Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/jenkins@2.361.2-r0?arch=aarch64&distroversion=v3.18&reponame=community
Typeapk
Namespacealpine
Namejenkins
Version2.361.2-r0
Qualifiers
arch aarch64
distroversion v3.18
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-dvyn-8phs-a3a6
vulnerability_id VCID-dvyn-8phs-a3a6
summary 
Jetty vulnerable to Invalid HTTP/2 requests that can lead to denial of service
### Description
Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread.
If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response.
If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service.

### Impact
A malicious client may render the server unresponsive.

### Patches
The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10.

### Workarounds
No workaround available within Jetty itself.
One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy)

### For more information
If you have any questions or comments about this advisory:
* Email us at security@webtide.com.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2048.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2048.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2048
reference_id
reference_type
scores
0
value 0.01287
scoring_system epss
scoring_elements 0.79667
published_at 2026-04-18T12:55:00Z
1
value 0.01287
scoring_system epss
scoring_elements 0.79637
published_at 2026-04-13T12:55:00Z
2
value 0.01287
scoring_system epss
scoring_elements 0.79644
published_at 2026-04-12T12:55:00Z
3
value 0.01287
scoring_system epss
scoring_elements 0.7966
published_at 2026-04-11T12:55:00Z
4
value 0.01287
scoring_system epss
scoring_elements 0.79639
published_at 2026-04-09T12:55:00Z
5
value 0.01287
scoring_system epss
scoring_elements 0.79631
published_at 2026-04-08T12:55:00Z
6
value 0.01287
scoring_system epss
scoring_elements 0.79603
published_at 2026-04-07T12:55:00Z
7
value 0.01287
scoring_system epss
scoring_elements 0.79616
published_at 2026-04-04T12:55:00Z
8
value 0.01287
scoring_system epss
scoring_elements 0.79593
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2048
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2047
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2047
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2048
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2048
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/eclipse/jetty.project
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project
6
reference_url https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j
7
reference_url https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2048
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2048
9
reference_url https://security.netapp.com/advisory/ntap-20220901-0006
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220901-0006
10
reference_url https://security.netapp.com/advisory/ntap-20220901-0006/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220901-0006/
11
reference_url https://www.debian.org/security/2022/dsa-5198
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5198
12
reference_url http://www.openwall.com/lists/oss-security/2022/09/09/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/09/09/2
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2116952
reference_id 2116952
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2116952
14
reference_url https://github.com/advisories/GHSA-wgmr-mf83-7x4j
reference_id GHSA-wgmr-mf83-7x4j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wgmr-mf83-7x4j
15
reference_url https://access.redhat.com/errata/RHSA-2022:8652
reference_id RHSA-2022:8652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8652
16
reference_url https://access.redhat.com/errata/RHSA-2023:0017
reference_id RHSA-2023:0017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0017
17
reference_url https://access.redhat.com/errata/RHSA-2023:0189
reference_id RHSA-2023:0189
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0189
18
reference_url https://access.redhat.com/errata/RHSA-2023:0777
reference_id RHSA-2023:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0777
19
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
fixed_packages
0
url pkg:apk/alpine/jenkins@2.361.2-r0?arch=aarch64&distroversion=v3.18&reponame=community
purl pkg:apk/alpine/jenkins@2.361.2-r0?arch=aarch64&distroversion=v3.18&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.361.2-r0%3Farch=aarch64&distroversion=v3.18&reponame=community
aliases CVE-2022-2048, GHSA-wgmr-mf83-7x4j
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dvyn-8phs-a3a6
1
url VCID-k17s-ttg2-ubgj
vulnerability_id VCID-k17s-ttg2-ubgj
summary 
Allocation of Resources Without Limits or Throttling
In spring framework versions prior to 5.3.20+, 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22971.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22971.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22971
reference_id
reference_type
scores
0
value 0.00338
scoring_system epss
scoring_elements 0.56647
published_at 2026-04-18T12:55:00Z
1
value 0.00338
scoring_system epss
scoring_elements 0.56648
published_at 2026-04-16T12:55:00Z
2
value 0.00338
scoring_system epss
scoring_elements 0.56617
published_at 2026-04-13T12:55:00Z
3
value 0.00338
scoring_system epss
scoring_elements 0.56639
published_at 2026-04-12T12:55:00Z
4
value 0.00338
scoring_system epss
scoring_elements 0.56663
published_at 2026-04-11T12:55:00Z
5
value 0.00338
scoring_system epss
scoring_elements 0.56669
published_at 2026-04-09T12:55:00Z
6
value 0.00386
scoring_system epss
scoring_elements 0.59793
published_at 2026-04-08T12:55:00Z
7
value 0.00386
scoring_system epss
scoring_elements 0.59742
published_at 2026-04-07T12:55:00Z
8
value 0.00386
scoring_system epss
scoring_elements 0.59772
published_at 2026-04-04T12:55:00Z
9
value 0.00386
scoring_system epss
scoring_elements 0.59748
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22971
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22971
