Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-zw3g-cktf-x3ft
SummaryFreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, checkIpByMask() in app/Misc/Helper.php checks whether the input IP contains a / character. Plain IP addresses never contain /, so the function always returns false without checking any CIDR ranges. The entire 10.0.0.0/8 and 172.16.0.0/12 private ranges are unprotected. This issue has been patched in version 1.8.211.
Aliases
0
alias CVE-2026-34443
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34443
reference_id
reference_type
scores
0
value 0.00057
scoring_system epss
scoring_elements 0.18164
published_at 2026-06-13T12:55:00Z
1
value 0.00057
scoring_system epss
scoring_elements 0.18139
published_at 2026-06-14T12:55:00Z
2
value 0.00057
scoring_system epss
scoring_elements 0.18147
published_at 2026-06-12T12:55:00Z
3
value 0.00057
scoring_system epss
scoring_elements 0.17989
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34443
1
reference_url https://github.com/freescout-help-desk/freescout/releases/tag/1.8.211
reference_id 1.8.211
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-01T18:54:33Z/
url https://github.com/freescout-help-desk/freescout/releases/tag/1.8.211
2
reference_url https://github.com/freescout-help-desk/freescout/commit/ca6d5bb572d3e8f52a0e654a8623a53cb0fdd580
reference_id ca6d5bb572d3e8f52a0e654a8623a53cb0fdd580
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-01T18:54:33Z/
url https://github.com/freescout-help-desk/freescout/commit/ca6d5bb572d3e8f52a0e654a8623a53cb0fdd580
3
reference_url https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-c9v3-4c59-x5q2
reference_id GHSA-c9v3-4c59-x5q2
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-01T18:54:33Z/
url https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-c9v3-4c59-x5q2
Weaknesses
0
cwe_id 918
name Server-Side Request Forgery (SSRF)
description The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Exploits
Severity_range_score6.9 - 6.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-zw3g-cktf-x3ft