Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/modsecurity-apache@2.9.3-3%2Bdeb11u2

Type deb

Namespace debian

Name modsecurity-apache

Version 2.9.3-3+deb11u2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.9.7-1+deb12u2

Latest_non_vulnerable_version 2.9.7-1+deb12u2

Affected_by_vulnerabilities

url VCID-qrsw-p6vk-pydk

vulnerability_id VCID-qrsw-p6vk-pydk

summary mod_security: ModSecurity Content-Type Override Vulnerability

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54571.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54571.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-54571

reference_id

reference_type

scores

value	0.00054
scoring_system	epss
scoring_elements	0.17166
published_at	2026-04-02T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17218
published_at	2026-04-04T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.16999
published_at	2026-04-07T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17089
published_at	2026-04-08T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17146
published_at	2026-04-09T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18548
published_at	2026-04-11T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18392
published_at	2026-04-16T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18405
published_at	2026-04-18T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.185
published_at	2026-04-12T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.1845
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-54571

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54571
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54571

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110480
reference_id	1110480
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110480

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2386666
reference_id	2386666
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2386666

reference_url

https://github.com/owasp-modsecurity/ModSecurity/issues/2514

reference_id

2514

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:31:25Z/

url

https://github.com/owasp-modsecurity/ModSecurity/issues/2514

reference_url

https://github.com/owasp-modsecurity/ModSecurity/commit/6d7e8eb18f2d7d368fb8e29516fcdeaeb8d349b8

reference_id

6d7e8eb18f2d7d368fb8e29516fcdeaeb8d349b8

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:31:25Z/

url

https://github.com/owasp-modsecurity/ModSecurity/commit/6d7e8eb18f2d7d368fb8e29516fcdeaeb8d349b8

reference_url

https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-cg44-9m43-3f9v

reference_id

GHSA-cg44-9m43-3f9v

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:31:25Z/

url

https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-cg44-9m43-3f9v

fixed_packages

url	pkg:deb/debian/modsecurity-apache@2.9.7-1%2Bdeb12u2
purl	pkg:deb/debian/modsecurity-apache@2.9.7-1%2Bdeb12u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity-apache@2.9.7-1%252Bdeb12u2

aliases CVE-2025-54571

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qrsw-p6vk-pydk

url VCID-sm3m-cydd-w3av

vulnerability_id VCID-sm3m-cydd-w3av

summary mod_security: ModSecurity Denial of Service Vulnerability

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48866.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48866.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-48866

reference_id

reference_type

scores

value	0.0107
scoring_system	epss
scoring_elements	0.77679
published_at	2026-04-02T12:55:00Z

value	0.0107
scoring_system	epss
scoring_elements	0.77768
published_at	2026-04-18T12:55:00Z

value	0.0107
scoring_system	epss
scoring_elements	0.77706
published_at	2026-04-04T12:55:00Z

value	0.0107
scoring_system	epss
scoring_elements	0.77689
published_at	2026-04-07T12:55:00Z

value	0.0107
scoring_system	epss
scoring_elements	0.77718
published_at	2026-04-08T12:55:00Z

value	0.0107
scoring_system	epss
scoring_elements	0.77723
published_at	2026-04-09T12:55:00Z

value	0.0107
scoring_system	epss
scoring_elements	0.77749
published_at	2026-04-11T12:55:00Z

value	0.0107
scoring_system	epss
scoring_elements	0.77733
published_at	2026-04-12T12:55:00Z

value	0.0107
scoring_system	epss
scoring_elements	0.77732
published_at	2026-04-13T12:55:00Z

value	0.0107
scoring_system	epss
scoring_elements	0.7777
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-48866

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48866
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48866

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107196
reference_id	1107196
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107196

