Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/xmlsec1@1.2.9-8.1?arch=1
Typerpm
Namespaceredhat
Namexmlsec1
Version1.2.9-8.1
Qualifiers
arch 1
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-z7ht-bq8z-3qgd
vulnerability_id VCID-z7ht-bq8z-3qgd
summary 
XML signature HMAC truncation authentication bypass
This package uses a parameter that defines an HMAC truncation length (`HMACOutputLength`) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0217.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0217.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-0217
reference_id
reference_type
scores
0
value 0.01986
scoring_system epss
scoring_elements 0.83541
published_at 2026-04-02T12:55:00Z
1
value 0.01986
scoring_system epss
scoring_elements 0.83581
published_at 2026-04-08T12:55:00Z
2
value 0.01986
scoring_system epss
scoring_elements 0.83557
published_at 2026-04-07T12:55:00Z
3
value 0.01986
scoring_system epss
scoring_elements 0.83556
published_at 2026-04-04T12:55:00Z
4
value 0.01986
scoring_system epss
scoring_elements 0.83529
published_at 2026-04-01T12:55:00Z
5
value 0.01986
scoring_system epss
scoring_elements 0.83605
published_at 2026-04-11T12:55:00Z
6
value 0.01986
scoring_system epss
scoring_elements 0.8359
published_at 2026-04-09T12:55:00Z
7
value 0.0222
scoring_system epss
scoring_elements 0.84514
published_at 2026-04-21T12:55:00Z
8
value 0.0222
scoring_system epss
scoring_elements 0.84512
published_at 2026-04-18T12:55:00Z
9
value 0.0222
scoring_system epss
scoring_elements 0.84491
published_at 2026-04-13T12:55:00Z
10
value 0.0222
scoring_system epss
scoring_elements 0.84495
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-0217
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=511915
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=511915
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217
4
reference_url https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041
5
reference_url https://gitlab.gnome.org/Archive/xmlsec/-/commit/34b349675af9f72eb822837a8772cc1ead7115c7
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/Archive/xmlsec/-/commit/34b349675af9f72eb822837a8772cc1ead7115c7
6
reference_url https://issues.apache.org/bugzilla/show_bug.cgi?id=47526
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/bugzilla/show_bug.cgi?id=47526
7
reference_url https://issues.apache.org/bugzilla/show_bug.cgi?id=47527
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/bugzilla/show_bug.cgi?id=47527
8
reference_url https://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
9
reference_url https://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
10
reference_url https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html
11
reference_url https://marc.info/?l=bugtraq&m=125787273209737&w=2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://marc.info/?l=bugtraq&m=125787273209737&w=2
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2009-0217
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2009-0217
13
reference_url https://rhn.redhat.com/errata/RHSA-2009-1428.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rhn.redhat.com/errata/RHSA-2009-1428.html
14
reference_url https://svn.apache.org/viewvc?revision=794013&view=revision
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://svn.apache.org/viewvc?revision=794013&view=revision
15
reference_url http://svn.apache.org/viewvc?view=revision&revision=794013
reference_id
reference_type
scores
url http://svn.apache.org/viewvc?view=revision&revision=794013
16
reference_url https://www.debian.org/security/2010/dsa-1995
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2010/dsa-1995
17
reference_url https://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
18
reference_url https://www.kb.cert.org/vuls/id/466161
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.kb.cert.org/vuls/id/466161
19
reference_url https://www.kb.cert.org/vuls/id/MAPG-7TSKXQ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.kb.cert.org/vuls/id/MAPG-7TSKXQ
20
reference_url https://www.kb.cert.org/vuls/id/WDON-7TY529
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.kb.cert.org/vuls/id/WDON-7TY529
21
reference_url https://www.mandriva.com/security/advisories?name=MDVSA-2009:209
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.mandriva.com/security/advisories?name=MDVSA-2009:209
22
reference_url https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
23
reference_url https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html
24
reference_url https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html
25
reference_url https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html
26
reference_url https://www.redhat.com/support/errata/RHSA-2009-1694.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/support/errata/RHSA-2009-1694.html
27
reference_url https://www.ubuntu.com/usn/USN-903-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ubuntu.com/usn/USN-903-1
28
reference_url https://www.us-cert.gov/cas/techalerts/TA09-294A.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.us-cert.gov/cas/techalerts/TA09-294A.html
29
reference_url https://www.w3.org/2008/06/xmldsigcore-errata.html#e03
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.w3.org/2008/06/xmldsigcore-errata.html#e03
30
reference_url https://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html
31
reference_url http://www.us-cert.gov/cas/techalerts/TA10-159B.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.us-cert.gov/cas/techalerts/TA10-159B.html
32
reference_url https://bugzilla.redhat.com/CVE-2009-0217
reference_id CVE-2009-0217
reference_type
scores
url https://bugzilla.redhat.com/CVE-2009-0217
33
reference_url https://github.com/advisories/GHSA-8hfm-837h-hjg5
reference_id GHSA-8hfm-837h-hjg5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8hfm-837h-hjg5
34
reference_url https://security.gentoo.org/glsa/201206-13
reference_id GLSA-201206-13
reference_type
scores
url https://security.gentoo.org/glsa/201206-13
35
reference_url https://security.gentoo.org/glsa/201408-19
reference_id GLSA-201408-19
reference_type
scores
url https://security.gentoo.org/glsa/201408-19
36
reference_url https://access.redhat.com/errata/RHSA-2009:1200
reference_id RHSA-2009:1200
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1200
37
reference_url https://access.redhat.com/errata/RHSA-2009:1201
reference_id RHSA-2009:1201
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1201
38
reference_url https://access.redhat.com/errata/RHSA-2009:1428
reference_id RHSA-2009:1428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1428
39
reference_url https://access.redhat.com/errata/RHSA-2009:1636
reference_id RHSA-2009:1636
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1636
40
reference_url https://access.redhat.com/errata/RHSA-2009:1637
reference_id RHSA-2009:1637
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1637
41
reference_url https://access.redhat.com/errata/RHSA-2009:1649
reference_id RHSA-2009:1649
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1649
42
reference_url https://access.redhat.com/errata/RHSA-2009:1650
reference_id RHSA-2009:1650
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1650
43
reference_url https://access.redhat.com/errata/RHSA-2010:0043
reference_id RHSA-2010:0043
reference_type
scores
url https://access.redhat.com/errata/RHSA-2010:0043
44
reference_url https://usn.ubuntu.com/814-1/
reference_id USN-814-1
reference_type
scores
url https://usn.ubuntu.com/814-1/
45
reference_url https://usn.ubuntu.com/826-1/
reference_id USN-826-1
reference_type
scores
url https://usn.ubuntu.com/826-1/
46
reference_url https://usn.ubuntu.com/903-1/
reference_id USN-903-1
reference_type
scores
url https://usn.ubuntu.com/903-1/
fixed_packages
aliases CVE-2009-0217, GHSA-8hfm-837h-hjg5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z7ht-bq8z-3qgd
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/xmlsec1@1.2.9-8.1%3Farch=1