Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/atomic-openshift@3.11.374-1.git.0.ebd3ee9?arch=el7
Typerpm
Namespaceredhat
Nameatomic-openshift
Version3.11.374-1.git.0.ebd3ee9
Qualifiers
arch el7
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-3tpx-rnju-w3dw
vulnerability_id VCID-3tpx-rnju-w3dw
summary 
golang.org/x/crypto/salsa20/salsa uses insufficiently random values
An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.

### Specific Go Packages Affected
golang.org/x/crypto/salsa20/salsa
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11840.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11840.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11840
reference_id
reference_type
scores
0
value 0.02086
scoring_system epss
scoring_elements 0.84038
published_at 2026-04-21T12:55:00Z
1
value 0.02086
scoring_system epss
scoring_elements 0.84037
published_at 2026-04-18T12:55:00Z
2
value 0.02086
scoring_system epss
scoring_elements 0.84035
published_at 2026-04-16T12:55:00Z
3
value 0.02086
scoring_system epss
scoring_elements 0.84011
published_at 2026-04-13T12:55:00Z
4
value 0.02086
scoring_system epss
scoring_elements 0.84015
published_at 2026-04-12T12:55:00Z
5
value 0.02086
scoring_system epss
scoring_elements 0.84021
published_at 2026-04-11T12:55:00Z
6
value 0.02086
scoring_system epss
scoring_elements 0.84006
published_at 2026-04-09T12:55:00Z
7
value 0.02086
scoring_system epss
scoring_elements 0.83999
published_at 2026-04-08T12:55:00Z
8
value 0.02086
scoring_system epss
scoring_elements 0.83976
published_at 2026-04-07T12:55:00Z
9
value 0.02705
scoring_system epss
scoring_elements 0.85853
published_at 2026-04-04T12:55:00Z
10
value 0.02705
scoring_system epss
scoring_elements 0.85835
published_at 2026-04-02T12:55:00Z
11
value 0.02705
scoring_system epss
scoring_elements 0.85824
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11840
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1691529
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1691529
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11840
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11840
4
reference_url https://github.com/golang/go
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/golang/go
5
reference_url https://github.com/golang/go/issues/30965
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/golang/go/issues/30965
6
reference_url https://go.dev/cl/168406
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.dev/cl/168406
7
reference_url https://go.dev/issue/30965
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.dev/issue/30965
8
reference_url https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d
9
reference_url https://groups.google.com/forum/#!msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ
10
reference_url https://groups.google.com/g/golang-announce/c/tjyNcJxb2vQ/m/n0NRBziSCAAJ
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/golang-announce/c/tjyNcJxb2vQ/m/n0NRBziSCAAJ
11
reference_url https://lists.debian.org/debian-lts-announce/2019/06/msg00029.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/06/msg00029.html
12
reference_url https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
13
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00016.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/11/msg00016.html
14
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00030.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/11/msg00030.html
15
reference_url https://lists.debian.org/debian-lts-announce/2021/01/msg00015.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/01/msg00015.html
16
reference_url https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11840
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11840
18
reference_url https://pkg.go.dev/vuln/GO-2022-0209
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2022-0209
19
reference_url https://access.redhat.com/errata/RHSA-2021:0079
reference_id RHSA-2021:0079
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0079
fixed_packages
aliases CVE-2019-11840, GHSA-r5c5-pr8j-pfp7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3tpx-rnju-w3dw
1
url VCID-vctf-a4t5-q7a2
vulnerability_id VCID-vctf-a4t5-q7a2
summary 
Unverified Ownership in Kubernetes
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8554.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8554.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8554
reference_id
reference_type
scores
0
value 0.24784
scoring_system epss
scoring_elements 0.96163
published_at 2026-04-18T12:55:00Z
1
value 0.24784
scoring_system epss
scoring_elements 0.96159
published_at 2026-04-16T12:55:00Z
2
value 0.24784
scoring_system epss
scoring_elements 0.9615
published_at 2026-04-13T12:55:00Z
3
value 0.24784
scoring_system epss
scoring_elements 0.96148
published_at 2026-04-12T12:55:00Z
4
value 0.24784
scoring_system epss
scoring_elements 0.96146
published_at 2026-04-09T12:55:00Z
5
value 0.24784
scoring_system epss
scoring_elements 0.96142
published_at 2026-04-08T12:55:00Z
6
value 0.25265
scoring_system epss
scoring_elements 0.96157
published_at 2026-04-01T12:55:00Z
7
value 0.25265
scoring_system epss
scoring_elements 0.96175
published_at 2026-04-07T12:55:00Z
8
value 0.25265
scoring_system epss
scoring_elements 0.96172
published_at 2026-04-04T12:55:00Z
9
value 0.25265
scoring_system epss
scoring_elements 0.96208
published_at 2026-04-21T12:55:00Z
10
value 0.25265
scoring_system epss
scoring_elements 0.96165
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8554
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/kubernetes/kubernetes
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes
4
reference_url https://github.com/kubernetes/kubernetes/issues/97076
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/issues/97076
5
reference_url https://github.com/kubernetes/kubernetes/issues/97110
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/issues/97110
6
reference_url https://groups.google.com/g/kubernetes-security-announce/c/iZWsF9nbKE8
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/kubernetes-security-announce/c/iZWsF9nbKE8
7
reference_url https://lists.apache.org/thread.html/r0c76b3d0be348f788cd947054141de0229af00c540564711e828fd40@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r0c76b3d0be348f788cd947054141de0229af00c540564711e828fd40@%3Ccommits.druid.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r1975078e44d96f2a199aa90aa874b57a202eaf7f25f2fde6d1c44942@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1975078e44d96f2a199aa90aa874b57a202eaf7f25f2fde6d1c44942@%3Ccommits.druid.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rcafa485d63550657f068775801aeb706b7a07140a8ebbdef822b3bb3@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rcafa485d63550657f068775801aeb706b7a07140a8ebbdef822b3bb3@%3Ccommits.druid.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/rdb223e1b82e3d7d8e4eaddce8dd1ab87252e3935cc41c859f49767b6@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rdb223e1b82e3d7d8e4eaddce8dd1ab87252e3935cc41c859f49767b6@%3Ccommits.druid.apache.org%3E
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8554
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8554
12
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
13
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
14
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1891051
reference_id 1891051
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1891051
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990793
reference_id 990793
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990793
17
reference_url https://access.redhat.com/errata/RHSA-2021:0079
reference_id RHSA-2021:0079
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0079
fixed_packages
aliases CVE-2020-8554, GHSA-j9wf-vvm6-4r9w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vctf-a4t5-q7a2
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.11.374-1.git.0.ebd3ee9%3Farch=el7