Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/curl@8.0.0-r0?arch=aarch64&distroversion=v3.22&reponame=main
Typeapk
Namespacealpine
Namecurl
Version8.0.0-r0
Qualifiers
arch aarch64
distroversion v3.22
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version8.1.0-r0
Latest_non_vulnerable_version8.14.1-r2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-7srk-hshe-h3f4
vulnerability_id VCID-7srk-hshe-h3f4
summary 
Improper Authentication
An authentication bypass vulnerability exists in libcurl v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27538.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27538.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27538
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.03579
published_at 2026-04-11T12:55:00Z
1
value 0.00016
scoring_system epss
scoring_elements 0.03588
published_at 2026-04-04T12:55:00Z
2
value 0.00016
scoring_system epss
scoring_elements 0.03622
published_at 2026-04-09T12:55:00Z
3
value 0.00016
scoring_system epss
scoring_elements 0.036
published_at 2026-04-08T12:55:00Z
4
value 0.00016
scoring_system epss
scoring_elements 0.03599
published_at 2026-04-07T12:55:00Z
5
value 0.00016
scoring_system epss
scoring_elements 0.03574
published_at 2026-04-02T12:55:00Z
6
value 0.00021
scoring_system epss
scoring_elements 0.05595
published_at 2026-04-13T12:55:00Z
7
value 0.00021
scoring_system epss
scoring_elements 0.05601
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27538
2
reference_url https://curl.se/docs/CVE-2023-27538.html
reference_id
reference_type
scores
0
value Low
scoring_system cvssv3.1
scoring_elements
url https://curl.se/docs/CVE-2023-27538.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27538
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27538
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/1898475
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/
url https://hackerone.com/reports/1898475
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2179103
reference_id 2179103
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2179103
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27538
reference_id CVE-2023-27538
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-27538
9
reference_url https://security.gentoo.org/glsa/202310-12
reference_id GLSA-202310-12
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/
url https://security.gentoo.org/glsa/202310-12
10
reference_url https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html
reference_id msg00025.html
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/
url https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html
11
reference_url https://security.netapp.com/advisory/ntap-20230420-0010/
reference_id ntap-20230420-0010
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/
url https://security.netapp.com/advisory/ntap-20230420-0010/
12
reference_url https://access.redhat.com/errata/RHSA-2023:6679
reference_id RHSA-2023:6679
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6679
13
reference_url https://usn.ubuntu.com/5964-1/
reference_id USN-5964-1
reference_type
scores
url https://usn.ubuntu.com/5964-1/
fixed_packages
0
url pkg:apk/alpine/curl@8.0.0-r0?arch=aarch64&distroversion=v3.22&reponame=main
purl pkg:apk/alpine/curl@8.0.0-r0?arch=aarch64&distroversion=v3.22&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.0.0-r0%3Farch=aarch64&distroversion=v3.22&reponame=main
aliases CVE-2023-27538
risk_score 3.5
exploitability 0.5
weighted_severity 6.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7srk-hshe-h3f4
1
url VCID-arjz-67yz-wkg9
vulnerability_id VCID-arjz-67yz-wkg9
summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27533.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27533.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27533
reference_id
reference_type
scores
0
value 0.00186
scoring_system epss
scoring_elements 0.40415
published_at 2026-04-13T12:55:00Z
1
value 0.00186
scoring_system epss
scoring_elements 0.40439
published_at 2026-04-02T12:55:00Z
2
value 0.00186
scoring_system epss
scoring_elements 0.40465
published_at 2026-04-04T12:55:00Z
3
value 0.00186
scoring_system epss
scoring_elements 0.40389
published_at 2026-04-07T12:55:00Z
4
value 0.00186
scoring_system epss
scoring_elements 0.4044
published_at 2026-04-08T12:55:00Z
5
value 0.00186
scoring_system epss
scoring_elements 0.40451
published_at 2026-04-09T12:55:00Z
6
value 0.00186
scoring_system epss
scoring_elements 0.40472
published_at 2026-04-11T12:55:00Z
7
value 0.00186
scoring_system epss
scoring_elements 0.40434
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27533
2
reference_url https://curl.se/docs/CVE-2023-27533.html
reference_id
reference_type
scores
0
value Low
scoring_system cvssv3.1
scoring_elements
url https://curl.se/docs/CVE-2023-27533.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27533
