Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/awstats@7.8-r1?arch=x86_64&distroversion=v3.23&reponame=community

Type apk

Namespace alpine

Name awstats

Version 7.8-r1

Qualifiers

arch	x86_64
distroversion	v3.23
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version 7.9-r0

Latest_non_vulnerable_version 7.9-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-fxrv-1bju-qkgm

vulnerability_id VCID-fxrv-1bju-qkgm

summary In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35176

reference_id

reference_type

scores

value	0.00937
scoring_system	epss
scoring_elements	0.76233
published_at	2026-04-16T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76131
published_at	2026-04-01T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76135
published_at	2026-04-02T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76167
published_at	2026-04-04T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76148
published_at	2026-04-07T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.7618
published_at	2026-04-08T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76194
published_at	2026-04-12T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76218
published_at	2026-04-11T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76192
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35176

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190
reference_id	977190
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190

reference_url	https://security.archlinux.org/ASA-202103-15
reference_id	ASA-202103-15
reference_type
scores
url	https://security.archlinux.org/ASA-202103-15

reference_url

https://security.archlinux.org/AVG-1356

reference_id

AVG-1356

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1356

reference_url	https://usn.ubuntu.com/4953-1/
reference_id	USN-4953-1
reference_type
scores
url	https://usn.ubuntu.com/4953-1/

fixed_packages

url	pkg:apk/alpine/awstats@7.8-r1?arch=x86_64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/awstats@7.8-r1?arch=x86_64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/awstats@7.8-r1%3Farch=x86_64&distroversion=v3.23&reponame=community

aliases CVE-2020-35176

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fxrv-1bju-qkgm

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/awstats@7.8-r1%3Farch=x86_64&distroversion=v3.23&reponame=community

Package Instance