Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/node-qs@6.5.2-1
Typedeb
Namespacedebian
Namenode-qs
Version6.5.2-1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.15.0+ds+~6.15.0-2
Latest_non_vulnerable_version6.15.0+ds+~6.15.0-2
Affected_by_vulnerabilities
0
url VCID-bcuh-2e2c-53gy
vulnerability_id VCID-bcuh-2e2c-53gy
summary 
qs vulnerable to Prototype Pollution
qs before 6.10.3 allows attackers to cause a Node process hang because an `__ proto__` key can be used. In many typical web framework use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as `a[__proto__]=b&a[__proto__]&a[length]=100000000`. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24999.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24999.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24999
reference_id
reference_type
scores
0
value 0.01142
scoring_system epss
scoring_elements 0.78492
published_at 2026-04-26T12:55:00Z
1
value 0.01142
scoring_system epss
scoring_elements 0.78485
published_at 2026-04-24T12:55:00Z
2
value 0.01142
scoring_system epss
scoring_elements 0.78452
published_at 2026-04-21T12:55:00Z
3
value 0.01142
scoring_system epss
scoring_elements 0.78383
published_at 2026-04-02T12:55:00Z
4
value 0.01142
scoring_system epss
scoring_elements 0.78424
published_at 2026-04-08T12:55:00Z
5
value 0.01142
scoring_system epss
scoring_elements 0.78397
published_at 2026-04-07T12:55:00Z
6
value 0.01142
scoring_system epss
scoring_elements 0.78414
published_at 2026-04-04T12:55:00Z
7
value 0.01543
scoring_system epss
scoring_elements 0.81379
published_at 2026-04-09T12:55:00Z
8
value 0.01543
scoring_system epss
scoring_elements 0.81388
published_at 2026-04-12T12:55:00Z
9
value 0.01543
scoring_system epss
scoring_elements 0.814
published_at 2026-04-11T12:55:00Z
10
value 0.01543
scoring_system epss
scoring_elements 0.8138
published_at 2026-04-13T12:55:00Z
11
value 0.01543
scoring_system epss
scoring_elements 0.81418
published_at 2026-04-18T12:55:00Z
12
value 0.01543
scoring_system epss
scoring_elements 0.81417
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24999
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24999
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24999
3
reference_url https://github.com/expressjs/express/releases/tag/4.17.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T13:56:22Z/
url https://github.com/expressjs/express/releases/tag/4.17.3
4
reference_url https://github.com/ljharb/qs
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ljharb/qs
5
reference_url https://github.com/ljharb/qs/commit/4310742efbd8c03f6495f07906b45213da0a32ec
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ljharb/qs/commit/4310742efbd8c03f6495f07906b45213da0a32ec
6
reference_url https://github.com/ljharb/qs/commit/727ef5d34605108acb3513f72d5435972ed15b68
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ljharb/qs/commit/727ef5d34605108acb3513f72d5435972ed15b68
7
reference_url https://github.com/ljharb/qs/commit/73205259936317b40f447c5cdb71c5b341848e1b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ljharb/qs/commit/73205259936317b40f447c5cdb71c5b341848e1b
8
reference_url https://github.com/ljharb/qs/commit/8b4cc14cda94a5c89341b77e5fe435ec6c41be2d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ljharb/qs/commit/8b4cc14cda94a5c89341b77e5fe435ec6c41be2d
9
reference_url https://github.com/ljharb/qs/commit/ba24e74dd17931f825adb52f5633e48293b584e1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ljharb/qs/commit/ba24e74dd17931f825adb52f5633e48293b584e1
10
reference_url https://github.com/ljharb/qs/commit/e799ba57e573a30c14b67c1889c7c04d508b9105
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ljharb/qs/commit/e799ba57e573a30c14b67c1889c7c04d508b9105
11
reference_url https://github.com/ljharb/qs/commit/ed0f5dcbef4b168a8ae299d78b1e4a2e9b1baf1f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ljharb/qs/commit/ed0f5dcbef4b168a8ae299d78b1e4a2e9b1baf1f
12
reference_url https://github.com/ljharb/qs/commit/f945393cfe442fe8c6e62b4156fd35452c0686ee
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ljharb/qs/commit/f945393cfe442fe8c6e62b4156fd35452c0686ee
13
reference_url https://github.com/ljharb/qs/commit/fc3682776670524a42e19709ec4a8138d0d7afda
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ljharb/qs/commit/fc3682776670524a42e19709ec4a8138d0d7afda
14
reference_url https://github.com/ljharb/qs/pull/428
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T13:56:22Z/
url https://github.com/ljharb/qs/pull/428
15
reference_url https://github.com/n8tz/CVE-2022-24999
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T13:56:22Z/
url https://github.com/n8tz/CVE-2022-24999
16
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00039.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T13:56:22Z/
url https://lists.debian.org/debian-lts-announce/2023/01/msg00039.html
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24999
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24999
18
reference_url https://security.netapp.com/advisory/ntap-20230908-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230908-0005
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2150323
reference_id 2150323
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2150323
20
reference_url https://github.com/advisories/GHSA-hrpp-h998-j3pp
reference_id GHSA-hrpp-h998-j3pp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hrpp-h998-j3pp
21
reference_url https://security.netapp.com/advisory/ntap-20230908-0005/
reference_id ntap-20230908-0005
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T13:56:22Z/
url https://security.netapp.com/advisory/ntap-20230908-0005/
22
reference_url https://access.redhat.com/errata/RHSA-2023:0050
reference_id RHSA-2023:0050
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0050
23
reference_url https://access.redhat.com/errata/RHSA-2023:0612
reference_id RHSA-2023:0612
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0612
24
reference_url https://access.redhat.com/errata/RHSA-2023:0930
reference_id RHSA-2023:0930
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0930
25
reference_url https://access.redhat.com/errata/RHSA-2023:0932
reference_id RHSA-2023:0932
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0932
26
reference_url https://access.redhat.com/errata/RHSA-2023:0934
reference_id RHSA-2023:0934
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0934
27
reference_url https://access.redhat.com/errata/RHSA-2023:1428
reference_id RHSA-2023:1428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1428
28
reference_url https://access.redhat.com/errata/RHSA-2023:1533
reference_id RHSA-2023:1533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1533
29
reference_url https://access.redhat.com/errata/RHSA-2023:1742
reference_id RHSA-2023:1742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1742
30
reference_url https://access.redhat.com/errata/RHSA-2023:3265
reference_id RHSA-2023:3265
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3265
31
reference_url https://access.redhat.com/errata/RHSA-2023:3645
reference_id RHSA-2023:3645
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3645
32
reference_url https://usn.ubuntu.com/7693-1/
reference_id USN-7693-1
reference_type
scores
url https://usn.ubuntu.com/7693-1/
fixed_packages
0
url pkg:deb/debian/node-qs@6.9.4%2Bds-1%2Bdeb11u1
purl pkg:deb/debian/node-qs@6.9.4%2Bds-1%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9ykq-nq81-4fcp
1
vulnerability VCID-pxq3-b7gn-3yah
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-qs@6.9.4%252Bds-1%252Bdeb11u1
aliases CVE-2022-24999, GHSA-hrpp-h998-j3pp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bcuh-2e2c-53gy
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/node-qs@6.5.2-1