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27533
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/1891474
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/
url https://hackerone.com/reports/1891474
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2179062
reference_id 2179062
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2179062
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
reference_id 36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
8
reference_url https://security.gentoo.org/glsa/202310-12
reference_id GLSA-202310-12
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/
url https://security.gentoo.org/glsa/202310-12
9
reference_url https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html
reference_id msg00025.html
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/
url https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html
10
reference_url https://security.netapp.com/advisory/ntap-20230420-0011/
reference_id ntap-20230420-0011
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/
url https://security.netapp.com/advisory/ntap-20230420-0011/
11
reference_url https://access.redhat.com/errata/RHSA-2023:3354
reference_id RHSA-2023:3354
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3354
12
reference_url https://access.redhat.com/errata/RHSA-2023:3355
reference_id RHSA-2023:3355
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3355
13
reference_url https://access.redhat.com/errata/RHSA-2023:6679
reference_id RHSA-2023:6679
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6679
14
reference_url https://usn.ubuntu.com/5964-1/
reference_id USN-5964-1
reference_type
scores
url https://usn.ubuntu.com/5964-1/
15
reference_url https://usn.ubuntu.com/5964-2/
reference_id USN-5964-2
reference_type
scores
url https://usn.ubuntu.com/5964-2/
fixed_packages
0
url pkg:apk/alpine/curl@8.0.0-r0?arch=aarch64&distroversion=v3.22&reponame=main
purl pkg:apk/alpine/curl@8.0.0-r0?arch=aarch64&distroversion=v3.22&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.0.0-r0%3Farch=aarch64&distroversion=v3.22&reponame=main
aliases CVE-2023-27533
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-arjz-67yz-wkg9
2
url VCID-cbah-e86c-w3fj
vulnerability_id VCID-cbah-e86c-w3fj
summary 
Improper Authentication
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27535.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27535.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27535
reference_id
reference_type
scores
0
value 0.00065
scoring_system epss
scoring_elements 0.20236
published_at 2026-04-13T12:55:00Z
1
value 0.00065
scoring_system epss
scoring_elements 0.20386
published_at 2026-04-02T12:55:00Z
2
value 0.00065
scoring_system epss
scoring_elements 0.20446
published_at 2026-04-04T12:55:00Z
3
value 0.00065
scoring_system epss
scoring_elements 0.2017
published_at 2026-04-07T12:55:00Z
4
value 0.00065
scoring_system epss
scoring_elements 0.20251
published_at 2026-04-08T12:55:00Z
5
value 0.00065
scoring_system epss
scoring_elements 0.20311
published_at 2026-04-09T12:55:00Z
6
value 0.00065
scoring_system epss
scoring_elements 0.20341
published_at 2026-04-11T12:55:00Z
7
value 0.00065
scoring_system epss
scoring_elements 0.20295
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27535
2
reference_url https://curl.se/docs/CVE-2023-27535.html
reference_id
reference_type
scores
0
value Medium
scoring_system cvssv3.1
scoring_elements
url https://curl.se/docs/CVE-2023-27535.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27535
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27535
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/1892780
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/
url https://hackerone.com/reports/1892780
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2179073
reference_id 2179073
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2179073
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
reference_id 36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27535
reference_id CVE-2023-27535
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-27535
10
reference_url https://security.gentoo.org/glsa/202310-12
reference_id GLSA-202310-12
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/
url https://security.gentoo.org/glsa/202310-12
11
reference_url https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html
reference_id msg00025.html
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/
url https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html
12
reference_url https://security.netapp.com/advisory/ntap-20230420-0010/
reference_id ntap-20230420-0010
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/
url https://security.netapp.com/advisory/ntap-20230420-0010/
13
reference_url https://access.redhat.com/errata/RHSA-2023:2650
