Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/rh-nodejs4-nodejs-tough-cookie@2.3.3-2?arch=el7
Typerpm
Namespaceredhat
Namerh-nodejs4-nodejs-tough-cookie
Version2.3.3-2
Qualifiers
arch el7
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-am2z-v7gj-nqch
vulnerability_id VCID-am2z-v7gj-nqch
summary 
Uncontrolled Resource Consumption
An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:2912
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2912
1
reference_url https://access.redhat.com/errata/RHSA-2017:2913
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2913
2
reference_url https://access.redhat.com/errata/RHSA-2018:1263
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1263
3
reference_url https://access.redhat.com/errata/RHSA-2018:1264
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1264
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15010.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15010.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-15010
reference_id
reference_type
scores
0
value 0.03942
scoring_system epss
scoring_elements 0.88354
published_at 2026-04-18T12:55:00Z
1
value 0.03942
scoring_system epss
scoring_elements 0.8829
published_at 2026-04-01T12:55:00Z
2
value 0.03942
scoring_system epss
scoring_elements 0.88298
published_at 2026-04-02T12:55:00Z
3
value 0.03942
scoring_system epss
scoring_elements 0.88313
published_at 2026-04-04T12:55:00Z
4
value 0.03942
scoring_system epss
scoring_elements 0.88317
published_at 2026-04-07T12:55:00Z
5
value 0.03942
scoring_system epss
scoring_elements 0.88336
published_at 2026-04-08T12:55:00Z
6
value 0.03942
scoring_system epss
scoring_elements 0.88342
published_at 2026-04-09T12:55:00Z
7
value 0.03942
scoring_system epss
scoring_elements 0.88353
published_at 2026-04-21T12:55:00Z
8
value 0.03942
scoring_system epss
scoring_elements 0.88344
published_at 2026-04-13T12:55:00Z
9
value 0.03942
scoring_system epss
scoring_elements 0.88358
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-15010
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15010
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15010
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/advisories/GHSA-g7q5-pjjr-gqvp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-g7q5-pjjr-gqvp
9
reference_url https://github.com/salesforce/tough-cookie
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/salesforce/tough-cookie
10
reference_url https://github.com/salesforce/tough-cookie/commit/f1ed420a6a92ea7a5418df6e39e676556bc0c71d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/salesforce/tough-cookie/commit/f1ed420a6a92ea7a5418df6e39e676556bc0c71d
11
reference_url https://github.com/salesforce/tough-cookie/issues/92
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/salesforce/tough-cookie/issues/92
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFT/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFT
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFT
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFT/
15
reference_url https://nodesecurity.io/advisories/525
reference_id
reference_type
scores
url https://nodesecurity.io/advisories/525
16
reference_url https://snyk.io/vuln/npm:tough-cookie:20170905
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/npm:tough-cookie:20170905
17
reference_url https://www.npmjs.com/advisories/525
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/525
18
reference_url http://www.securityfocus.com/bid/101185
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/101185
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1493989
reference_id 1493989
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1493989
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877660
reference_id 877660
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877660
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:salesforce:tough-cookie:*:*:*:*:*:node.js:*:*
reference_id cpe:2.3:a:salesforce:tough-cookie:*:*:*:*:*:node.js:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:salesforce:tough-cookie:*:*:*:*:*:node.js:*:*
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-15010
reference_id CVE-2017-15010
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-15010
fixed_packages
aliases CVE-2017-15010, GHSA-g7q5-pjjr-gqvp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-am2z-v7gj-nqch
1
url VCID-gcrq-1at1-bygq
vulnerability_id VCID-gcrq-1at1-bygq
summary 
Improper Input Validation
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.
references
0
reference_url https://access.redhat.com/errata/RHSA-2016:2101
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:2101
1
reference_url https://access.redhat.com/errata/RHSA-2017:2912
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2912
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000232.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000232.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1000232
reference_id
reference_type
scores
0
value 0.00921
scoring_system epss
scoring_elements 0.75909
published_at 2026-04-01T12:55:00Z
1
value 0.00921
scoring_system epss
scoring_elements 0.75991
published_at 2026-04-21T12:55:00Z
2
value 0.00921
scoring_system epss
scoring_elements 0.76006
published_at 2026-04-18T12:55:00Z
3
value 0.00921
scoring_system epss
scoring_elements 0.76003
published_at 2026-04-16T12:55:00Z
4
value 0.00921
scoring_system epss
scoring_elements 0.75964
published_at 2026-04-13T12:55:00Z
5
value 0.00921
scoring_system epss
scoring_elements 0.75971
published_at 2026-04-12T12:55:00Z
6
value 0.00921
scoring_system epss
scoring_elements 0.75994
published_at 2026-04-11T12:55:00Z
7
value 0.00921
scoring_system epss
scoring_elements 0.7597
published_at 2026-04-09T12:55:00Z
8
value 0.00921
scoring_system epss
scoring_elements 0.75956
published_at 2026-04-08T12:55:00Z
9
value 0.00921
scoring_system epss
scoring_elements 0.75923
published_at 2026-04-07T12:55:00Z
10
value 0.00921
scoring_system epss
scoring_elements 0.75945
published_at 2026-04-04T12:55:00Z
11
value 0.00921
scoring_system epss
scoring_elements 0.75913
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1000232
4
reference_url https://github.com/salesforce/tough-cookie
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/salesforce/tough-cookie
5
reference_url https://github.com/salesforce/tough-cookie/commit/615627206357d997d5e6ff9da158997de05235ae
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/salesforce/tough-cookie/commit/615627206357d997d5e6ff9da158997de05235ae
6
reference_url https://github.com/salesforce/tough-cookie/commit/e4fc2e0f9ee1b7a818d68f0ac7ea696f377b1534
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/salesforce/tough-cookie/commit/e4fc2e0f9ee1b7a818d68f0ac7ea696f377b1534
7
reference_url https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-node-js-tough-cookie-module-vulnerability-to-a-denial-of-service-cve-2016-1000232
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-node-js-tough-cookie-module-vulnerability-to-a-denial-of-service-cve-2016-1000232
8
reference_url https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-node-js-tough-cookie-module-vulnerability-to-a-denial-of-service-cve-2016-1000232/
reference_id
reference_type
scores
url https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-node-js-tough-cookie-module-vulnerability-to-a-denial-of-service-cve-2016-1000232/
9
reference_url https://www.npmjs.com/advisories/130
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/130
10
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/130.json
reference_id 130
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/130.json
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1359818
reference_id 1359818
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1359818
12
reference_url https://access.redhat.com/security/cve/cve-2016-1000232
reference_id CVE-2016-1000232
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2016-1000232
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000232
reference_id CVE-2016-1000232
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000232
14
reference_url https://github.com/advisories/GHSA-qhv9-728r-6jqg
reference_id GHSA-qhv9-728r-6jqg
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-qhv9-728r-6jqg
fixed_packages
aliases CVE-2016-1000232, GHSA-qhv9-728r-6jqg
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gcrq-1at1-bygq
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs4-nodejs-tough-cookie@2.3.3-2%3Farch=el7