Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/py3-werkzeug@2.3.7-r0?arch=armhf&distroversion=v3.21&reponame=community
Typeapk
Namespacealpine
Namepy3-werkzeug
Version2.3.7-r0
Qualifiers
arch armhf
distroversion v3.21
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.0.6-r0
Latest_non_vulnerable_version3.0.6-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-bxfr-hpkh-cyby
vulnerability_id VCID-bxfr-hpkh-cyby
summary Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46136.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46136.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46136
reference_id
reference_type
scores
0
value 0.00555
scoring_system epss
scoring_elements 0.68063
published_at 2026-04-02T12:55:00Z
1
value 0.00573
scoring_system epss
scoring_elements 0.68716
published_at 2026-04-21T12:55:00Z
2
value 0.00622
scoring_system epss
scoring_elements 0.70096
published_at 2026-04-13T12:55:00Z
3
value 0.00622
scoring_system epss
scoring_elements 0.70109
published_at 2026-04-12T12:55:00Z
4
value 0.00622
scoring_system epss
scoring_elements 0.70123
published_at 2026-04-11T12:55:00Z
5
value 0.00622
scoring_system epss
scoring_elements 0.70149
published_at 2026-04-18T12:55:00Z
6
value 0.00622
scoring_system epss
scoring_elements 0.70139
published_at 2026-04-16T12:55:00Z
7
value 0.00622
scoring_system epss
scoring_elements 0.701
published_at 2026-04-09T12:55:00Z
8
value 0.00622
scoring_system epss
scoring_elements 0.70059
published_at 2026-04-04T12:55:00Z
9
value 0.00622
scoring_system epss
scoring_elements 0.70036
published_at 2026-04-07T12:55:00Z
10
value 0.00622
scoring_system epss
scoring_elements 0.70084
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46136
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/pallets/werkzeug
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug
4
reference_url https://github.com/pallets/werkzeug/commit/b1916c0c083e0be1c9d887ee2f3d696922bfc5c1
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/commit/b1916c0c083e0be1c9d887ee2f3d696922bfc5c1
5
reference_url https://github.com/pallets/werkzeug/commit/f2300208d5e2a5076cbbb4c2aad71096fd040ef9
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/commit/f2300208d5e2a5076cbbb4c2aad71096fd040ef9
6
reference_url https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2
7
reference_url https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-221.yaml
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-221.yaml
9
reference_url https://security.netapp.com/advisory/ntap-20231124-0008
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231124-0008
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054553
reference_id 1054553
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054553
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2246310
reference_id 2246310
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2246310
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46136
reference_id CVE-2023-46136
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46136
13
reference_url https://github.com/advisories/GHSA-hrfv-mqp8-q5rw
reference_id GHSA-hrfv-mqp8-q5rw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hrfv-mqp8-q5rw
14
reference_url https://access.redhat.com/errata/RHSA-2023:7473
reference_id RHSA-2023:7473
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7473
15
reference_url https://access.redhat.com/errata/RHSA-2023:7477
reference_id RHSA-2023:7477
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7477
16
reference_url https://access.redhat.com/errata/RHSA-2023:7610
reference_id RHSA-2023:7610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7610
17
reference_url https://access.redhat.com/errata/RHSA-2024:0189
reference_id RHSA-2024:0189
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0189
18
reference_url https://access.redhat.com/errata/RHSA-2024:0214
reference_id RHSA-2024:0214
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0214
19
reference_url https://access.redhat.com/errata/RHSA-2025:9775
reference_id RHSA-2025:9775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9775
fixed_packages
0
url pkg:apk/alpine/py3-werkzeug@2.3.7-r0?arch=armhf&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/py3-werkzeug@2.3.7-r0?arch=armhf&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/py3-werkzeug@2.3.7-r0%3Farch=armhf&distroversion=v3.21&reponame=community
aliases CVE-2023-46136, GHSA-hrfv-mqp8-q5rw, PYSEC-2023-221
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bxfr-hpkh-cyby
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/py3-werkzeug@2.3.7-r0%3Farch=armhf&distroversion=v3.21&reponame=community