Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/nodejs@18.14.1-r0?arch=s390x&distroversion=v3.21&reponame=main
Typeapk
Namespacealpine
Namenodejs
Version18.14.1-r0
Qualifiers
arch s390x
distroversion v3.21
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version18.17.1-r0
Latest_non_vulnerable_version22.22.2-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-7nnu-jtjx-u3ff
vulnerability_id VCID-7nnu-jtjx-u3ff
summary Node.js: Permissions policies can be bypassed via process.mainModule
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23918.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23918.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23918
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05429
published_at 2026-04-16T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05479
published_at 2026-04-13T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05469
published_at 2026-04-07T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05505
published_at 2026-04-08T12:55:00Z
4
value 0.0002
scoring_system epss
scoring_elements 0.05526
published_at 2026-04-09T12:55:00Z
5
value 0.0002
scoring_system epss
scoring_elements 0.055
published_at 2026-04-11T12:55:00Z
6
value 0.0002
scoring_system epss
scoring_elements 0.05486
published_at 2026-04-12T12:55:00Z
7
value 0.0002
scoring_system epss
scoring_elements 0.05463
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23918
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834
reference_id 1031834
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2171935
reference_id 2171935
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2171935
5
reference_url https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
reference_id february-2023-security-releases
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T17:47:16Z/
url https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
6
reference_url https://security.netapp.com/advisory/ntap-20230316-0008/
reference_id ntap-20230316-0008
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T17:47:16Z/
url https://security.netapp.com/advisory/ntap-20230316-0008/
7
reference_url https://access.redhat.com/errata/RHSA-2023:1533
reference_id RHSA-2023:1533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1533
8
reference_url https://access.redhat.com/errata/RHSA-2023:1582
reference_id RHSA-2023:1582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1582
9
reference_url https://access.redhat.com/errata/RHSA-2023:1583
reference_id RHSA-2023:1583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1583
10
reference_url https://access.redhat.com/errata/RHSA-2023:1742
reference_id RHSA-2023:1742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1742
11
reference_url https://access.redhat.com/errata/RHSA-2023:1743
reference_id RHSA-2023:1743
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1743
12
reference_url https://access.redhat.com/errata/RHSA-2023:1744
reference_id RHSA-2023:1744
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1744
13
reference_url https://access.redhat.com/errata/RHSA-2023:2654
reference_id RHSA-2023:2654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2654
14
reference_url https://access.redhat.com/errata/RHSA-2023:2655
reference_id RHSA-2023:2655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2655
fixed_packages
0
url pkg:apk/alpine/nodejs@18.14.1-r0?arch=s390x&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/nodejs@18.14.1-r0?arch=s390x&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@18.14.1-r0%3Farch=s390x&distroversion=v3.21&reponame=main
aliases CVE-2023-23918
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7nnu-jtjx-u3ff
1
url VCID-8myg-sjwy-yqfp
vulnerability_id VCID-8myg-sjwy-yqfp
summary Node.js: OpenSSL error handling issues in nodejs crypto library
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23919.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23919.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23919
reference_id
reference_type
scores
0
value 0.00508
scoring_system epss
scoring_elements 0.66318
published_at 2026-04-16T12:55:00Z
1
value 0.0057
scoring_system epss
scoring_elements 0.68536
published_at 2026-04-07T12:55:00Z
2
value 0.0057
scoring_system epss
scoring_elements 0.68588
published_at 2026-04-13T12:55:00Z
3
value 0.0057
scoring_system epss
scoring_elements 0.68618
published_at 2026-04-12T12:55:00Z
4
value 0.0057
scoring_system epss
scoring_elements 0.6863
published_at 2026-04-11T12:55:00Z
5
value 0.0057
scoring_system epss
scoring_elements 0.68605
published_at 2026-04-09T12:55:00Z
6
value 0.0057
scoring_system epss
scoring_elements 0.68587
published_at 2026-04-08T12:55:00Z
7
value 0.00689
scoring_system epss
scoring_elements 0.71716
published_at 2026-04-02T12:55:00Z
8
value 0.00689
scoring_system epss
scoring_elements 0.71735
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23919
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834
reference_id 1031834
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834
4
reference_url https://hackerone.com/reports/1808596
reference_id 1808596
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:26:46Z/
url https://hackerone.com/reports/1808596
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2172170
reference_id 2172170
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2172170
6
reference_url https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
reference_id february-2023-security-releases
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:26:46Z/
url https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
7
reference_url https://security.netapp.com/advisory/ntap-20230316-0008/
reference_id ntap-20230316-0008
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:26:46Z/
url https://security.netapp.com/advisory/ntap-20230316-0008/
8
reference_url https://access.redhat.com/errata/RHSA-2023:1582
reference_id RHSA-2023:1582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1582
9
reference_url https://access.redhat.com/errata/RHSA-2023:1583
reference_id RHSA-2023:1583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1583
10
reference_url https://access.redhat.com/errata/RHSA-2023:2654
reference_id RHSA-2023:2654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2654
