Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-rbtj-uqkj-rkhb
Summary
misp-modules has nsafe remote resource fetching in expansion
An unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The html_to_markdown module accepted arbitrary HTTP(S) URLs without sufficient validation, which could allow Server-Side Request Forgery against loopback, private, or link-local network resources. Additionally, the qrcode module disabled TLS certificate verification when retrieving remote images, exposing requests to potential man-in-the-middle interception or response tampering. The issue was fixed by validating URL schemes, blocking local and private address ranges, resolving hostnames before fetching, enforcing request timeouts, and re-enabling TLS certificate verification. As reported by Bilal Teke.
Aliases
0
alias CVE-2026-44363
1
alias GHSA-fhq3-2gf3-8f3j
Fixed_packages
Affected_packages
0
url pkg:pypi/misp-modules@2.4.196
purl pkg:pypi/misp-modules@2.4.196
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fuzy-11z2-eqd4
1
vulnerability VCID-rbtj-uqkj-rkhb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/misp-modules@2.4.196
1
url pkg:pypi/misp-modules@2.4.197
purl pkg:pypi/misp-modules@2.4.197
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fuzy-11z2-eqd4
1
vulnerability VCID-rbtj-uqkj-rkhb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/misp-modules@2.4.197
2
url pkg:pypi/misp-modules@2.4.198
purl pkg:pypi/misp-modules@2.4.198
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fuzy-11z2-eqd4
1
vulnerability VCID-rbtj-uqkj-rkhb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/misp-modules@2.4.198
3
url pkg:pypi/misp-modules@2.4.199
purl pkg:pypi/misp-modules@2.4.199
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fuzy-11z2-eqd4
1
vulnerability VCID-rbtj-uqkj-rkhb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/misp-modules@2.4.199
4
url pkg:pypi/misp-modules@2.4.200
purl pkg:pypi/misp-modules@2.4.200
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fuzy-11z2-eqd4
1
vulnerability VCID-rbtj-uqkj-rkhb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/misp-modules@2.4.200
5
url pkg:pypi/misp-modules@2.4.201
purl pkg:pypi/misp-modules@2.4.201
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fuzy-11z2-eqd4
1
vulnerability VCID-rbtj-uqkj-rkhb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/misp-modules@2.4.201
6
url pkg:pypi/misp-modules@3.0.0
purl pkg:pypi/misp-modules@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fuzy-11z2-eqd4
1
vulnerability VCID-rbtj-uqkj-rkhb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/misp-modules@3.0.0
7
url pkg:pypi/misp-modules@3.0.1
purl pkg:pypi/misp-modules@3.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fuzy-11z2-eqd4
1
vulnerability VCID-rbtj-uqkj-rkhb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/misp-modules@3.0.1
8
url pkg:pypi/misp-modules@3.0.2
purl pkg:pypi/misp-modules@3.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fuzy-11z2-eqd4
1
vulnerability VCID-rbtj-uqkj-rkhb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/misp-modules@3.0.2
9
url pkg:pypi/misp-modules@3.0.4
purl pkg:pypi/misp-modules@3.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fuzy-11z2-eqd4
1
vulnerability VCID-rbtj-uqkj-rkhb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/misp-modules@3.0.4
10
url pkg:pypi/misp-modules@3.0.5
purl pkg:pypi/misp-modules@3.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fuzy-11z2-eqd4
1
vulnerability VCID-rbtj-uqkj-rkhb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/misp-modules@3.0.5
11
url pkg:pypi/misp-modules@3.0.6
purl pkg:pypi/misp-modules@3.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fuzy-11z2-eqd4
1
vulnerability VCID-rbtj-uqkj-rkhb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/misp-modules@3.0.6
12
url pkg:pypi/misp-modules@3.0.7
purl pkg:pypi/misp-modules@3.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fuzy-11z2-eqd4
1
vulnerability VCID-rbtj-uqkj-rkhb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/misp-modules@3.0.7
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44363
reference_id
reference_type
scores
0
value 7e-05
scoring_system epss
scoring_elements 0.00563
published_at 2026-06-09T12:55:00Z
1
value 7e-05
scoring_system epss
scoring_elements 0.00559
published_at 2026-06-08T12:55:00Z
2
value 7e-05
scoring_system epss
scoring_elements 0.00562
published_at 2026-06-07T12:55:00Z
3
value 7e-05
scoring_system epss
scoring_elements 0.00565
published_at 2026-06-06T12:55:00Z
4
value 7e-05
scoring_system epss
scoring_elements 0.00564
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44363
1
reference_url https://github.com/MISP/misp-modules
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/MISP/misp-modules
2
reference_url https://github.com/MISP/misp-modules/commit/01a522f2772fc31eeed379ccf23750c8a3d401db
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T12:31:13Z/
url https://github.com/MISP/misp-modules/commit/01a522f2772fc31eeed379ccf23750c8a3d401db
3
reference_url https://github.com/MISP/misp-modules/security/advisories/GHSA-fhq3-2gf3-8f3j
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T12:31:13Z/
url https://github.com/MISP/misp-modules/security/advisories/GHSA-fhq3-2gf3-8f3j
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44363
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44363
5
reference_url https://github.com/advisories/GHSA-fhq3-2gf3-8f3j
reference_id GHSA-fhq3-2gf3-8f3j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fhq3-2gf3-8f3j
Weaknesses
0
cwe_id 295
name Improper Certificate Validation
description The product does not validate, or incorrectly validates, a certificate.
1
cwe_id 918
name Server-Side Request Forgery (SSRF)
description The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-rbtj-uqkj-rkhb