Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/modsecurity@3.0.9-1%2Bdeb12u1
Typedeb
Namespacedebian
Namemodsecurity
Version3.0.9-1+deb12u1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.0.14-1
Latest_non_vulnerable_version3.0.14-1
Affected_by_vulnerabilities
0
url VCID-93qw-yjha-tyce
vulnerability_id VCID-93qw-yjha-tyce
summary ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-1019
reference_id
reference_type
scores
0
value 0.00306
scoring_system epss
scoring_elements 0.53751
published_at 2026-04-07T12:55:00Z
1
value 0.00306
scoring_system epss
scoring_elements 0.53778
published_at 2026-04-04T12:55:00Z
2
value 0.00306
scoring_system epss
scoring_elements 0.53803
published_at 2026-04-08T12:55:00Z
3
value 0.00306
scoring_system epss
scoring_elements 0.53801
published_at 2026-04-09T12:55:00Z
4
value 0.00306
scoring_system epss
scoring_elements 0.53849
published_at 2026-04-11T12:55:00Z
5
value 0.00306
scoring_system epss
scoring_elements 0.53832
published_at 2026-04-12T12:55:00Z
6
value 0.00306
scoring_system epss
scoring_elements 0.53816
published_at 2026-04-13T12:55:00Z
7
value 0.00306
scoring_system epss
scoring_elements 0.53853
published_at 2026-04-16T12:55:00Z
8
value 0.00306
scoring_system epss
scoring_elements 0.53857
published_at 2026-04-18T12:55:00Z
9
value 0.00306
scoring_system epss
scoring_elements 0.53837
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-1019
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1019
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1019
fixed_packages
0
url pkg:deb/debian/modsecurity@3.0.14-1
purl pkg:deb/debian/modsecurity@3.0.14-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.14-1
aliases CVE-2024-1019
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-93qw-yjha-tyce
Fixing_vulnerabilities
0
url VCID-azf2-ue64-y7eb
vulnerability_id VCID-azf2-ue64-y7eb
summary mod_security: DoS Vulnerability in Four Transformations
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38285.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38285.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38285
reference_id
reference_type
scores
0
value 0.00487
scoring_system epss
scoring_elements 0.65415
published_at 2026-04-02T12:55:00Z
1
value 0.00487
scoring_system epss
scoring_elements 0.65469
published_at 2026-04-09T12:55:00Z
2
value 0.00487
scoring_system epss
scoring_elements 0.65446
published_at 2026-04-13T12:55:00Z
3
value 0.00487
scoring_system epss
scoring_elements 0.65484
published_at 2026-04-16T12:55:00Z
4
value 0.00487
scoring_system epss
scoring_elements 0.65495
published_at 2026-04-18T12:55:00Z
5
value 0.00487
scoring_system epss
scoring_elements 0.65442
published_at 2026-04-04T12:55:00Z
6
value 0.00487
scoring_system epss
scoring_elements 0.65405
published_at 2026-04-07T12:55:00Z
7
value 0.00487
scoring_system epss
scoring_elements 0.65458
published_at 2026-04-08T12:55:00Z
8
value 0.00487
scoring_system epss
scoring_elements 0.65488
published_at 2026-04-11T12:55:00Z
9
value 0.00487
scoring_system epss
scoring_elements 0.65474
published_at 2026-04-12T12:55:00Z
10
value 0.00555
scoring_system epss
scoring_elements 0.6815
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38285
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38285
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38285
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042475
reference_id 1042475
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042475
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2226930
reference_id 2226930
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2226930
5
reference_url https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/
reference_id end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T15:41:59Z/
url https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/
6
reference_url https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/
reference_id modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T15:41:59Z/
url https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/
fixed_packages
0
url pkg:deb/debian/modsecurity@3.0.9-1%2Bdeb12u1
purl pkg:deb/debian/modsecurity@3.0.9-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93qw-yjha-tyce
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.9-1%252Bdeb12u1
aliases CVE-2023-38285
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-azf2-ue64-y7eb
1
url VCID-kg7a-8fqh-mffc
vulnerability_id VCID-kg7a-8fqh-mffc
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-42717
reference_id
reference_type
scores
0
value 0.0204
scoring_system epss
scoring_elements 0.8386
published_at 2026-04-21T12:55:00Z
1
value 0.0204
scoring_system epss
scoring_elements 0.83765
published_at 2026-04-01T12:55:00Z
2
value 0.0204
scoring_system epss
scoring_elements 0.83778
published_at 2026-04-02T12:55:00Z
3
value 0.0204
scoring_system epss
scoring_elements 0.83792
published_at 2026-04-04T12:55:00Z
4
value 0.0204
scoring_system epss
scoring_elements 0.83793
published_at 2026-04-07T12:55:00Z
5
value 0.0204
scoring_system epss
scoring_elements 0.83817
published_at 2026-04-08T12:55:00Z
6
value 0.0204
scoring_system epss
scoring_elements 0.83823
