Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/curl@8.0.0-r0?arch=armhf&distroversion=v3.22&reponame=main

Type apk

Namespace alpine

Name curl

Version 8.0.0-r0

Qualifiers

arch	armhf
distroversion	v3.22
reponame	main

Subpath

Is_vulnerable false

Next_non_vulnerable_version 8.1.0-r0

Latest_non_vulnerable_version 8.14.1-r2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1zsv-4jdy-63en

vulnerability_id VCID-1zsv-4jdy-63en

summary

Improper Authentication
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27536.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27536.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-27536

reference_id

reference_type

scores

value	0.00011
scoring_system	epss
scoring_elements	0.01404
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-27536

reference_url

https://curl.se/docs/CVE-2023-27536.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-27536.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27536
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27536

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1895135

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/

url

https://hackerone.com/reports/1895135

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2179092
reference_id	2179092
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2179092

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_id

36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-27536
reference_id	CVE-2023-27536
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-27536

reference_url

https://security.gentoo.org/glsa/202310-12

reference_id

GLSA-202310-12

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/

url

https://security.gentoo.org/glsa/202310-12

reference_url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_id

msg00025.html

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20230420-0010/

reference_id

ntap-20230420-0010

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/

url

https://security.netapp.com/advisory/ntap-20230420-0010/

reference_url	https://access.redhat.com/errata/RHSA-2023:4523
reference_id	RHSA-2023:4523
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4523

reference_url	https://access.redhat.com/errata/RHSA-2023:6679
reference_id	RHSA-2023:6679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6679

reference_url	https://access.redhat.com/errata/RHSA-2024:0428
reference_id	RHSA-2024:0428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0428

reference_url	https://usn.ubuntu.com/5964-1/
reference_id	USN-5964-1
reference_type
scores
url	https://usn.ubuntu.com/5964-1/

reference_url	https://usn.ubuntu.com/5964-2/
reference_id	USN-5964-2
reference_type
scores
url	https://usn.ubuntu.com/5964-2/

fixed_packages

url	pkg:apk/alpine/curl@8.0.0-r0?arch=armhf&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/curl@8.0.0-r0?arch=armhf&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.0.0-r0%3Farch=armhf&distroversion=v3.22&reponame=main

aliases CVE-2023-27536

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1zsv-4jdy-63en

url VCID-azcz-b8f2-63be

vulnerability_id VCID-azcz-b8f2-63be

summary A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27533.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27533.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-27533

reference_id

reference_type

scores

value	0.00179
scoring_system	epss
scoring_elements	0.39261
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-27533

reference_url

https://curl.se/docs/CVE-2023-27533.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-27533.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27533
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27533

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1891474

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/

url

https://hackerone.com/reports/1891474

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2179062
reference_id	2179062
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2179062

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_id

36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_url

https://security.gentoo.org/glsa/202310-12

reference_id

GLSA-202310-12

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/

url

https://security.gentoo.org/glsa/202310-12

reference_url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_id

msg00025.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20230420-0011/

reference_id

ntap-20230420-0011

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/

url

https://security.netapp.com/advisory/ntap-20230420-0011/

reference_url	https://access.redhat.com/errata/RHSA-2023:3354
reference_id	RHSA-2023:3354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3354

reference_url	https://access.redhat.com/errata/RHSA-2023:3355
reference_id	RHSA-2023:3355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3355

reference_url	https://access.redhat.com/errata/RHSA-2023:6679
reference_id	RHSA-2023:6679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6679

reference_url	https://usn.ubuntu.com/5964-1/
reference_id	USN-5964-1
reference_type
scores
url	https://usn.ubuntu.com/5964-1/

reference_url	https://usn.ubuntu.com/5964-2/
reference_id	USN-5964-2
reference_type
scores
url	https://usn.ubuntu.com/5964-2/

fixed_packages

url	pkg:apk/alpine/curl@8.0.0-r0?arch=armhf&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/curl@8.0.0-r0?arch=armhf&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.0.0-r0%3Farch=armhf&distroversion=v3.22&reponame=main

aliases CVE-2023-27533

risk_score 1.9

exploitability 0.5

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-azcz-b8f2-63be

url VCID-bx2m-n5ft-3be8

vulnerability_id VCID-bx2m-n5ft-3be8

summary

Improper Authentication
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27535.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27535.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-27535

reference_id

reference_type

scores

value	0.00036
scoring_system	epss
scoring_elements	0.11244
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-27535

reference_url

https://curl.se/docs/CVE-2023-27535.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-27535.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27535
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27535

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1892780

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/

url

https://hackerone.com/reports/1892780

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2179073
reference_id	2179073
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2179073

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_id

36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-27535
reference_id	CVE-2023-27535
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-27535

reference_url

https://security.gentoo.org/glsa/202310-12

reference_id

GLSA-202310-12

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/

url

https://security.gentoo.org/glsa/202310-12

reference_url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_id

msg00025.html

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20230420-0010/

reference_id

ntap-20230420-0010

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/

url

https://security.netapp.com/advisory/ntap-20230420-0010/

reference_url	https://access.redhat.com/errata/RHSA-2023:2650
reference_id	RHSA-2023:2650
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2650

reference_url	https://access.redhat.com/errata/RHSA-2023:3106
reference_id	RHSA-2023:3106
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3106

reference_url	https://access.redhat.com/errata/RHSA-2024:0428
reference_id	RHSA-2024:0428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0428

reference_url	https://usn.ubuntu.com/5964-1/
reference_id	USN-5964-1
reference_type
scores
url	https://usn.ubuntu.com/5964-1/

reference_url	https://usn.ubuntu.com/5964-2/
reference_id	USN-5964-2
reference_type
scores
url	https://usn.ubuntu.com/5964-2/

fixed_packages

url	pkg:apk/alpine/curl@8.0.0-r0?arch=armhf&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/curl@8.0.0-r0?arch=armhf&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.0.0-r0%3Farch=armhf&distroversion=v3.22&reponame=main

aliases CVE-2023-27535

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bx2m-n5ft-3be8

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.0.0-r0%3Farch=armhf&distroversion=v3.22&reponame=main

Package Instance