Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/dask@1.2.2
Typepypi
Namespace
Namedask
Version1.2.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2024.9.0
Latest_non_vulnerable_version2024.9.0
Affected_by_vulnerabilities
0
url VCID-3nm6-d5m2-5yd1
vulnerability_id VCID-3nm6-d5m2-5yd1
summary arbitrary code execution
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-42343
reference_id
reference_type
scores
0
value 0.0468
scoring_system epss
scoring_elements 0.89537
published_at 2026-06-06T12:55:00Z
1
value 0.0468
scoring_system epss
scoring_elements 0.8952
published_at 2026-06-04T12:55:00Z
2
value 0.0468
scoring_system epss
scoring_elements 0.89536
published_at 2026-06-07T12:55:00Z
3
value 0.0468
scoring_system epss
scoring_elements 0.89538
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-42343
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42343
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42343
2
reference_url https://docs.dask.org/en/latest/changelog.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://docs.dask.org/en/latest/changelog.html
3
reference_url https://github.com/advisories/GHSA-j8fq-86c5-5v2r
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-j8fq-86c5-5v2r
4
reference_url https://github.com/dask/dask/tags
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dask/dask/tags
5
reference_url https://github.com/dask/distributed
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dask/distributed
6
reference_url https://github.com/dask/distributed/commit/afce4be8e05fb180e50a9d9e38465f1a82295e1b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dask/distributed/commit/afce4be8e05fb180e50a9d9e38465f1a82295e1b
7
reference_url https://github.com/dask/distributed/pull/5427
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dask/distributed/pull/5427
8
reference_url https://github.com/dask/distributed/security/advisories/GHSA-hwqr-f3v9-hwxr
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dask/distributed/security/advisories/GHSA-hwqr-f3v9-hwxr
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/dask/PYSEC-2021-387.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/dask/PYSEC-2021-387.yaml
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/distributed/PYSEC-2021-871.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/distributed/PYSEC-2021-871.yaml
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/distributed/PYSEC-2021-872.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/distributed/PYSEC-2021-872.yaml
12
reference_url https://security.archlinux.org/AVG-2496
reference_id AVG-2496
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2496
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-42343
reference_id CVE-2021-42343
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-42343
14
reference_url https://github.com/advisories/GHSA-hwqr-f3v9-hwxr
reference_id GHSA-hwqr-f3v9-hwxr
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hwqr-f3v9-hwxr
fixed_packages
0
url pkg:pypi/dask@2021.10.0
purl pkg:pypi/dask@2021.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n6bg-c2sx-13dg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/dask@2021.10.0
aliases CVE-2021-42343, GHSA-hwqr-f3v9-hwxr, GHSA-j8fq-86c5-5v2r, GMS-2022-3213, PYSEC-2021-387, PYSEC-2021-871, PYSEC-2021-872
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3nm6-d5m2-5yd1
1
url VCID-n6bg-c2sx-13dg
vulnerability_id VCID-n6bg-c2sx-13dg
summary 
Withdrawn Advisory: Dask Vulnerable to Command Injection
# Withdrawn Advisory
This advisory has been withdrawn because it describes [intended functionality](https://distributed.dask.org/en/stable/limitations.html?highlight=host#security). This link is maintained to preserve external references.

# Original Description

Dask versions <=2024.8.2 contain a vulnerability in the Dask Distributed Server where the use of pickle serialization allows attackers to craft malicious objects. These objects can be serialized on the client side and sent to the server for deserialization, leading to remote command execution and potentially granting full control over the Dask server.
references
0
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1
reference_url https://github.com/dask/dask
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dask/dask
2
reference_url https://huntr.com/bounties/a4be847b-a52d-42cc-9e78-3299e2d30ab2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://huntr.com/bounties/a4be847b-a52d-42cc-9e78-3299e2d30ab2
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-10096
reference_id CVE-2024-10096
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-10096
4
reference_url https://github.com/advisories/GHSA-xqgj-r6xv-9cw4
reference_id GHSA-xqgj-r6xv-9cw4
reference_type
scores
url https://github.com/advisories/GHSA-xqgj-r6xv-9cw4
fixed_packages
0
url pkg:pypi/dask@2024.9.0
purl pkg:pypi/dask@2024.9.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/dask@2024.9.0
aliases CVE-2024-10096, GHSA-xqgj-r6xv-9cw4
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n6bg-c2sx-13dg
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/dask@1.2.2