits
Severity_range_score7.1 - 7.1
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-a2dy-bh2t-3qfy