Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/asterisk@1:22.4.1~dfsg%2B~cs6.15.60671435-1?distro=sid
Typedeb
Namespacedebian
Nameasterisk
Version1:22.4.1~dfsg+~cs6.15.60671435-1
Qualifiers
distro sid
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1:22.5.1~dfsg+~cs6.15.60671435-1
Latest_non_vulnerable_version1:22.9.0+dfsg+~cs6.16.60671434-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-2qjc-yspn-xydj
vulnerability_id VCID-2qjc-yspn-xydj
summary Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-47780
reference_id
reference_type
scores
0
value 0.00577
scoring_system epss
scoring_elements 0.68818
published_at 2026-04-13T12:55:00Z
1
value 0.00577
scoring_system epss
scoring_elements 0.68847
published_at 2026-04-12T12:55:00Z
2
value 0.00577
scoring_system epss
scoring_elements 0.6877
published_at 2026-04-02T12:55:00Z
3
value 0.00577
scoring_system epss
scoring_elements 0.6879
published_at 2026-04-04T12:55:00Z
4
value 0.00577
scoring_system epss
scoring_elements 0.68768
published_at 2026-04-07T12:55:00Z
5
value 0.00577
scoring_system epss
scoring_elements 0.6882
published_at 2026-04-08T12:55:00Z
6
value 0.00577
scoring_system epss
scoring_elements 0.68839
published_at 2026-04-09T12:55:00Z
7
value 0.00577
scoring_system epss
scoring_elements 0.68862
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-47780
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47780
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47780
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106530
reference_id 1106530
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106530
3
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2
reference_id GHSA-c7p6-7mvq-8jq2
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:24:44Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r54j-ydjm-4uca
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u7?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u7?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u7%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.4.1~dfsg%2B~cs6.15.60671435-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.4.1~dfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.4.1~dfsg%252B~cs6.15.60671435-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid
4
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2025-47780
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2qjc-yspn-xydj
1
url VCID-u91b-9huy-43hn
vulnerability_id VCID-u91b-9huy-43hn
summary Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-47779
reference_id
reference_type
scores
0
value 0.00279
scoring_system epss
scoring_elements 0.51324
published_at 2026-04-13T12:55:00Z
1
value 0.00279
scoring_system epss
scoring_elements 0.51316
published_at 2026-04-09T12:55:00Z
2
value 0.00279
scoring_system epss
scoring_elements 0.51359
published_at 2026-04-11T12:55:00Z
3
value 0.00279
scoring_system epss
scoring_elements 0.51338
published_at 2026-04-12T12:55:00Z
4
value 0.00279
scoring_system epss
scoring_elements 0.51279
published_at 2026-04-02T12:55:00Z
5
value 0.00279
scoring_system epss
scoring_elements 0.51304
published_at 2026-04-04T12:55:00Z
6
value 0.00279
scoring_system epss
scoring_elements 0.51264
published_at 2026-04-07T12:55:00Z
7
value 0.00279
scoring_system epss
scoring_elements 0.51319
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-47779
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47779
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47779
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106528
reference_id 1106528
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106528
3
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw
reference_id GHSA-2grh-7mhv-fcfw
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:25:58Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw
4
reference_url https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample
reference_id pjsip.conf.sample
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:25:58Z/
url https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r54j-ydjm-4uca
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u7?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u7?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u7%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.4.1~dfsg%2B~cs6.15.60671435-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.4.1~dfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.4.1~dfsg%252B~cs6.15.60671435-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid
4
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2025-47779
risk_score 3.5
exploitability 0.5
weighted_severity 6.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u91b-9huy-43hn
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.4.1~dfsg%252B~cs6.15.60671435-1%3Fdistro=sid