Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.374-1.git.439.966c536?arch=el7
Typerpm
Namespaceredhat
Namegolang-github-openshift-oauth-proxy
Version3.11.374-1.git.439.966c536
Qualifiers
arch el7
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-3tpx-rnju-w3dw
vulnerability_id VCID-3tpx-rnju-w3dw
summary 
golang.org/x/crypto/salsa20/salsa uses insufficiently random values
An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.

### Specific Go Packages Affected
golang.org/x/crypto/salsa20/salsa
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11840.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11840.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11840
reference_id
reference_type
scores
0
value 0.02086
scoring_system epss
scoring_elements 0.84038
published_at 2026-04-21T12:55:00Z
1
value 0.02086
scoring_system epss
scoring_elements 0.84037
published_at 2026-04-18T12:55:00Z
2
value 0.02086
scoring_system epss
scoring_elements 0.84035
published_at 2026-04-16T12:55:00Z
3
value 0.02086
scoring_system epss
scoring_elements 0.84011
published_at 2026-04-13T12:55:00Z
4
value 0.02086
scoring_system epss
scoring_elements 0.84015
published_at 2026-04-12T12:55:00Z
5
value 0.02086
scoring_system epss
scoring_elements 0.84021
published_at 2026-04-11T12:55:00Z
6
value 0.02086
scoring_system epss
scoring_elements 0.84006
published_at 2026-04-09T12:55:00Z
7
value 0.02086
scoring_system epss
scoring_elements 0.83999
published_at 2026-04-08T12:55:00Z
8
value 0.02086
scoring_system epss
scoring_elements 0.83976
published_at 2026-04-07T12:55:00Z
9
value 0.02705
scoring_system epss
scoring_elements 0.85853
published_at 2026-04-04T12:55:00Z
10
value 0.02705
scoring_system epss
scoring_elements 0.85835
published_at 2026-04-02T12:55:00Z
11
value 0.02705
scoring_system epss
scoring_elements 0.85824
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11840
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1691529
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1691529
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11840
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11840
4
reference_url https://github.com/golang/go
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/golang/go
5
reference_url https://github.com/golang/go/issues/30965
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/golang/go/issues/30965
6
reference_url https://go.dev/cl/168406
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.dev/cl/168406
7
reference_url https://go.dev/issue/30965
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.dev/issue/30965
8
reference_url https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d
9
reference_url https://groups.google.com/forum/#!msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ
10
reference_url https://groups.google.com/g/golang-announce/c/tjyNcJxb2vQ/m/n0NRBziSCAAJ
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/golang-announce/c/tjyNcJxb2vQ/m/n0NRBziSCAAJ
11
reference_url https://lists.debian.org/debian-lts-announce/2019/06/msg00029.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/06/msg00029.html
12
reference_url https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
13
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00016.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/11/msg00016.html
14
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00030.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/11/msg00030.html
15
reference_url https://lists.debian.org/debian-lts-announce/2021/01/msg00015.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/01/msg00015.html
16
reference_url https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11840
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11840
18
reference_url https://pkg.go.dev/vuln/GO-2022-0209
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2022-0209
19
reference_url https://access.redhat.com/errata/RHSA-2021:0079
reference_id RHSA-2021:0079
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0079
fixed_packages
aliases CVE-2019-11840, GHSA-r5c5-pr8j-pfp7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3tpx-rnju-w3dw
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.374-1.git.439.966c536%3Farch=el7