reference_id RHSA-2023:2650
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2650
14
reference_url https://access.redhat.com/errata/RHSA-2023:3106
reference_id RHSA-2023:3106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3106
15
reference_url https://access.redhat.com/errata/RHSA-2024:0428
reference_id RHSA-2024:0428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0428
16
reference_url https://usn.ubuntu.com/5964-1/
reference_id USN-5964-1
reference_type
scores
url https://usn.ubuntu.com/5964-1/
17
reference_url https://usn.ubuntu.com/5964-2/
reference_id USN-5964-2
reference_type
scores
url https://usn.ubuntu.com/5964-2/
fixed_packages
0
url pkg:apk/alpine/curl@8.0.0-r0?arch=aarch64&distroversion=v3.22&reponame=main
purl pkg:apk/alpine/curl@8.0.0-r0?arch=aarch64&distroversion=v3.22&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.0.0-r0%3Farch=aarch64&distroversion=v3.22&reponame=main
aliases CVE-2023-27535
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbah-e86c-w3fj
3
url VCID-ke81-x2ze-rbc5
vulnerability_id VCID-ke81-x2ze-rbc5
summary 
Double Free
A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27537.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27537.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27537
reference_id
reference_type
scores
0
value 0.00047
scoring_system epss
scoring_elements 0.14418
published_at 2026-04-07T12:55:00Z
1
value 0.00047
scoring_system epss
scoring_elements 0.14609
published_at 2026-04-04T12:55:00Z
2
value 0.00047
scoring_system epss
scoring_elements 0.14504
published_at 2026-04-08T12:55:00Z
3
value 0.00047
scoring_system epss
scoring_elements 0.14558
published_at 2026-04-09T12:55:00Z
4
value 0.00047
scoring_system epss
scoring_elements 0.14506
published_at 2026-04-11T12:55:00Z
5
value 0.00047
scoring_system epss
scoring_elements 0.14539
published_at 2026-04-02T12:55:00Z
6
value 0.00083
scoring_system epss
scoring_elements 0.24288
published_at 2026-04-13T12:55:00Z
7
value 0.00083
scoring_system epss
scoring_elements 0.24345
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27537
2
reference_url https://curl.se/docs/CVE-2023-27537.html
reference_id
reference_type
scores
0
value Low
scoring_system cvssv3.1
scoring_elements
url https://curl.se/docs/CVE-2023-27537.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://hackerone.com/reports/1897203
reference_id
reference_type
scores
url https://hackerone.com/reports/1897203
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2179097
reference_id 2179097
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2179097
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27537
reference_id CVE-2023-27537
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-27537
7
reference_url https://security.gentoo.org/glsa/202310-12
reference_id GLSA-202310-12
reference_type
scores
url https://security.gentoo.org/glsa/202310-12
fixed_packages
0
url pkg:apk/alpine/curl@8.0.0-r0?arch=aarch64&distroversion=v3.22&reponame=main
purl pkg:apk/alpine/curl@8.0.0-r0?arch=aarch64&distroversion=v3.22&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.0.0-r0%3Farch=aarch64&distroversion=v3.22&reponame=main
aliases CVE-2023-27537
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ke81-x2ze-rbc5
4
url VCID-ms2r-94ph-yyh3
vulnerability_id VCID-ms2r-94ph-yyh3
summary 
Improper Authentication
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27536.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27536.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27536
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01291
published_at 2026-04-13T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01285
published_at 2026-04-02T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.0129
published_at 2026-04-04T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01301
published_at 2026-04-07T12:55:00Z
4
value 0.00011
scoring_system epss
scoring_elements 0.01306
published_at 2026-04-08T12:55:00Z
5
value 0.00011
scoring_system epss
scoring_elements 0.0131
published_at 2026-04-09T12:55:00Z
6
value 0.00011
scoring_system epss
scoring_elements 0.01294
published_at 2026-04-11T12:55:00Z
7
value 0.00011
scoring_system epss
scoring_elements 0.01288
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27536
2
reference_url https://curl.se/docs/CVE-2023-27536.html
reference_id
reference_type
scores
0
value Low
scoring_system cvssv3.1
scoring_elements
url https://curl.se/docs/CVE-2023-27536.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27536
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27536
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/1895135
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/
url https://hackerone.com/reports/1895135
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2179092
reference_id 2179092
