Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/python-django@1.1.1-1?distro=trixie

Type deb

Namespace debian

Name python-django

Version 1.1.1-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.2.1

Latest_non_vulnerable_version 3:5.2.14-2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-y1ks-arp8-23hm

vulnerability_id VCID-y1ks-arp8-23hm

summary Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression.

references

reference_url

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550457

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550457

reference_url

http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51

reference_url	http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51/
reference_id
reference_type
scores
url	http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51/

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3695.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3695.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-3695

reference_id

reference_type

scores

value	0.06201
scoring_system	epss
scoring_elements	0.91008
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-3695

reference_url	http://secunia.com/advisories/36948
reference_id
reference_type
scores
url	http://secunia.com/advisories/36948

reference_url	http://secunia.com/advisories/36968
reference_id
reference_type
scores
url	http://secunia.com/advisories/36968

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/53727

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/53727

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/594a28a9044120bed58671dde8a805c9e0f6c79a

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/594a28a9044120bed58671dde8a805c9e0f6c79a

reference_url

https://github.com/django/django/commit/e3e992e18b368fcd56aabafc1b5bf80a6e11b495

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/e3e992e18b368fcd56aabafc1b5bf80a6e11b495

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2009-4.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2009-4.yaml

reference_url

https://web.archive.org/web/20091013093057/http://secunia.com/advisories/36968

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20091013093057/http://secunia.com/advisories/36968

reference_url

https://web.archive.org/web/20091017070244/http://secunia.com/advisories/36948

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20091017070244/http://secunia.com/advisories/36948

reference_url

https://web.archive.org/web/20200228171918/http://www.securityfocus.com/bid/36655

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228171918/http://www.securityfocus.com/bid/36655

reference_url

http://www.debian.org/security/2009/dsa-1905

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2009/dsa-1905

reference_url

http://www.djangoproject.com/weblog/2009/oct/09/security

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.djangoproject.com/weblog/2009/oct/09/security

reference_url	http://www.djangoproject.com/weblog/2009/oct/09/security/
reference_id
reference_type
scores
url	http://www.djangoproject.com/weblog/2009/oct/09/security/

reference_url

http://www.openwall.com/lists/oss-security/2009/10/13/6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2009/10/13/6

reference_url	http://www.securityfocus.com/bid/36655
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/36655

reference_url	http://www.vupen.com/english/advisories/2009/2871
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/2871

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=528246
reference_id	528246
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=528246

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550457
reference_id	550457
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550457

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2009-3695

reference_id

CVE-2009-3695

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2009-3695

reference_url

https://github.com/advisories/GHSA-p6m5-h7pp-v2x5

reference_id

GHSA-p6m5-h7pp-v2x5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p6m5-h7pp-v2x5

fixed_packages

url	pkg:deb/debian/python-django@1.1.1-1?distro=trixie
purl	pkg:deb/debian/python-django@1.1.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1.1.1-1%3Fdistro=trixie

url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie

purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32d1-b8f2-hud5

vulnerability	VCID-3ccr-92q5-aqfk

vulnerability	VCID-63c7-mkxw-ufav

vulnerability	VCID-92z2-3rbz-77h9

vulnerability	VCID-ape9-66ck-nfez

vulnerability	VCID-cg44-thdw-cygg

vulnerability	VCID-dac4-fa2z-bkdq

vulnerability	VCID-g22z-jue5-8udz

vulnerability	VCID-heum-8mwz-sbcw

vulnerability	VCID-j2uz-w2ur-7ud4

vulnerability	VCID-jt9m-kd3k-uqca

vulnerability	VCID-q4cv-2m7d-3qd5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2%3Fdistro=trixie

url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32d1-b8f2-hud5

vulnerability	VCID-3ccr-92q5-aqfk

vulnerability	VCID-63c7-mkxw-ufav

vulnerability	VCID-92z2-3rbz-77h9

vulnerability	VCID-ape9-66ck-nfez

vulnerability	VCID-cg44-thdw-cygg

vulnerability	VCID-dac4-fa2z-bkdq

vulnerability	VCID-g22z-jue5-8udz

vulnerability	VCID-heum-8mwz-sbcw

vulnerability	VCID-j2uz-w2ur-7ud4

vulnerability	VCID-jt9m-kd3k-uqca

vulnerability	VCID-q4cv-2m7d-3qd5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32d1-b8f2-hud5

vulnerability	VCID-3ccr-92q5-aqfk

vulnerability	VCID-63c7-mkxw-ufav

vulnerability	VCID-92z2-3rbz-77h9

vulnerability	VCID-cg44-thdw-cygg

vulnerability	VCID-dac4-fa2z-bkdq

vulnerability	VCID-g22z-jue5-8udz

vulnerability	VCID-heum-8mwz-sbcw

vulnerability	VCID-j2uz-w2ur-7ud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3ccr-92q5-aqfk

vulnerability	VCID-92z2-3rbz-77h9

vulnerability	VCID-g22z-jue5-8udz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie

url	pkg:deb/debian/python-django@3:5.2.14-2?distro=trixie
purl	pkg:deb/debian/python-django@3:5.2.14-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:5.2.14-2%3Fdistro=trixie

aliases CVE-2009-3695, GHSA-p6m5-h7pp-v2x5, PYSEC-2009-4

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y1ks-arp8-23hm

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1.1.1-1%3Fdistro=trixie

Package Instance