Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/mbedtls@3.6.1-r0?arch=x86&distroversion=v3.23&reponame=main
Typeapk
Namespacealpine
Namembedtls
Version3.6.1-r0
Qualifiers
arch x86
distroversion v3.23
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.6.2-r0
Latest_non_vulnerable_version3.6.6-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-33uw-hd5z-g7dq
vulnerability_id VCID-33uw-hd5z-g7dq
summary An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45158
reference_id
reference_type
scores
0
value 0.00681
scoring_system epss
scoring_elements 0.7168
published_at 2026-04-24T12:55:00Z
1
value 0.00681
scoring_system epss
scoring_elements 0.71609
published_at 2026-04-09T12:55:00Z
2
value 0.00681
scoring_system epss
scoring_elements 0.71632
published_at 2026-04-11T12:55:00Z
3
value 0.00681
scoring_system epss
scoring_elements 0.71616
published_at 2026-04-12T12:55:00Z
4
value 0.00681
scoring_system epss
scoring_elements 0.71643
published_at 2026-04-16T12:55:00Z
5
value 0.00681
scoring_system epss
scoring_elements 0.71647
published_at 2026-04-18T12:55:00Z
6
value 0.00681
scoring_system epss
scoring_elements 0.7163
published_at 2026-04-21T12:55:00Z
7
value 0.00681
scoring_system epss
scoring_elements 0.71568
published_at 2026-04-02T12:55:00Z
8
value 0.00681
scoring_system epss
scoring_elements 0.71585
published_at 2026-04-04T12:55:00Z
9
value 0.00681
scoring_system epss
scoring_elements 0.71558
published_at 2026-04-07T12:55:00Z
10
value 0.00681
scoring_system epss
scoring_elements 0.71598
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45158
1
reference_url https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/
reference_id mbedtls-security-advisory-2024-08-2
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-06T18:15:25Z/
url https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/
2
reference_url https://github.com/Mbed-TLS/mbedtls/releases/
reference_id releases
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-06T18:15:25Z/
url https://github.com/Mbed-TLS/mbedtls/releases/
3
reference_url https://mbed-tls.readthedocs.io/en/latest/security-advisories/
reference_id security-advisories
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-06T18:15:25Z/
url https://mbed-tls.readthedocs.io/en/latest/security-advisories/
fixed_packages
0
url pkg:apk/alpine/mbedtls@3.6.1-r0?arch=x86&distroversion=v3.23&reponame=main
purl pkg:apk/alpine/mbedtls@3.6.1-r0?arch=x86&distroversion=v3.23&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.1-r0%3Farch=x86&distroversion=v3.23&reponame=main
aliases CVE-2024-45158
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-33uw-hd5z-g7dq
1
url VCID-4sbv-dqyv-6baw
vulnerability_id VCID-4sbv-dqyv-6baw
summary An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45157
reference_id
reference_type
scores
0
value 0.00163
scoring_system epss
scoring_elements 0.36989
published_at 2026-04-24T12:55:00Z
1
value 0.00163
scoring_system epss
scoring_elements 0.37299
published_at 2026-04-11T12:55:00Z
2
value 0.00163
scoring_system epss
scoring_elements 0.37266
published_at 2026-04-12T12:55:00Z
3
value 0.00163
scoring_system epss
scoring_elements 0.37238
published_at 2026-04-13T12:55:00Z
4
value 0.00163
scoring_system epss
scoring_elements 0.37284
published_at 2026-04-16T12:55:00Z
5
value 0.00163
scoring_system epss
scoring_elements 0.37267
published_at 2026-04-18T12:55:00Z
6
value 0.00163
scoring_system epss
scoring_elements 0.37213
published_at 2026-04-21T12:55:00Z
7
value 0.00163
scoring_system epss
scoring_elements 0.3737
published_at 2026-04-02T12:55:00Z
8
value 0.00163
scoring_system epss
scoring_elements 0.37396
published_at 2026-04-04T12:55:00Z
9
value 0.00163
scoring_system epss
scoring_elements 0.37224
published_at 2026-04-07T12:55:00Z
10
value 0.00163
scoring_system epss
scoring_elements 0.37275
published_at 2026-04-08T12:55:00Z
11
value 0.00163
scoring_system epss
scoring_elements 0.37289
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45157
1
reference_url https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-1/
