Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:alpm/archlinux/haproxy@2.4.2-1

Type alpm

Namespace archlinux

Name haproxy

Version 2.4.2-1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.4.3-1

Latest_non_vulnerable_version 2.4.4-1

Affected_by_vulnerabilities

url VCID-93ba-zj92-zqf1

vulnerability_id VCID-93ba-zj92-zqf1

summary haproxy: does not ensure that the scheme and path portions of a URI have the expected characters

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39240.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39240.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39240

reference_id

reference_type

scores

value	0.00066
scoring_system	epss
scoring_elements	0.20318
published_at	2026-04-01T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20303
published_at	2026-04-18T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20312
published_at	2026-04-13T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.203
published_at	2026-04-16T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20461
published_at	2026-04-02T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.2052
published_at	2026-04-04T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20245
published_at	2026-04-07T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20326
published_at	2026-04-08T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20384
published_at	2026-04-09T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20413
published_at	2026-04-11T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20369
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39240

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39240
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39240

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39241
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39241

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39242
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39242

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1995104
reference_id	1995104
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1995104

reference_url

https://security.archlinux.org/AVG-2304

reference_id

AVG-2304

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2304

reference_url	https://access.redhat.com/errata/RHSA-2021:4118
reference_id	RHSA-2021:4118
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4118

reference_url	https://access.redhat.com/errata/RHSA-2021:5208
reference_id	RHSA-2021:5208
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5208

fixed_packages

url	pkg:alpm/archlinux/haproxy@2.4.3-1
purl	pkg:alpm/archlinux/haproxy@2.4.3-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/haproxy@2.4.3-1

aliases CVE-2021-39240

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-93ba-zj92-zqf1

url VCID-atwp-g4uy-3qgg

vulnerability_id VCID-atwp-g4uy-3qgg

summary haproxy: it can lead to a situation with an attacker-controlled HTTP Host header because a mismatch between Host and authority is mishandled

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39242.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39242.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39242

reference_id

reference_type

scores

value	0.00467
scoring_system	epss
scoring_elements	0.64367
published_at	2026-04-01T12:55:00Z

value	0.00467
scoring_system	epss
scoring_elements	0.64495
published_at	2026-04-18T12:55:00Z

value	0.00467
scoring_system	epss
scoring_elements	0.64449
published_at	2026-04-13T12:55:00Z

value	0.00467
scoring_system	epss
scoring_elements	0.64484
published_at	2026-04-16T12:55:00Z

value	0.00467
scoring_system	epss
scoring_elements	0.64421
published_at	2026-04-02T12:55:00Z

value	0.00467
scoring_system	epss
scoring_elements	0.64451
published_at	2026-04-04T12:55:00Z

value	0.00467
scoring_system	epss
scoring_elements	0.6441
published_at	2026-04-07T12:55:00Z

value	0.00467
scoring_system	epss
scoring_elements	0.64458
published_at	2026-04-08T12:55:00Z

value	0.00467
scoring_system	epss
scoring_elements	0.64474
published_at	2026-04-09T12:55:00Z

value	0.00467
scoring_system	epss
scoring_elements	0.6449
published_at	2026-04-11T12:55:00Z

value	0.00467
scoring_system	epss
scoring_elements	0.64478
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39242

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39240
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39240

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39241
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39241

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39242
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39242

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1995112
reference_id	1995112
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1995112

reference_url

https://security.archlinux.org/AVG-2304

reference_id

AVG-2304

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2304

reference_url	https://access.redhat.com/errata/RHSA-2021:4118
reference_id	RHSA-2021:4118
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4118

reference_url	https://access.redhat.com/errata/RHSA-2021:5208
reference_id	RHSA-2021:5208
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5208

fixed_packages

url	pkg:alpm/archlinux/haproxy@2.4.3-1
purl	pkg:alpm/archlinux/haproxy@2.4.3-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/haproxy@2.4.3-1

aliases CVE-2021-39242

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-atwp-g4uy-3qgg

url VCID-sy71-5m1g-2yav

vulnerability_id VCID-sy71-5m1g-2yav

summary haproxy: an HTTP method name may contain a space followed by the name of a protected resource

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39241.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39241.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39241

reference_id

reference_type

scores

value	0.00444
scoring_system	epss
scoring_elements	0.63293
published_at	2026-04-01T12:55:00Z

value	0.00444
scoring_system	epss
scoring_elements	0.63422
published_at	2026-04-18T12:55:00Z

value	0.00444
scoring_system	epss
scoring_elements	0.63432
published_at	2026-04-11T12:55:00Z

value	0.00444
scoring_system	epss
scoring_elements	0.63414
published_at	2026-04-16T12:55:00Z

value	0.00444
scoring_system	epss
scoring_elements	0.63353
published_at	2026-04-02T12:55:00Z

value	0.00444
scoring_system	epss
scoring_elements	0.6338
published_at	2026-04-13T12:55:00Z

value	0.00444
scoring_system	epss
scoring_elements	0.63346
published_at	2026-04-07T12:55:00Z

value	0.00444
scoring_system	epss
scoring_elements	0.63397
published_at	2026-04-08T12:55:00Z

value	0.00444
scoring_system	epss
scoring_elements	0.63415
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39241

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39240
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39240

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39241
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39241

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39242
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39242

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1995107
reference_id	1995107
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1995107

reference_url

https://security.archlinux.org/AVG-2304

reference_id

AVG-2304

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2304

reference_url	https://access.redhat.com/errata/RHSA-2021:4118
reference_id	RHSA-2021:4118
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4118

reference_url	https://access.redhat.com/errata/RHSA-2021:5208
reference_id	RHSA-2021:5208
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5208

reference_url	https://access.redhat.com/errata/RHSA-2022:0024
reference_id	RHSA-2022:0024
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0024

reference_url	https://access.redhat.com/errata/RHSA-2022:0114
reference_id	RHSA-2022:0114
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0114

fixed_packages

url	pkg:alpm/archlinux/haproxy@2.4.3-1
purl	pkg:alpm/archlinux/haproxy@2.4.3-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/haproxy@2.4.3-1

aliases CVE-2021-39241

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sy71-5m1g-2yav

Fixing_vulnerabilities

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/haproxy@2.4.2-1

Package Instance