Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/cbor2@4.1.2
Typepypi
Namespace
Namecbor2
Version4.1.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.8.0
Latest_non_vulnerable_version5.8.0
Affected_by_vulnerabilities
0
url VCID-wqk8-hznt-cbdt
vulnerability_id VCID-wqk8-hznt-cbdt
summary cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag (28) persist in memory and can be accessed by subsequent CBOR messages using the sharedref tag (29). This allows an attacker-controlled message to read data from previously decoded messages if the decoder is reused across trust boundaries. Version 5.8.0 patches the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68131.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68131.json
1
reference_url https://github.com/agronholm/cbor2
reference_id
reference_type
scores
url https://github.com/agronholm/cbor2
2
reference_url https://github.com/agronholm/cbor2/commit/f1d701cd2c411ee40bb1fe383afe7f365f35abf0
reference_id
reference_type
scores
url https://github.com/agronholm/cbor2/commit/f1d701cd2c411ee40bb1fe383afe7f365f35abf0
3
reference_url https://github.com/agronholm/cbor2/pull/268
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://github.com/agronholm/cbor2/pull/268
4
reference_url https://github.com/agronholm/cbor2/security/advisories/GHSA-wcj4-jw5j-44wh
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://github.com/agronholm/cbor2/security/advisories/GHSA-wcj4-jw5j-44wh
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2426395
reference_id 2426395
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2426395
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68131
reference_id CVE-2025-68131
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-68131
7
reference_url https://github.com/advisories/GHSA-wcj4-jw5j-44wh
reference_id GHSA-wcj4-jw5j-44wh
reference_type
scores
url https://github.com/advisories/GHSA-wcj4-jw5j-44wh
8
reference_url https://access.redhat.com/errata/RHSA-2026:10184
reference_id RHSA-2026:10184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10184
9
reference_url https://access.redhat.com/errata/RHSA-2026:5809
reference_id RHSA-2026:5809
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5809
10
reference_url https://access.redhat.com/errata/RHSA-2026:6761
reference_id RHSA-2026:6761
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6761
11
reference_url https://access.redhat.com/errata/RHSA-2026:6762
reference_id RHSA-2026:6762
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6762
fixed_packages
0
url pkg:pypi/cbor2@5.8.0
purl pkg:pypi/cbor2@5.8.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cbor2@5.8.0
aliases CVE-2025-68131, GHSA-wcj4-jw5j-44wh, PYSEC-2025-90
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wqk8-hznt-cbdt
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/cbor2@4.1.2