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2369827
reference_id	2369827
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2369827

reference_url

https://github.com/owasp-modsecurity/ModSecurity/commit/3a54ccea62d3f7151bb08cb78d60c5e90b53ca2e

reference_id

3a54ccea62d3f7151bb08cb78d60c5e90b53ca2e

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-02T15:52:43Z/

url

https://github.com/owasp-modsecurity/ModSecurity/commit/3a54ccea62d3f7151bb08cb78d60c5e90b53ca2e

reference_url

https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-859r-vvv8-rm8r

reference_id

GHSA-859r-vvv8-rm8r

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-02T15:52:43Z/

url

https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-859r-vvv8-rm8r

reference_url

https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-f82j-8pp7-cw2w

reference_id

GHSA-f82j-8pp7-cw2w

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-02T15:52:43Z/

url

https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-f82j-8pp7-cw2w

reference_url

https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v2.x)#sanitisearg

reference_id

Reference-Manual-(v2.x)#sanitisearg

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-02T15:52:43Z/

url

https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v2.x)#sanitisearg

reference_url	https://access.redhat.com/errata/RHSA-2025:12838
reference_id	RHSA-2025:12838
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:12838

reference_url	https://access.redhat.com/errata/RHSA-2025:13670
reference_id	RHSA-2025:13670
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13670

reference_url	https://access.redhat.com/errata/RHSA-2025:13716
reference_id	RHSA-2025:13716
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13716

reference_url	https://access.redhat.com/errata/RHSA-2025:13775
reference_id	RHSA-2025:13775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13775

reference_url	https://usn.ubuntu.com/7567-1/
reference_id	USN-7567-1
reference_type
scores
url	https://usn.ubuntu.com/7567-1/

fixed_packages

url	pkg:deb/debian/modsecurity-apache@2.9.7-1%2Bdeb12u2
purl	pkg:deb/debian/modsecurity-apache@2.9.7-1%2Bdeb12u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity-apache@2.9.7-1%252Bdeb12u2

aliases CVE-2025-48866

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sm3m-cydd-w3av

url VCID-tyyt-k2cb-dygb

vulnerability_id VCID-tyyt-k2cb-dygb

summary modsecurity: ModSecurity Has Possible DoS Vulnerability

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47947.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47947.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-47947

reference_id

reference_type

scores

value	0.00513
scoring_system	epss
scoring_elements	0.66477
published_at	2026-04-02T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66564
published_at	2026-04-18T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66537
published_at	2026-04-09T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66556
published_at	2026-04-11T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66543
published_at	2026-04-12T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66512
published_at	2026-04-13T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66547
published_at	2026-04-16T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66503
published_at	2026-04-04T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66474
published_at	2026-04-07T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66523
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-47947

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47947
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47947

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106286
reference_id	1106286
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106286

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2367903
reference_id	2367903
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2367903

reference_url

https://github.com/owasp-modsecurity/ModSecurity/pull/3389

reference_id

3389

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-22T15:51:29Z/

url

https://github.com/owasp-modsecurity/ModSecurity/pull/3389

reference_url

https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-859r-vvv8-rm8r

reference_id

GHSA-859r-vvv8-rm8r

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-22T15:51:29Z/

url

https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-859r-vvv8-rm8r

reference_url	https://access.redhat.com/errata/RHSA-2025:13680
reference_id	RHSA-2025:13680
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13680

reference_url	https://access.redhat.com/errata/RHSA-2025:13681
reference_id	RHSA-2025:13681
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13681

reference_url	https://access.redhat.com/errata/RHSA-2025:8605
reference_id	RHSA-2025:8605
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8605

reference_url	https://access.redhat.com/errata/RHSA-2025:8626
reference_id	RHSA-2025:8626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8626

reference_url	https://access.redhat.com/errata/RHSA-2025:8627
reference_id	RHSA-2025:8627
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8627

reference_url	https://access.redhat.com/errata/RHSA-2025:8674
reference_id	RHSA-2025:8674
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8674

reference_url	https://access.redhat.com/errata/RHSA-2025:8837
reference_id	RHSA-2025:8837
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8837

reference_url	https://access.redhat.com/errata/RHSA-2025:8844
reference_id	RHSA-2025:8844
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8844

reference_url	https://access.redhat.com/errata/RHSA-2025:8917
reference_id	RHSA-2025:8917
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8917

reference_url	https://access.redhat.com/errata/RHSA-2025:8922
reference_id	RHSA-2025:8922
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8922

reference_url	https://access.redhat.com/errata/RHSA-2025:8937
reference_id	RHSA-2025:8937
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8937

reference_url	https://usn.ubuntu.com/7567-1/
reference_id	USN-7567-1
reference_type
scores
url	https://usn.ubuntu.com/7567-1/

