Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/py3-twisted@22.4.0-r0?arch=armhf&distroversion=v3.17&reponame=community

Type apk

Namespace alpine

Name py3-twisted

Version 22.4.0-r0

Qualifiers

arch	armhf
distroversion	v3.17
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-rzad-s8tu-47gm

vulnerability_id VCID-rzad-s8tu-47gm

summary Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24801.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24801.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-24801

reference_id

reference_type

scores

value	0.00872
scoring_system	epss
scoring_elements	0.75257
published_at	2026-04-16T12:55:00Z

value	0.00872
scoring_system	epss
scoring_elements	0.75264
published_at	2026-04-18T12:55:00Z

value	0.01051
scoring_system	epss
scoring_elements	0.77538
published_at	2026-04-09T12:55:00Z

value	0.01051
scoring_system	epss
scoring_elements	0.77546
published_at	2026-04-13T12:55:00Z

value	0.01051
scoring_system	epss
scoring_elements	0.77549
published_at	2026-04-12T12:55:00Z

value	0.01051
scoring_system	epss
scoring_elements	0.775
published_at	2026-04-07T12:55:00Z

value	0.01051
scoring_system	epss
scoring_elements	0.77529
published_at	2026-04-08T12:55:00Z

value	0.01051
scoring_system	epss
scoring_elements	0.77564
published_at	2026-04-11T12:55:00Z

value	0.01058
scoring_system	epss
scoring_elements	0.77561
published_at	2026-04-02T12:55:00Z

value	0.01058
scoring_system	epss
scoring_elements	0.77587
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-24801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24801

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2022-195.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2022-195.yaml

reference_url

https://github.com/twisted/twisted

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/twisted/twisted

reference_url

https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/

url

https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac

reference_url

https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/

url

https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1

reference_url

https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/

url

https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq

reference_url

https://lists.debian.org/debian-lts-announce/2022/05/msg00003.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/

url

https://lists.debian.org/debian-lts-announce/2022/05/msg00003.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009030
reference_id	1009030
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009030

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2073114
reference_id	2073114
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2073114

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/

reference_id

7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/

reference_url

https://security.archlinux.org/AVG-2663

reference_id

AVG-2663

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2663

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-24801

reference_id

CVE-2022-24801

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-24801

reference_url

https://github.com/advisories/GHSA-c2jg-hw38-jrqq

reference_id

GHSA-c2jg-hw38-jrqq

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c2jg-hw38-jrqq

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/

reference_id

GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/

reference_url	https://access.redhat.com/errata/RHSA-2022:1645
reference_id	RHSA-2022:1645
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1645

reference_url	https://access.redhat.com/errata/RHSA-2022:1646
reference_id	RHSA-2022:1646
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1646

reference_url	https://access.redhat.com/errata/RHSA-2022:4930
reference_id	RHSA-2022:4930
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4930

reference_url	https://usn.ubuntu.com/5576-1/
reference_id	USN-5576-1
reference_type
scores
url	https://usn.ubuntu.com/5576-1/

fixed_packages

url	pkg:apk/alpine/py3-twisted@22.4.0-r0?arch=armhf&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/py3-twisted@22.4.0-r0?arch=armhf&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/py3-twisted@22.4.0-r0%3Farch=armhf&distroversion=v3.17&reponame=community

aliases CVE-2022-24801, GHSA-c2jg-hw38-jrqq, PYSEC-2022-195

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rzad-s8tu-47gm

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/py3-twisted@22.4.0-r0%3Farch=armhf&distroversion=v3.17&reponame=community

Package Instance