{"package":"plone.rest","ecosystem":"pypi","latest_version":"5.1.0","description":"Plone support for HTTP verbs.","license":"GPL version 2","license_risk":"unknown","commercial_use_notes":"verify manually — license not parseable / not declared.","homepage":"https://github.com/plone/plone.rest/","repository":"https://github.com/plone/plone.rest/","downloads_weekly":5174,"health":{"score":50,"risk":"high","breakdown":{"maintenance":10,"popularity":6,"security":20,"maturity":12,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":0,"high":1,"medium":0,"low":0,"details":[{"vuln_id":"CVE-2023-42457","severity":"high","summary":"plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the `++api++` traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less responsive. Patches are available in `plone.rest` 2.0.1 and 3.0.1.  Series 1.x is not affected. As a workaround, one may redirect `/++api++/++api++` to `/++api++` in one's frontend web server (nginx, Apache).","affected_versions":"<43b4a7e86206e237e1de5ca3817ed071575882f7|=1.0.0|=1.0a1|=1.0a2|=1.0a3|=1.0a4|=1.0a5|=1.0a6|=1.0a7|=1.0b1|=1.1.1|=1.2.0|=1.3.0|=1.4.0|=1.5.0|=1.5.1|=1.6.0|=1.6.1|=1.6.2|=2.0.0|=2.0.0a1|=2.0.0a2|=2.0.0a3|=2.0.0a4|=2.0.0a5|=2.0.0a6.dev0|=2.0.1|=3.0.0|=3.0.1|=4.0.0|=3.0.2|=4.1.0|=4.1.1|=4.1.2|=4.1.3|=5.0.0|=5.1.0","fixed_version":"43b4a7e86206e237e1de5ca3817ed071575882f7","source":"osv","published_at":"2023-09-21T15:15:00Z","in_kev":false,"epss_prob":0.00171,"epss_percentile":0.38016,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"5.1.0","total_count":37,"recent":["1.6.2","2.0.0a1","2.0.0a2","2.0.0a3","2.0.0a4","2.0.0a5","2.0.0a6.dev0","2.0.0","2.0.1","3.0.0","3.0.1","3.0.2","4.0.0","4.1.0","4.1.1","4.1.2","4.1.3","5.0.0","5.1.0","6.0.0a1"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":null,"last_published":"2025-08-14T16:05:46.422453Z","dependencies_count":16,"dependencies":["setuptools","collective.monkeypatcher","Products.CMFCore","Zope","plone.memoize","zope.browserpage","plone.app.testing[robot]>=4.2.2; extra == \"test\"","requests; extra == \"test\"","BTrees; extra == \"test\"","plone.app.contenttypes[test]; extra == \"test\"","plone.app.redirector; extra == \"test\"","plone.app.textfield; extra == \"test\"","plone.namedfile; extra == \"test\"","plone.testing; extra == \"test\"","z3c.relationfield; extra == \"test\"","zope.intid; extra == \"test\""]},"github_stats":{"stars":12,"forks":6,"open_issues":15,"is_archived":false,"pushed_at":"2026-04-23T13:29:59Z","subscribers_count":162},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["1 high severity vulnerabilities"],"use_version":"5.1.0","version_hint":"Update to >= 43b4a7e86206e237e1de5ca3817ed071575882f7 to fix known vulnerabilities","summary":"plone.rest@5.1.0 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":1050,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":null,"last_release_days_ago":258,"avg_days_between_releases":null,"release_velocity":"moderate"}}