fixed_packages

url	pkg:deb/debian/modsecurity-apache@2.9.7-1%2Bdeb12u2
purl	pkg:deb/debian/modsecurity-apache@2.9.7-1%2Bdeb12u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity-apache@2.9.7-1%252Bdeb12u2

aliases CVE-2025-47947

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tyyt-k2cb-dygb

Fixing_vulnerabilities

url VCID-fc2s-mxh1-yfeh

vulnerability_id VCID-fc2s-mxh1-yfeh

summary modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24021.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24021.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-24021

reference_id

reference_type

scores

value	0.001
scoring_system	epss
scoring_elements	0.27829
published_at	2026-04-02T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27658
published_at	2026-04-18T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.2787
published_at	2026-04-04T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27661
published_at	2026-04-07T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27729
published_at	2026-04-08T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27772
published_at	2026-04-09T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27778
published_at	2026-04-11T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27735
published_at	2026-04-12T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27676
published_at	2026-04-13T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27684
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-24021

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24021
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24021

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029329
reference_id	1029329
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029329

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2163615
reference_id	2163615
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2163615

reference_url

https://github.com/SpiderLabs/ModSecurity/pull/2857

reference_id

2857

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-02T16:17:41Z/

url

https://github.com/SpiderLabs/ModSecurity/pull/2857

reference_url

https://github.com/SpiderLabs/ModSecurity/pull/2857/commits/4324f0ac59f8225aa44bc5034df60dbeccd1d334

reference_id

4324f0ac59f8225aa44bc5034df60dbeccd1d334

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-02T16:17:41Z/

url

https://github.com/SpiderLabs/ModSecurity/pull/2857/commits/4324f0ac59f8225aa44bc5034df60dbeccd1d334

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/

reference_id

52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-02T16:17:41Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/

reference_url

https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html

reference_id

msg00023.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-02T16:17:41Z/

url

https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2023:4629
reference_id	RHSA-2023:4629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4629

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/

reference_id

SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-02T16:17:41Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/

reference_url	https://usn.ubuntu.com/6370-1/
reference_id	USN-6370-1
reference_type
scores
url	https://usn.ubuntu.com/6370-1/

reference_url

https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.7

reference_id

v2.9.7

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-02T16:17:41Z/

url

https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.7

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/

reference_id

WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-02T16:17:41Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/

fixed_packages

url pkg:deb/debian/modsecurity-apache@2.9.3-3%2Bdeb11u2

purl pkg:deb/debian/modsecurity-apache@2.9.3-3%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qrsw-p6vk-pydk

vulnerability	VCID-sm3m-cydd-w3av

vulnerability	VCID-tyyt-k2cb-dygb

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity-apache@2.9.3-3%252Bdeb11u2

aliases CVE-2023-24021

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fc2s-mxh1-yfeh

url VCID-kg7a-8fqh-mffc

vulnerability_id VCID-kg7a-8fqh-mffc

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-42717

reference_id

reference_type

scores

value	0.0204
scoring_system	epss
scoring_elements	0.83862
published_at	2026-04-18T12:55:00Z

value	0.0204
scoring_system	epss
scoring_elements	0.83765
published_at	2026-04-01T12:55:00Z

value	0.0204
scoring_system	epss
scoring_elements	0.83778
published_at	2026-04-02T12:55:00Z

value	0.0204
scoring_system	epss
scoring_elements	0.83792
published_at	2026-04-04T12:55:00Z

value	0.0204
scoring_system	epss
scoring_elements	0.83793
published_at	2026-04-07T12:55:00Z

value	0.0204
scoring_system	epss
scoring_elements	0.83817
published_at	2026-04-08T12:55:00Z

value	0.0204
scoring_system	epss
scoring_elements	0.83823
published_at	2026-04-09T12:55:00Z

value	0.0204
scoring_system	epss
scoring_elements	0.83839
published_at	2026-04-11T12:55:00Z

value	0.0204
scoring_system	epss
scoring_elements	0.83833
published_at	2026-04-12T12:55:00Z

value	0.0204
scoring_system	epss
scoring_elements	0.83828
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-42717

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42717
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42717