reference_id mbedtls-security-advisory-2024-08-1
reference_type
scores
0
value 5.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:29:47Z/
url https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-1/
2
reference_url https://github.com/Mbed-TLS/mbedtls/releases/
reference_id releases
reference_type
scores
0
value 5.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:29:47Z/
url https://github.com/Mbed-TLS/mbedtls/releases/
3
reference_url https://mbed-tls.readthedocs.io/en/latest/security-advisories/
reference_id security-advisories
reference_type
scores
0
value 5.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:29:47Z/
url https://mbed-tls.readthedocs.io/en/latest/security-advisories/
fixed_packages
0
url pkg:apk/alpine/mbedtls@3.6.1-r0?arch=x86&distroversion=v3.23&reponame=main
purl pkg:apk/alpine/mbedtls@3.6.1-r0?arch=x86&distroversion=v3.23&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.1-r0%3Farch=x86&distroversion=v3.23&reponame=main
aliases CVE-2024-45157
risk_score 2.3
exploitability 0.5
weighted_severity 4.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4sbv-dqyv-6baw
2
url VCID-mxn3-8deq-t3a1
vulnerability_id VCID-mxn3-8deq-t3a1
summary An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtls_ssl_get_verify_result() would incorrectly have the MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits clear. As a result, an attacker that had a certificate valid for uses other than TLS client authentication would nonetheless be able to use it for TLS client authentication. Only TLS 1.3 servers were affected, and only with optional authentication (with required authentication, the handshake would be aborted with a fatal alert).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45159
reference_id
reference_type
scores
0
value 0.00575
scoring_system epss
scoring_elements 0.68835
published_at 2026-04-24T12:55:00Z
1
value 0.00575
scoring_system epss
scoring_elements 0.68799
published_at 2026-04-11T12:55:00Z
2
value 0.00575
scoring_system epss
scoring_elements 0.68785
published_at 2026-04-12T12:55:00Z
3
value 0.00575
scoring_system epss
scoring_elements 0.68756
published_at 2026-04-13T12:55:00Z
4
value 0.00575
scoring_system epss
scoring_elements 0.68797
published_at 2026-04-16T12:55:00Z
5
value 0.00575
scoring_system epss
scoring_elements 0.68808
published_at 2026-04-18T12:55:00Z
6
value 0.00575
scoring_system epss
scoring_elements 0.68786
published_at 2026-04-21T12:55:00Z
7
value 0.00575
scoring_system epss
scoring_elements 0.68708
published_at 2026-04-02T12:55:00Z
8
value 0.00575
scoring_system epss
scoring_elements 0.68727
published_at 2026-04-04T12:55:00Z
9
value 0.00575
scoring_system epss
scoring_elements 0.68705
published_at 2026-04-07T12:55:00Z
10
value 0.00575
scoring_system epss
scoring_elements 0.68757
published_at 2026-04-08T12:55:00Z
11
value 0.00575
scoring_system epss
scoring_elements 0.68776
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45159
1
reference_url https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-3/
reference_id mbedtls-security-advisory-2024-08-3
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:17:13Z/
url https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-3/
2
reference_url https://github.com/Mbed-TLS/mbedtls/releases/
reference_id releases
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:17:13Z/
url https://github.com/Mbed-TLS/mbedtls/releases/
3
reference_url https://mbed-tls.readthedocs.io/en/latest/security-advisories/
reference_id security-advisories
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:17:13Z/
url https://mbed-tls.readthedocs.io/en/latest/security-advisories/
fixed_packages
0
url pkg:apk/alpine/mbedtls@3.6.1-r0?arch=x86&distroversion=v3.23&reponame=main
purl pkg:apk/alpine/mbedtls@3.6.1-r0?arch=x86&distroversion=v3.23&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.1-r0%3Farch=x86&distroversion=v3.23&reponame=main
aliases CVE-2024-45159
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mxn3-8deq-t3a1
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.1-r0%3Farch=x86&distroversion=v3.23&reponame=main