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22971
3
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework
4
reference_url https://github.com/spring-projects/spring-framework/commit/159a99bbafdd6c01871228113d7042c3f83f360f
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/159a99bbafdd6c01871228113d7042c3f83f360f
5
reference_url https://github.com/spring-projects/spring-framework/commit/dc2947c52df18d5e99cad03383f7d6ba13d031fd
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/dc2947c52df18d5e99cad03383f7d6ba13d031fd
6
reference_url https://security.netapp.com/advisory/ntap-20220616-0003
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220616-0003
7
reference_url https://security.netapp.com/advisory/ntap-20220616-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220616-0003/
8
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2087274
reference_id 2087274
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2087274
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22971
reference_id CVE-2022-22971
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22971
11
reference_url https://tanzu.vmware.com/security/cve-2022-22971
reference_id CVE-2022-22971
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tanzu.vmware.com/security/cve-2022-22971
12
reference_url https://github.com/advisories/GHSA-rqph-vqwm-22vc
reference_id GHSA-rqph-vqwm-22vc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rqph-vqwm-22vc
13
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
14
reference_url https://access.redhat.com/errata/RHSA-2023:1661
reference_id RHSA-2023:1661
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1661
15
reference_url https://access.redhat.com/errata/RHSA-2023:3185
reference_id RHSA-2023:3185
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3185
fixed_packages
0
url pkg:apk/alpine/jenkins@2.361.2-r0?arch=aarch64&distroversion=v3.18&reponame=community
purl pkg:apk/alpine/jenkins@2.361.2-r0?arch=aarch64&distroversion=v3.18&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.361.2-r0%3Farch=aarch64&distroversion=v3.18&reponame=community
aliases CVE-2022-22971, GHSA-rqph-vqwm-22vc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k17s-ttg2-ubgj
2
url VCID-w6br-v2gm-j7gr
vulnerability_id VCID-w6br-v2gm-j7gr
summary 
Allocation of Resources Without Limits or Throttling
In spring framework versions prior to 5.3.20+, 5.2.22+ and old unsupported versions, applications that handle file uploads is vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22970.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22970.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22970
reference_id
reference_type
scores
0
value 0.00164
scoring_system epss
scoring_elements 0.37312
published_at 2026-04-18T12:55:00Z
1
value 0.00164
scoring_system epss
scoring_elements 0.3733
published_at 2026-04-16T12:55:00Z
2
value 0.00164
scoring_system epss
scoring_elements 0.37283
published_at 2026-04-13T12:55:00Z
3
value 0.00164
scoring_system epss
scoring_elements 0.37311
published_at 2026-04-12T12:55:00Z
4
value 0.00164
scoring_system epss
scoring_elements 0.37345
published_at 2026-04-11T12:55:00Z
5
value 0.00164
scoring_system epss
scoring_elements 0.37349
published_at 2026-04-09T12:55:00Z
6
value 0.00187
scoring_system epss
scoring_elements 0.40504
published_at 2026-04-07T12:55:00Z
7
value 0.00187
scoring_system epss
scoring_elements 0.40583
published_at 2026-04-04T12:55:00Z
8
value 0.00187
scoring_system epss
scoring_elements 0.40555
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22970
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22970
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22970
3
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework
4
reference_url https://github.com/spring-projects/spring-framework/commit/50177b1ad3485bd44239b1756f6c14607476fcf2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/50177b1ad3485bd44239b1756f6c14607476fcf2
5
reference_url https://github.com/spring-projects/spring-framework/commit/83186b689f11f5e6efe7ccc08fdeb92f66fcd583
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/83186b689f11f5e6efe7ccc08fdeb92f66fcd583
6
reference_url https://security.netapp.com/advisory/ntap-20220616-0006
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220616-0006
7
reference_url https://security.netapp.com/advisory/ntap-20220616-0006/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220616-0006/
8
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2087272
reference_id 2087272
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2087272
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22970
reference_id CVE-2022-22970
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22970
11
reference_url https://tanzu.vmware.com/security/cve-2022-22970
reference_id CVE-2022-22970
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tanzu.vmware.com/security/cve-2022-22970
12
reference_url https://github.com/advisories/GHSA-hh26-6xwr-ggv7
reference_id GHSA-hh26-6xwr-ggv7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hh26-6xwr-ggv7
13
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
14
reference_url https://access.redhat.com/errata/RHSA-2023:1661
reference_id RHSA-2023:1661
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1661
15
reference_url https://access.redhat.com/errata/RHSA-2023:3185
reference_id RHSA-2023:3185
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3185
fixed_packages
0
url pkg:apk/alpine/jenkins@2.361.2-r0?arch=aarch64&distroversion=v3.18&reponame=community
purl pkg:apk/alpine/jenkins@2.361.2-r0?arch=aarch64&distroversion=v3.18&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.361.2-r0%3Farch=aarch64&distroversion=v3.18&reponame=community
aliases CVE-2022-22970, GHSA-hh26-6xwr-ggv7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w6br-v2gm-j7gr
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.361.2-r0%3Farch=aarch64&distroversion=v3.18&reponame=community