Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:conan/libcurl@7.16.1
Typeconan
Namespace
Namelibcurl
Version7.16.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-7srk-hshe-h3f4
vulnerability_id VCID-7srk-hshe-h3f4
summary 
Improper Authentication
An authentication bypass vulnerability exists in libcurl v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27538.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27538.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27538
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01629
published_at 2026-04-24T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01621
published_at 2026-04-21T12:55:00Z
2
value 0.00016
scoring_system epss
scoring_elements 0.03574
published_at 2026-04-02T12:55:00Z
3
value 0.00016
scoring_system epss
scoring_elements 0.03588
published_at 2026-04-04T12:55:00Z
4
value 0.00016
scoring_system epss
scoring_elements 0.03599
published_at 2026-04-07T12:55:00Z
5
value 0.00016
scoring_system epss
scoring_elements 0.036
published_at 2026-04-08T12:55:00Z
6
value 0.00016
scoring_system epss
scoring_elements 0.03622
published_at 2026-04-09T12:55:00Z
7
value 0.00016
scoring_system epss
scoring_elements 0.03579
published_at 2026-04-11T12:55:00Z
8
value 0.00021
scoring_system epss
scoring_elements 0.05601
published_at 2026-04-12T12:55:00Z
9
value 0.00021
scoring_system epss
scoring_elements 0.05595
published_at 2026-04-13T12:55:00Z
10
value 0.00021
scoring_system epss
scoring_elements 0.05545
published_at 2026-04-16T12:55:00Z
11
value 0.00021
scoring_system epss
scoring_elements 0.05559
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27538
2
reference_url https://curl.se/docs/CVE-2023-27538.html
reference_id
reference_type
scores
0
value Low
scoring_system cvssv3.1
scoring_elements
url https://curl.se/docs/CVE-2023-27538.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27538
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27538
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/1898475
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/
url https://hackerone.com/reports/1898475
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2179103
reference_id 2179103
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2179103
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27538
reference_id CVE-2023-27538
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-27538
9
reference_url https://security.gentoo.org/glsa/202310-12
reference_id GLSA-202310-12
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/
url https://security.gentoo.org/glsa/202310-12
10
reference_url https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html
reference_id msg00025.html
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/
url https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html
11
reference_url https://security.netapp.com/advisory/ntap-20230420-0010/
reference_id ntap-20230420-0010
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/
url https://security.netapp.com/advisory/ntap-20230420-0010/
12
reference_url https://access.redhat.com/errata/RHSA-2023:6679
reference_id RHSA-2023:6679
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6679
13
reference_url https://usn.ubuntu.com/5964-1/
reference_id USN-5964-1
reference_type
scores
url https://usn.ubuntu.com/5964-1/
fixed_packages
0
url pkg:conan/libcurl@8.0.1
purl pkg:conan/libcurl@8.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/libcurl@8.0.1
aliases CVE-2023-27538
risk_score 3.5
exploitability 0.5
weighted_severity 6.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7srk-hshe-h3f4
Fixing_vulnerabilities
Risk_score3.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:conan/libcurl@7.16.1