Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/botan@2.9.0-r0?arch=s390x&distroversion=v3.12&reponame=main
Typeapk
Namespacealpine
Namebotan
Version2.9.0-r0
Qualifiers
arch s390x
distroversion v3.12
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.11.0-r6
Latest_non_vulnerable_version2.11.0-r6
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-4kuj-dkcb-huh8
vulnerability_id VCID-4kuj-dkcb-huh8
summary A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded Montgomery ladder whose loop iteration count depends on the bitlength of the secret. This issue affects only key generation, not ECDSA signatures or ECDH key agreement.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20187
reference_id
reference_type
scores
0
value 0.00393
scoring_system epss
scoring_elements 0.60593
published_at 2026-06-04T12:55:00Z
1
value 0.00393
scoring_system epss
scoring_elements 0.60642
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20187
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20187
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20187
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918732
reference_id 918732
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918732
fixed_packages
0
url pkg:apk/alpine/botan@2.9.0-r0?arch=s390x&distroversion=v3.12&reponame=main
purl pkg:apk/alpine/botan@2.9.0-r0?arch=s390x&distroversion=v3.12&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/botan@2.9.0-r0%3Farch=s390x&distroversion=v3.12&reponame=main
aliases CVE-2018-20187
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4kuj-dkcb-huh8
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/botan@2.9.0-r0%3Farch=s390x&distroversion=v3.12&reponame=main