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2179092
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
reference_id 36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27536
reference_id CVE-2023-27536
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-27536
10
reference_url https://security.gentoo.org/glsa/202310-12
reference_id GLSA-202310-12
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/
url https://security.gentoo.org/glsa/202310-12
11
reference_url https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html
reference_id msg00025.html
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/
url https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html
12
reference_url https://security.netapp.com/advisory/ntap-20230420-0010/
reference_id ntap-20230420-0010
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/
url https://security.netapp.com/advisory/ntap-20230420-0010/
13
reference_url https://access.redhat.com/errata/RHSA-2023:4523
reference_id RHSA-2023:4523
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4523
14
reference_url https://access.redhat.com/errata/RHSA-2023:6679
reference_id RHSA-2023:6679
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6679
15
reference_url https://access.redhat.com/errata/RHSA-2024:0428
reference_id RHSA-2024:0428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0428
16
reference_url https://usn.ubuntu.com/5964-1/
reference_id USN-5964-1
reference_type
scores
url https://usn.ubuntu.com/5964-1/
17
reference_url https://usn.ubuntu.com/5964-2/
reference_id USN-5964-2
reference_type
scores
url https://usn.ubuntu.com/5964-2/
fixed_packages
0
url pkg:apk/alpine/curl@8.0.0-r0?arch=aarch64&distroversion=v3.22&reponame=main
purl pkg:apk/alpine/curl@8.0.0-r0?arch=aarch64&distroversion=v3.22&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.0.0-r0%3Farch=aarch64&distroversion=v3.22&reponame=main
aliases CVE-2023-27536
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ms2r-94ph-yyh3
5
url VCID-syz5-5y6f-s7er
vulnerability_id VCID-syz5-5y6f-s7er
summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27534.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27534.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27534
reference_id
reference_type
scores
0
value 0.00064
scoring_system epss
scoring_elements 0.19904
published_at 2026-04-13T12:55:00Z
1
value 0.00064
scoring_system epss
scoring_elements 0.20007
published_at 2026-04-11T12:55:00Z
2
value 0.00064
scoring_system epss
scoring_elements 0.19963
published_at 2026-04-12T12:55:00Z
3
value 0.00064
scoring_system epss
scoring_elements 0.20068
published_at 2026-04-02T12:55:00Z
4
value 0.00064
scoring_system epss
scoring_elements 0.20126
published_at 2026-04-04T12:55:00Z
5
value 0.00064
scoring_system epss
scoring_elements 0.19854
published_at 2026-04-07T12:55:00Z
6
value 0.00064
scoring_system epss
scoring_elements 0.19933
published_at 2026-04-08T12:55:00Z
7
value 0.00064
scoring_system epss
scoring_elements 0.19988
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27534
2
reference_url https://curl.se/docs/CVE-2023-27534.html
reference_id
reference_type
scores
0
value Low
scoring_system cvssv3.1
scoring_elements
url https://curl.se/docs/CVE-2023-27534.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27534
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27534
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/1892351
reference_id
reference_type
scores
url https://hackerone.com/reports/1892351
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2179069
reference_id 2179069
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2179069
7
reference_url https://security.gentoo.org/glsa/202310-12
reference_id GLSA-202310-12
reference_type
scores
url https://security.gentoo.org/glsa/202310-12
8
reference_url https://access.redhat.com/errata/RHSA-2023:3354
reference_id RHSA-2023:3354
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3354
9
reference_url https://access.redhat.com/errata/RHSA-2023:3355
reference_id RHSA-2023:3355
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3355
10
reference_url https://access.redhat.com/errata/RHSA-2023:6679
reference_id RHSA-2023:6679
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6679
11
reference_url https://usn.ubuntu.com/5964-1/
reference_id USN-5964-1
reference_type
scores
url https://usn.ubuntu.com/5964-1/
fixed_packages
0
url pkg:apk/alpine/curl@8.0.0-r0?arch=aarch64&distroversion=v3.22&reponame=main
purl pkg:apk/alpine/curl@8.0.0-r0?arch=aarch64&distroversion=v3.22&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.0.0-r0%3Farch=aarch64&distroversion=v3.22&reponame=main
aliases CVE-2023-27534
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-syz5-5y6f-s7er
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.0.0-r0%3Farch=aarch64&distroversion=v3.22&reponame=main