11
reference_url https://usn.ubuntu.com/6672-1/
reference_id USN-6672-1
reference_type
scores
url https://usn.ubuntu.com/6672-1/
fixed_packages
0
url pkg:apk/alpine/nodejs@18.14.1-r0?arch=s390x&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/nodejs@18.14.1-r0?arch=s390x&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@18.14.1-r0%3Farch=s390x&distroversion=v3.21&reponame=main
aliases CVE-2023-23919
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8myg-sjwy-yqfp
2
url VCID-dtvs-pgam-qkbp
vulnerability_id VCID-dtvs-pgam-qkbp
summary 
CRLF Injection in Nodejs ‘undici’ via host
Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23936.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23936.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23936
reference_id
reference_type
scores
0
value 0.00536
scoring_system epss
scoring_elements 0.67511
published_at 2026-04-16T12:55:00Z
1
value 0.00536
scoring_system epss
scoring_elements 0.67475
published_at 2026-04-13T12:55:00Z
2
value 0.00536
scoring_system epss
scoring_elements 0.67509
published_at 2026-04-12T12:55:00Z
3
value 0.00536
scoring_system epss
scoring_elements 0.67522
published_at 2026-04-11T12:55:00Z
4
value 0.00536
scoring_system epss
scoring_elements 0.67499
published_at 2026-04-09T12:55:00Z
5
value 0.00536
scoring_system epss
scoring_elements 0.67485
published_at 2026-04-08T12:55:00Z
6
value 0.00602
scoring_system epss
scoring_elements 0.69433
published_at 2026-04-07T12:55:00Z
7
value 0.00727
scoring_system epss
scoring_elements 0.72567
published_at 2026-04-02T12:55:00Z
8
value 0.00727
scoring_system epss
scoring_elements 0.72583
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23936
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/nodejs/undici
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/undici
4
reference_url https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:48Z/
url https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034
5
reference_url https://github.com/nodejs/undici/releases/tag/v5.19.1
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:48Z/
url https://github.com/nodejs/undici/releases/tag/v5.19.1
6
reference_url https://hackerone.com/reports/1820955
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:48Z/
url https://hackerone.com/reports/1820955
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031418
reference_id 1031418
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031418
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2172190
reference_id 2172190
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2172190
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-23936
reference_id CVE-2023-23936
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-23936
10
reference_url https://github.com/advisories/GHSA-5r9g-qh6m-jxff
reference_id GHSA-5r9g-qh6m-jxff
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5r9g-qh6m-jxff
11
reference_url https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff
reference_id GHSA-5r9g-qh6m-jxff
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:48Z/
url https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff
12
reference_url https://access.redhat.com/errata/RHSA-2023:1582
reference_id RHSA-2023:1582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1582
13
reference_url https://access.redhat.com/errata/RHSA-2023:1583
reference_id RHSA-2023:1583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1583
14
reference_url https://access.redhat.com/errata/RHSA-2023:2654
reference_id RHSA-2023:2654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2654
15
reference_url https://access.redhat.com/errata/RHSA-2023:2655
reference_id RHSA-2023:2655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2655
16
reference_url https://access.redhat.com/errata/RHSA-2023:5533
reference_id RHSA-2023:5533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5533
fixed_packages
0
url pkg:apk/alpine/nodejs@18.14.1-r0?arch=s390x&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/nodejs@18.14.1-r0?arch=s390x&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@18.14.1-r0%3Farch=s390x&distroversion=v3.21&reponame=main
aliases CVE-2023-23936, GHSA-5r9g-qh6m-jxff
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dtvs-pgam-qkbp
3
url VCID-hnjv-fp2r-vqfq
vulnerability_id VCID-hnjv-fp2r-vqfq
summary Node.js: insecure loading of ICU data through ICU_DATA environment variable
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23920.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23920.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23920
reference_id
reference_type
scores
0
value 0.00096
scoring_system epss
scoring_elements 0.26656
published_at 2026-04-02T12:55:00Z
1
value 0.00096
scoring_system epss
scoring_elements 0.26511
published_at 2026-04-16T12:55:00Z
2
value 0.00096
scoring_system epss
scoring_elements 0.26699
published_at 2026-04-04T12:55:00Z
3
value 0.00096
scoring_system epss
scoring_elements 0.26485
published_at 2026-04-07T12:55:00Z
4
value 0.00096
scoring_system epss
scoring_elements 0.26553
published_at 2026-04-08T12:55:00Z
5
value 0.00096
scoring_system epss
scoring_elements 0.26602
published_at 2026-04-09T12:55:00Z
6
value 0.00096
scoring_system epss
scoring_elements 0.26608
published_at 2026-04-11T12:55:00Z
7
value 0.00096
scoring_system epss
scoring_elements 0.26562
published_at 2026-04-12T12:55:00Z
8
value 0.00096
scoring_system epss
scoring_elements 0.26505
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23920
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834
reference_id 1031834
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2172217
reference_id 2172217
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2172217
6
reference_url https://www.debian.org/security/2023/dsa-5395
reference_id dsa-5395
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/
url https://www.debian.org/security/2023/dsa-5395
7
reference_url https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
reference_id february-2023-security-releases
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/
url https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
8
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html
