Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/apache2@2.4.58-r0?arch=armhf&distroversion=v3.17&reponame=main
Typeapk
Namespacealpine
Nameapache2
Version2.4.58-r0
Qualifiers
arch armhf
distroversion v3.17
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.4.59-r0
Latest_non_vulnerable_version2.4.62-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-b68y-4prb-bfdk
vulnerability_id VCID-b68y-4prb-bfdk
summary Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31122.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31122.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-31122
reference_id
reference_type
scores
0
value 0.0043
scoring_system epss
scoring_elements 0.6251
published_at 2026-04-02T12:55:00Z
1
value 0.0043
scoring_system epss
scoring_elements 0.62559
published_at 2026-04-13T12:55:00Z
2
value 0.0043
scoring_system epss
scoring_elements 0.62543
published_at 2026-04-04T12:55:00Z
3
value 0.0043
scoring_system epss
scoring_elements 0.62508
published_at 2026-04-07T12:55:00Z
4
value 0.0043
scoring_system epss
scoring_elements 0.6256
published_at 2026-04-08T12:55:00Z
5
value 0.0043
scoring_system epss
scoring_elements 0.62575
published_at 2026-04-09T12:55:00Z
6
value 0.0043
scoring_system epss
scoring_elements 0.62593
published_at 2026-04-11T12:55:00Z
7
value 0.0043
scoring_system epss
scoring_elements 0.62582
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-31122
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2245332
reference_id 2245332
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2245332
10
reference_url https://httpd.apache.org/security/json/CVE-2023-31122.json
reference_id CVE-2023-31122
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2023-31122.json
11
reference_url https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html
reference_id msg00013.html
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T20:23:50Z/
url https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html
12
reference_url https://security.netapp.com/advisory/ntap-20231027-0011/
reference_id ntap-20231027-0011
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T20:23:50Z/
url https://security.netapp.com/advisory/ntap-20231027-0011/
13
reference_url https://access.redhat.com/errata/RHSA-2024:1316
reference_id RHSA-2024:1316
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1316
14
reference_url https://access.redhat.com/errata/RHSA-2024:1317
reference_id RHSA-2024:1317
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1317
15
reference_url https://access.redhat.com/errata/RHSA-2024:2278
reference_id RHSA-2024:2278
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2278
16
reference_url https://access.redhat.com/errata/RHSA-2024:3121
reference_id RHSA-2024:3121
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3121
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/
reference_id TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T20:23:50Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/
18
reference_url https://usn.ubuntu.com/6506-1/
reference_id USN-6506-1
reference_type
scores
url https://usn.ubuntu.com/6506-1/
19
reference_url https://usn.ubuntu.com/6510-1/
reference_id USN-6510-1
reference_type
scores
url https://usn.ubuntu.com/6510-1/
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/
reference_id VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T20:23:50Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/
reference_id ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T20:23:50Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/
fixed_packages
0
url pkg:apk/alpine/apache2@2.4.58-r0?arch=armhf&distroversion=v3.17&reponame=main
purl pkg:apk/alpine/apache2@2.4.58-r0?arch=armhf&distroversion=v3.17&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apache2@2.4.58-r0%3Farch=armhf&distroversion=v3.17&reponame=main
aliases CVE-2023-31122
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b68y-4prb-bfdk
1
url VCID-kkuy-1j91-9bb2
vulnerability_id VCID-kkuy-1j91-9bb2
summary 
When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.

This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.

