Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/avro@1.4.1

Type pypi

Namespace

Name avro

Version 1.4.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.11.3

Latest_non_vulnerable_version 1.11.3

Affected_by_vulnerabilities

url VCID-6yqn-2w2d-3yd3

vulnerability_id VCID-6yqn-2w2d-3yd3

summary

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.

This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2.  Users should update to apache-avro version 1.11.3 which addresses this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39410.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39410.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-39410

reference_id

reference_type

scores

value	0.00061
scoring_system	epss
scoring_elements	0.18951
published_at	2026-04-18T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18938
published_at	2026-04-16T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18984
published_at	2026-04-13T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19036
published_at	2026-04-12T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19082
published_at	2026-04-11T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19175
published_at	2026-04-02T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19227
published_at	2026-04-04T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18943
published_at	2026-04-07T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19077
published_at	2026-04-09T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19023
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-39410

reference_url

https://github.com/apache/avro

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/avro

reference_url

https://github.com/apache/avro/commit/a12a7e44ddbe060c3dc731863cad5c15f9267828

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/avro/commit/a12a7e44ddbe060c3dc731863cad5c15f9267828

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/avro/PYSEC-2023-188.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/avro/PYSEC-2023-188.yaml

reference_url

https://issues.apache.org/jira/browse/AVRO-3819

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/AVRO-3819

reference_url

https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:07:20Z/

url

https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds

reference_url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_url

https://www.openwall.com/lists/oss-security/2023/09/29/6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:07:20Z/

url

https://www.openwall.com/lists/oss-security/2023/09/29/6

reference_url

http://www.openwall.com/lists/oss-security/2023/09/29/6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2023/09/29/6

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2242521
reference_id	2242521
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2242521

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-39410

reference_id

CVE-2023-39410

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-39410

reference_url

https://github.com/advisories/GHSA-rhrv-645h-fjfh

reference_id

GHSA-rhrv-645h-fjfh

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rhrv-645h-fjfh

reference_url	https://access.redhat.com/errata/RHSA-2023:7617
reference_id	RHSA-2023:7617
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7617

fixed_packages

url	pkg:pypi/avro@1.11.3
purl	pkg:pypi/avro@1.11.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/avro@1.11.3

aliases CVE-2023-39410, GHSA-rhrv-645h-fjfh, PYSEC-2023-188

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6yqn-2w2d-3yd3

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/avro@1.4.1

Package Instance