reference_id msg00038.html
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/
url https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html
9
reference_url https://security.netapp.com/advisory/ntap-20230316-0008/
reference_id ntap-20230316-0008
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/
url https://security.netapp.com/advisory/ntap-20230316-0008/
10
reference_url https://access.redhat.com/errata/RHSA-2023:1533
reference_id RHSA-2023:1533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1533
11
reference_url https://access.redhat.com/errata/RHSA-2023:1582
reference_id RHSA-2023:1582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1582
12
reference_url https://access.redhat.com/errata/RHSA-2023:1583
reference_id RHSA-2023:1583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1583
13
reference_url https://access.redhat.com/errata/RHSA-2023:1742
reference_id RHSA-2023:1742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1742
14
reference_url https://access.redhat.com/errata/RHSA-2023:1743
reference_id RHSA-2023:1743
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1743
15
reference_url https://access.redhat.com/errata/RHSA-2023:1744
reference_id RHSA-2023:1744
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1744
16
reference_url https://access.redhat.com/errata/RHSA-2023:2654
reference_id RHSA-2023:2654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2654
17
reference_url https://access.redhat.com/errata/RHSA-2023:2655
reference_id RHSA-2023:2655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2655
18
reference_url https://access.redhat.com/errata/RHSA-2023:5533
reference_id RHSA-2023:5533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5533
19
reference_url https://usn.ubuntu.com/6672-1/
reference_id USN-6672-1
reference_type
scores
url https://usn.ubuntu.com/6672-1/
fixed_packages
0
url pkg:apk/alpine/nodejs@18.14.1-r0?arch=s390x&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/nodejs@18.14.1-r0?arch=s390x&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@18.14.1-r0%3Farch=s390x&distroversion=v3.21&reponame=main
aliases CVE-2023-23920
risk_score 1.9
exploitability 0.5
weighted_severity 3.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hnjv-fp2r-vqfq
4
url VCID-vh17-44d1-kyf7
vulnerability_id VCID-vh17-44d1-kyf7
summary 
Regular Expression Denial of Service in Headers
Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods is vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24807.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24807.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-24807
reference_id
reference_type
scores
0
value 0.00305
scoring_system epss
scoring_elements 0.53772
published_at 2026-04-16T12:55:00Z
1
value 0.00305
scoring_system epss
scoring_elements 0.53735
published_at 2026-04-13T12:55:00Z
2
value 0.00305
scoring_system epss
scoring_elements 0.53751
published_at 2026-04-12T12:55:00Z
3
value 0.00305
scoring_system epss
scoring_elements 0.53768
published_at 2026-04-11T12:55:00Z
4
value 0.00305
scoring_system epss
scoring_elements 0.5372
published_at 2026-04-09T12:55:00Z
5
value 0.00305
scoring_system epss
scoring_elements 0.53669
published_at 2026-04-07T12:55:00Z
6
value 0.00305
scoring_system epss
scoring_elements 0.53701
published_at 2026-04-04T12:55:00Z
7
value 0.00305
scoring_system epss
scoring_elements 0.53674
published_at 2026-04-02T12:55:00Z
8
value 0.00305
scoring_system epss
scoring_elements 0.53722
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-24807
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/nodejs/undici
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/undici
4
reference_url https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:28Z/
url https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf
5
reference_url https://github.com/nodejs/undici/releases/tag/v5.19.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:28Z/
url https://github.com/nodejs/undici/releases/tag/v5.19.1
6
reference_url https://hackerone.com/bugs?report_id=1784449
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:28Z/
url https://hackerone.com/bugs?report_id=1784449
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031418
reference_id 1031418
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031418
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2172204
reference_id 2172204
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2172204
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-24807
reference_id CVE-2023-24807
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-24807
10
reference_url https://github.com/advisories/GHSA-r6ch-mqf9-qc9w
reference_id GHSA-r6ch-mqf9-qc9w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r6ch-mqf9-qc9w
11
reference_url https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w
reference_id GHSA-r6ch-mqf9-qc9w
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:28Z/
url https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w
12
reference_url https://access.redhat.com/errata/RHSA-2023:1582
reference_id RHSA-2023:1582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1582
13
reference_url https://access.redhat.com/errata/RHSA-2023:1583
reference_id RHSA-2023:1583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1583
14
reference_url https://access.redhat.com/errata/RHSA-2023:2654
reference_id RHSA-2023:2654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2654
15
reference_url https://access.redhat.com/errata/RHSA-2023:2655
reference_id RHSA-2023:2655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2655
16
reference_url https://access.redhat.com/errata/RHSA-2023:5533
reference_id RHSA-2023:5533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5533
fixed_packages
0
url pkg:apk/alpine/nodejs@18.14.1-r0?arch=s390x&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/nodejs@18.14.1-r0?arch=s390x&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@18.14.1-r0%3Farch=s390x&distroversion=v3.21&reponame=main
aliases CVE-2023-24807, GHSA-r6ch-mqf9-qc9w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vh17-44d1-kyf7
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@18.14.1-r0%3Farch=s390x&distroversion=v3.21&reponame=main