Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/curl@8.0.1-r0?arch=armv7&distroversion=v3.14&reponame=main

Type apk

Namespace alpine

Name curl

Version 8.0.1-r0

Qualifiers

arch	armv7
distroversion	v3.14
reponame	main

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-bx2m-n5ft-3be8

vulnerability_id VCID-bx2m-n5ft-3be8

summary

Improper Authentication
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27535.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27535.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-27535

reference_id

reference_type

scores

value	0.00036
scoring_system	epss
scoring_elements	0.11244
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-27535

reference_url

https://curl.se/docs/CVE-2023-27535.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-27535.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27535
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27535

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1892780

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/

url

https://hackerone.com/reports/1892780

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2179073
reference_id	2179073
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2179073

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_id

36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-27535
reference_id	CVE-2023-27535
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-27535

reference_url

https://security.gentoo.org/glsa/202310-12

reference_id

GLSA-202310-12

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/

url

https://security.gentoo.org/glsa/202310-12

reference_url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_id

msg00025.html

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20230420-0010/

reference_id

ntap-20230420-0010

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/

url

https://security.netapp.com/advisory/ntap-20230420-0010/

reference_url	https://access.redhat.com/errata/RHSA-2023:2650
reference_id	RHSA-2023:2650
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2650

reference_url	https://access.redhat.com/errata/RHSA-2023:3106
reference_id	RHSA-2023:3106
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3106

reference_url	https://access.redhat.com/errata/RHSA-2024:0428
reference_id	RHSA-2024:0428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0428

reference_url	https://usn.ubuntu.com/5964-1/
reference_id	USN-5964-1
reference_type
scores
url	https://usn.ubuntu.com/5964-1/

reference_url	https://usn.ubuntu.com/5964-2/
reference_id	USN-5964-2
reference_type
scores
url	https://usn.ubuntu.com/5964-2/

fixed_packages

url	pkg:apk/alpine/curl@8.0.1-r0?arch=armv7&distroversion=v3.14&reponame=main
purl	pkg:apk/alpine/curl@8.0.1-r0?arch=armv7&distroversion=v3.14&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.0.1-r0%3Farch=armv7&distroversion=v3.14&reponame=main

aliases CVE-2023-27535

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bx2m-n5ft-3be8

url VCID-gueb-wzpx-ufb2

vulnerability_id VCID-gueb-wzpx-ufb2

summary

Improper Authentication
An authentication bypass vulnerability exists in libcurl v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27538.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27538.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-27538

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01683
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-27538

reference_url

https://curl.se/docs/CVE-2023-27538.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-27538.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27538

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1898475

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/

url

https://hackerone.com/reports/1898475

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2179103
reference_id	2179103
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2179103

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-27538
reference_id	CVE-2023-27538
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-27538

reference_url

https://security.gentoo.org/glsa/202310-12

reference_id

GLSA-202310-12

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/

url

https://security.gentoo.org/glsa/202310-12

reference_url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_id

msg00025.html

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20230420-0010/

reference_id

ntap-20230420-0010

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/

url

https://security.netapp.com/advisory/ntap-20230420-0010/

reference_url	https://access.redhat.com/errata/RHSA-2023:6679
reference_id	RHSA-2023:6679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6679

reference_url	https://usn.ubuntu.com/5964-1/
reference_id	USN-5964-1
reference_type
scores
url	https://usn.ubuntu.com/5964-1/

fixed_packages

url	pkg:apk/alpine/curl@8.0.1-r0?arch=armv7&distroversion=v3.14&reponame=main
purl	pkg:apk/alpine/curl@8.0.1-r0?arch=armv7&distroversion=v3.14&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.0.1-r0%3Farch=armv7&distroversion=v3.14&reponame=main

aliases CVE-2023-27538

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gueb-wzpx-ufb2

url VCID-kvmd-97y1-tbcz

vulnerability_id VCID-kvmd-97y1-tbcz

summary

Double Free
A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27537.json

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27537.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-27537

reference_id

reference_type

scores

value	0.00071
scoring_system	epss
scoring_elements	0.21929
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-27537

reference_url

https://curl.se/docs/CVE-2023-27537.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-27537.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/1897203
reference_id
reference_type
scores
url	https://hackerone.com/reports/1897203

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2179097
reference_id	2179097
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2179097

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-27537
reference_id	CVE-2023-27537
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-27537

reference_url	https://security.gentoo.org/glsa/202310-12
reference_id	GLSA-202310-12
reference_type
scores
url	https://security.gentoo.org/glsa/202310-12

fixed_packages

url	pkg:apk/alpine/curl@8.0.1-r0?arch=armv7&distroversion=v3.14&reponame=main
purl	pkg:apk/alpine/curl@8.0.1-r0?arch=armv7&distroversion=v3.14&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.0.1-r0%3Farch=armv7&distroversion=v3.14&reponame=main

aliases CVE-2023-27537

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kvmd-97y1-tbcz

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.0.1-r0%3Farch=armv7&distroversion=v3.14&reponame=main

Package Instance