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://usn.ubuntu.com/6370-1/
reference_id	USN-6370-1
reference_type
scores
url	https://usn.ubuntu.com/6370-1/

fixed_packages

url pkg:deb/debian/modsecurity-apache@2.9.3-1%2Bdeb10u1

purl pkg:deb/debian/modsecurity-apache@2.9.3-1%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fc2s-mxh1-yfeh

vulnerability	VCID-kg7a-8fqh-mffc

vulnerability	VCID-qrsw-p6vk-pydk

vulnerability	VCID-sm3m-cydd-w3av

vulnerability	VCID-tyyt-k2cb-dygb

vulnerability	VCID-y8ty-2cp5-y3gm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity-apache@2.9.3-1%252Bdeb10u1

url pkg:deb/debian/modsecurity-apache@2.9.3-3%2Bdeb11u2

purl pkg:deb/debian/modsecurity-apache@2.9.3-3%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qrsw-p6vk-pydk

vulnerability	VCID-sm3m-cydd-w3av

vulnerability	VCID-tyyt-k2cb-dygb

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity-apache@2.9.3-3%252Bdeb11u2

aliases CVE-2021-42717

risk_score 1.9

exploitability 0.5

weighted_severity 3.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kg7a-8fqh-mffc

url VCID-y8ty-2cp5-y3gm

vulnerability_id VCID-y8ty-2cp5-y3gm

summary mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48279.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48279.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-48279

reference_id

reference_type

scores

value	0.00649
scoring_system	epss
scoring_elements	0.7075
published_at	2026-04-02T12:55:00Z

value	0.00649
scoring_system	epss
scoring_elements	0.70847
published_at	2026-04-18T12:55:00Z

value	0.00649
scoring_system	epss
scoring_elements	0.70768
published_at	2026-04-04T12:55:00Z

value	0.00649
scoring_system	epss
scoring_elements	0.70743
published_at	2026-04-07T12:55:00Z

value	0.00649
scoring_system	epss
scoring_elements	0.70788
published_at	2026-04-08T12:55:00Z

value	0.00649
scoring_system	epss
scoring_elements	0.70804
published_at	2026-04-09T12:55:00Z

value	0.00649
scoring_system	epss
scoring_elements	0.70827
published_at	2026-04-11T12:55:00Z

value	0.00649
scoring_system	epss
scoring_elements	0.70811
published_at	2026-04-12T12:55:00Z

value	0.00649
scoring_system	epss
scoring_elements	0.70795
published_at	2026-04-13T12:55:00Z

value	0.00649
scoring_system	epss
scoring_elements	0.70841
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-48279

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48279
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48279

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2163622
reference_id	2163622
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2163622

reference_url

https://github.com/SpiderLabs/ModSecurity/pull/2795

reference_id

2795

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/

url

https://github.com/SpiderLabs/ModSecurity/pull/2795

reference_url

https://github.com/SpiderLabs/ModSecurity/pull/2797

reference_id

2797

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/

url

https://github.com/SpiderLabs/ModSecurity/pull/2797

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/

reference_id

52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/

reference_url

https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/

reference_id

crs-version-3-3-3-and-3-2-2-covering-several-cves

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/

url

https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/

reference_url

https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html

reference_id

msg00023.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/

url

https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2023:4629
reference_id	RHSA-2023:4629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4629

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/

reference_id

SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/

reference_url	https://usn.ubuntu.com/6370-1/
reference_id	USN-6370-1
reference_type
scores
url	https://usn.ubuntu.com/6370-1/

reference_url

https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6

reference_id

v2.9.6

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/

url

https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6

reference_url

https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8

reference_id

v3.0.8

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/

url

https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/

reference_id

WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/

fixed_packages

url pkg:deb/debian/modsecurity-apache@2.9.3-3%2Bdeb11u2

purl pkg:deb/debian/modsecurity-apache@2.9.3-3%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qrsw-p6vk-pydk

vulnerability	VCID-sm3m-cydd-w3av

vulnerability	VCID-tyyt-k2cb-dygb

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity-apache@2.9.3-3%252Bdeb11u2

aliases CVE-2022-48279

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y8ty-2cp5-y3gm

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity-apache@2.9.3-3%252Bdeb11u2

Package Instance