Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/nodejs-current@14.11.0-r0?arch=armv7&distroversion=v3.16&reponame=community
Typeapk
Namespacealpine
Namenodejs-current
Version14.11.0-r0
Qualifiers
arch armv7
distroversion v3.16
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version15.3.0-r0
Latest_non_vulnerable_version18.9.1-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-7f2s-gt2y-uqfh
vulnerability_id VCID-7f2s-gt2y-uqfh
summary Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8201.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8201.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8201
reference_id
reference_type
scores
0
value 0.00632
scoring_system epss
scoring_elements 0.70722
published_at 2026-06-04T12:55:00Z
1
value 0.00632
scoring_system epss
scoring_elements 0.70765
published_at 2026-06-05T12:55:00Z
2
value 0.00632
scoring_system epss
scoring_elements 0.70772
published_at 2026-06-06T12:55:00Z
3
value 0.00632
scoring_system epss
scoring_elements 0.70755
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8201
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8201
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8201
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1879311
reference_id 1879311
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1879311
5
reference_url https://access.redhat.com/errata/RHSA-2020:4272
reference_id RHSA-2020:4272
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4272
6
reference_url https://access.redhat.com/errata/RHSA-2020:4903
reference_id RHSA-2020:4903
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4903
7
reference_url https://access.redhat.com/errata/RHSA-2020:5086
reference_id RHSA-2020:5086
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5086
fixed_packages
0
url pkg:apk/alpine/nodejs-current@14.11.0-r0?arch=armv7&distroversion=v3.16&reponame=community
purl pkg:apk/alpine/nodejs-current@14.11.0-r0?arch=armv7&distroversion=v3.16&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs-current@14.11.0-r0%3Farch=armv7&distroversion=v3.16&reponame=community
aliases CVE-2020-8201
risk_score 3.4
exploitability 0.5
weighted_severity 6.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7f2s-gt2y-uqfh
1
url VCID-envv-wdwc-37eq
vulnerability_id VCID-envv-wdwc-37eq
summary Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8251.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8251.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8251
reference_id
reference_type
scores
0
value 0.04991
scoring_system epss
scoring_elements 0.89875
published_at 2026-06-04T12:55:00Z
1
value 0.04991
scoring_system epss
scoring_elements 0.89891
published_at 2026-06-06T12:55:00Z
2
value 0.04991
scoring_system epss
scoring_elements 0.89889
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8251
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1879314
reference_id 1879314
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1879314
fixed_packages
0
url pkg:apk/alpine/nodejs-current@14.11.0-r0?arch=armv7&distroversion=v3.16&reponame=community
purl pkg:apk/alpine/nodejs-current@14.11.0-r0?arch=armv7&distroversion=v3.16&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs-current@14.11.0-r0%3Farch=armv7&distroversion=v3.16&reponame=community
aliases CVE-2020-8251
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-envv-wdwc-37eq
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs-current@14.11.0-r0%3Farch=armv7&distroversion=v3.16&reponame=community