Users are recommended to upgrade to version 2.4.58, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45802.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45802.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-45802
reference_id
reference_type
scores
0
value 0.01741
scoring_system epss
scoring_elements 0.82453
published_at 2026-04-02T12:55:00Z
1
value 0.01741
scoring_system epss
scoring_elements 0.82511
published_at 2026-04-13T12:55:00Z
2
value 0.01741
scoring_system epss
scoring_elements 0.8252
published_at 2026-04-11T12:55:00Z
3
value 0.01741
scoring_system epss
scoring_elements 0.82516
published_at 2026-04-12T12:55:00Z
4
value 0.01741
scoring_system epss
scoring_elements 0.82471
published_at 2026-04-04T12:55:00Z
5
value 0.01741
scoring_system epss
scoring_elements 0.82467
published_at 2026-04-07T12:55:00Z
6
value 0.01741
scoring_system epss
scoring_elements 0.82495
published_at 2026-04-08T12:55:00Z
7
value 0.01741
scoring_system epss
scoring_elements 0.82501
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-45802
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2243877
reference_id 2243877
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2243877
10
reference_url https://httpd.apache.org/security/json/CVE-2023-45802.json
reference_id CVE-2023-45802
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2023-45802.json
11
reference_url https://access.redhat.com/errata/RHSA-2023:7625
reference_id RHSA-2023:7625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7625
12
reference_url https://access.redhat.com/errata/RHSA-2023:7626
reference_id RHSA-2023:7626
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7626
13
reference_url https://access.redhat.com/errata/RHSA-2024:2368
reference_id RHSA-2024:2368
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2368
14
reference_url https://access.redhat.com/errata/RHSA-2024:2891
reference_id RHSA-2024:2891
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2891
15
reference_url https://access.redhat.com/errata/RHSA-2024:3121
reference_id RHSA-2024:3121
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3121
16
reference_url https://usn.ubuntu.com/6506-1/
reference_id USN-6506-1
reference_type
scores
url https://usn.ubuntu.com/6506-1/
fixed_packages
0
url pkg:apk/alpine/apache2@2.4.58-r0?arch=armhf&distroversion=v3.17&reponame=main
purl pkg:apk/alpine/apache2@2.4.58-r0?arch=armhf&distroversion=v3.17&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apache2@2.4.58-r0%3Farch=armhf&distroversion=v3.17&reponame=main
aliases CVE-2023-45802
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kkuy-1j91-9bb2
2
url VCID-xnfs-bpwj-3ycp
vulnerability_id VCID-xnfs-bpwj-3ycp
summary 
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern.
This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout.

This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57.

Users are recommended to upgrade to version 2.4.58, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43622.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43622.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43622
reference_id
reference_type
scores
0
value 0.59064
scoring_system epss
scoring_elements 0.98216
published_at 2026-04-02T12:55:00Z
1
value 0.61258
scoring_system epss
scoring_elements 0.98318
published_at 2026-04-13T12:55:00Z
2
value 0.61258
scoring_system epss
scoring_elements 0.98307
published_at 2026-04-04T12:55:00Z
3
value 0.61258
scoring_system epss
scoring_elements 0.98309
published_at 2026-04-07T12:55:00Z
4
value 0.61258
scoring_system epss
scoring_elements 0.98314
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43622
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2245153
reference_id 2245153
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2245153
10
reference_url https://httpd.apache.org/security/json/CVE-2023-43622.json
reference_id CVE-2023-43622
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2023-43622.json
11
reference_url https://security.netapp.com/advisory/ntap-20231027-0011/
reference_id ntap-20231027-0011
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T16:02:28Z/
url https://security.netapp.com/advisory/ntap-20231027-0011/
12
reference_url https://access.redhat.com/errata/RHSA-2024:2368
reference_id RHSA-2024:2368
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2368
13
reference_url https://usn.ubuntu.com/6506-1/
reference_id USN-6506-1
reference_type
scores
url https://usn.ubuntu.com/6506-1/
fixed_packages
0
url pkg:apk/alpine/apache2@2.4.58-r0?arch=armhf&distroversion=v3.17&reponame=main
purl pkg:apk/alpine/apache2@2.4.58-r0?arch=armhf&distroversion=v3.17&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apache2@2.4.58-r0%3Farch=armhf&distroversion=v3.17&reponame=main
aliases CVE-2023-43622
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xnfs-bpwj-3ycp
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/apache2@2.4.58-r0%3Farch=armhf&distroversion=v3.17&reponame=main