Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/eap7-undertow@2.0.38-2.SP2_redhat_00001.1?arch=el6eap

Type rpm

Namespace redhat

Name eap7-undertow

Version 2.0.38-2.SP2_redhat_00001.1

Qualifiers

arch	el6eap

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-14ff-vn3t-vyhy

vulnerability_id

VCID-14ff-vn3t-vyhy

summary

Undertow vulnerable to memory exhaustion due to buffer leak
Buffer leak on incoming WebSocket PONG message(s) in Undertow before 2.0.40 and 2.2.10 can lead to memory exhaustion and allow a denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3690.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3690.json

reference_url

https://access.redhat.com/security/cve/CVE-2021-3690

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2021-3690

reference_url

https://access.redhat.com/security/cve/cve-2021-3690#cve-cvss-v3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/cve-2021-3690#cve-cvss-v3

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3690

reference_id

reference_type

scores

value	0.00278
scoring_system	epss
scoring_elements	0.51183
published_at	2026-04-04T12:55:00Z

value	0.00278
scoring_system	epss
scoring_elements	0.51246
published_at	2026-04-18T12:55:00Z

value	0.00278
scoring_system	epss
scoring_elements	0.51239
published_at	2026-04-16T12:55:00Z

value	0.00278
scoring_system	epss
scoring_elements	0.512
published_at	2026-04-13T12:55:00Z

value	0.00278
scoring_system	epss
scoring_elements	0.51214
published_at	2026-04-12T12:55:00Z

value	0.00278
scoring_system	epss
scoring_elements	0.51195
published_at	2026-04-08T12:55:00Z

value	0.00278
scoring_system	epss
scoring_elements	0.51141
published_at	2026-04-07T12:55:00Z

value	0.00278
scoring_system	epss
scoring_elements	0.51106
published_at	2026-04-01T12:55:00Z

value	0.00278
scoring_system	epss
scoring_elements	0.51159
published_at	2026-04-02T12:55:00Z

value	0.00278
scoring_system	epss
scoring_elements	0.51236
published_at	2026-04-11T12:55:00Z

value	0.00278
scoring_system	epss
scoring_elements	0.51192
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3690

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1991299

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1991299

reference_url

https://github.com/undertow-io/undertow

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow

reference_url

https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea5902366973877

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea5902366973877

reference_url

https://issues.redhat.com/browse/UNDERTOW-1935

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/UNDERTOW-1935

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3690

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3690

reference_url

https://www.mend.io/vulnerability-database/CVE-2021-3690

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mend.io/vulnerability-database/CVE-2021-3690

reference_url

https://github.com/advisories/GHSA-fj7c-vg2v-ccrm

reference_id

GHSA-fj7c-vg2v-ccrm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fj7c-vg2v-ccrm

reference_url	https://access.redhat.com/errata/RHSA-2021:3216
reference_id	RHSA-2021:3216
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3216

reference_url	https://access.redhat.com/errata/RHSA-2021:3217
reference_id	RHSA-2021:3217
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3217

reference_url	https://access.redhat.com/errata/RHSA-2021:3218
reference_id	RHSA-2021:3218
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3218

reference_url	https://access.redhat.com/errata/RHSA-2021:3219
reference_id	RHSA-2021:3219
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3219

reference_url	https://access.redhat.com/errata/RHSA-2021:3425
reference_id	RHSA-2021:3425
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3425

reference_url	https://access.redhat.com/errata/RHSA-2021:3466
reference_id	RHSA-2021:3466
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3466

reference_url	https://access.redhat.com/errata/RHSA-2021:3467
reference_id	RHSA-2021:3467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3467

reference_url	https://access.redhat.com/errata/RHSA-2021:3468
reference_id	RHSA-2021:3468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3468

reference_url	https://access.redhat.com/errata/RHSA-2021:3471
reference_id	RHSA-2021:3471
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3471

reference_url	https://access.redhat.com/errata/RHSA-2021:3516
reference_id	RHSA-2021:3516
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3516

reference_url	https://access.redhat.com/errata/RHSA-2021:3534
reference_id	RHSA-2021:3534
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3534

reference_url	https://access.redhat.com/errata/RHSA-2021:3656
reference_id	RHSA-2021:3656
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3656

reference_url	https://access.redhat.com/errata/RHSA-2021:3658
reference_id	RHSA-2021:3658
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3658

reference_url	https://access.redhat.com/errata/RHSA-2021:3660
reference_id	RHSA-2021:3660
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3660

reference_url	https://access.redhat.com/errata/RHSA-2021:4767
reference_id	RHSA-2021:4767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4767

reference_url	https://access.redhat.com/errata/RHSA-2021:5134
reference_id	RHSA-2021:5134
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5134

reference_url	https://access.redhat.com/errata/RHSA-2022:1029
reference_id	RHSA-2022:1029
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1029

fixed_packages

aliases

CVE-2021-3690, GHSA-fj7c-vg2v-ccrm, GMS-2022-2964

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-14ff-vn3t-vyhy

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-undertow@2.0.38-2.SP2_redhat_00001.1%3Farch=el6eap

Package Instance