published_at 2026-04-09T12:55:00Z
7
value 0.0204
scoring_system epss
scoring_elements 0.83839
published_at 2026-04-11T12:55:00Z
8
value 0.0204
scoring_system epss
scoring_elements 0.83833
published_at 2026-04-12T12:55:00Z
9
value 0.0204
scoring_system epss
scoring_elements 0.83828
published_at 2026-04-13T12:55:00Z
10
value 0.0204
scoring_system epss
scoring_elements 0.83862
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-42717
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42717
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42717
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://usn.ubuntu.com/6370-1/
reference_id USN-6370-1
reference_type
scores
url https://usn.ubuntu.com/6370-1/
fixed_packages
0
url pkg:deb/debian/modsecurity@3.0.9-1%2Bdeb12u1
purl pkg:deb/debian/modsecurity@3.0.9-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93qw-yjha-tyce
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.9-1%252Bdeb12u1
aliases CVE-2021-42717
risk_score 1.9
exploitability 0.5
weighted_severity 3.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kg7a-8fqh-mffc
2
url VCID-y8ty-2cp5-y3gm
vulnerability_id VCID-y8ty-2cp5-y3gm
summary mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48279.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48279.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-48279
reference_id
reference_type
scores
0
value 0.00649
scoring_system epss
scoring_elements 0.7075
published_at 2026-04-02T12:55:00Z
1
value 0.00649
scoring_system epss
scoring_elements 0.70825
published_at 2026-04-21T12:55:00Z
2
value 0.00649
scoring_system epss
scoring_elements 0.70768
published_at 2026-04-04T12:55:00Z
3
value 0.00649
scoring_system epss
scoring_elements 0.70743
published_at 2026-04-07T12:55:00Z
4
value 0.00649
scoring_system epss
scoring_elements 0.70788
published_at 2026-04-08T12:55:00Z
5
value 0.00649
scoring_system epss
scoring_elements 0.70804
published_at 2026-04-09T12:55:00Z
6
value 0.00649
scoring_system epss
scoring_elements 0.70827
published_at 2026-04-11T12:55:00Z
7
value 0.00649
scoring_system epss
scoring_elements 0.70811
published_at 2026-04-12T12:55:00Z
8
value 0.00649
scoring_system epss
scoring_elements 0.70795
published_at 2026-04-13T12:55:00Z
9
value 0.00649
scoring_system epss
scoring_elements 0.70841
published_at 2026-04-16T12:55:00Z
10
value 0.00649
scoring_system epss
scoring_elements 0.70847
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-48279
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48279
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48279
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2163622
reference_id 2163622
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2163622
5
reference_url https://github.com/SpiderLabs/ModSecurity/pull/2795
reference_id 2795
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/
url https://github.com/SpiderLabs/ModSecurity/pull/2795
6
reference_url https://github.com/SpiderLabs/ModSecurity/pull/2797
reference_id 2797
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/
url https://github.com/SpiderLabs/ModSecurity/pull/2797
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/
reference_id 52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/
8
reference_url https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
reference_id crs-version-3-3-3-and-3-2-2-covering-several-cves
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/
url https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
9
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html
reference_id msg00023.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/
url https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html
10
reference_url https://access.redhat.com/errata/RHSA-2023:4628
reference_id RHSA-2023:4628
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4628
11
reference_url https://access.redhat.com/errata/RHSA-2023:4629
reference_id RHSA-2023:4629
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4629
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/
reference_id SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/
13
reference_url https://usn.ubuntu.com/6370-1/
reference_id USN-6370-1
reference_type
scores
url https://usn.ubuntu.com/6370-1/
14
reference_url https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6
reference_id v2.9.6
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/
url https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6
15
reference_url https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8
reference_id v3.0.8
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/
url https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/
reference_id WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/
fixed_packages
0
url pkg:deb/debian/modsecurity@3.0.9-1%2Bdeb12u1
purl pkg:deb/debian/modsecurity@3.0.9-1%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93qw-yjha-tyce
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.9-1%252Bdeb12u1
aliases CVE-2022-48279
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y8ty-2cp5-y3gm
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.9-1%252Bdeb12u1