Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/laminas/laminas-diactoros@2.24.2
Typecomposer
Namespacelaminas
Namelaminas-diactoros
Version2.24.2
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.25.2
Latest_non_vulnerable_version2.25.2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-jc36-p4jx-t3e1
vulnerability_id VCID-jc36-p4jx-t3e1
summary 
Improper Input Validation
Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value, can cause an invalid message. This can lead to denial of service vectors or application errors. The problem has been patched in following versions 2.18.1, 2.19.1, 2.20.1, 2.21.1, 2.22.1, 2.23.1, 2.24.1, and 2.25.1. As a workaround, validate HTTP header keys and/or values, and if using user-supplied values, filter them to strip off leading or trailing newline characters before calling `withHeader()`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29530
reference_id
reference_type
scores
0
value 0.00671
scoring_system epss
scoring_elements 0.71806
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29530
1
reference_url https://github.com/laminas/laminas-diactoros
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/laminas/laminas-diactoros
2
reference_url https://github.com/laminas/laminas-diactoros/commit/7e721a60a09c5119c98694c2d23fc031094e1f1c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/laminas/laminas-diactoros/commit/7e721a60a09c5119c98694c2d23fc031094e1f1c
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPW54QK7ISDALPLP2CKODU4ZIVRYS336
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPW54QK7ISDALPLP2CKODU4ZIVRYS336
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPW54QK7ISDALPLP2CKODU4ZIVRYS336/
reference_id BPW54QK7ISDALPLP2CKODU4ZIVRYS336
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-12T17:05:24Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPW54QK7ISDALPLP2CKODU4ZIVRYS336/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29530
reference_id CVE-2023-29530
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29530
6
reference_url https://github.com/advisories/GHSA-wxmh-65f7-jcvw
reference_id GHSA-wxmh-65f7-jcvw
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-12T17:05:24Z/
url https://github.com/advisories/GHSA-wxmh-65f7-jcvw
7
reference_url https://github.com/advisories/GHSA-xv3h-4844-9h36
reference_id GHSA-xv3h-4844-9h36
reference_type
scores
url https://github.com/advisories/GHSA-xv3h-4844-9h36
8
reference_url https://github.com/laminas/laminas-diactoros/security/advisories/GHSA-xv3h-4844-9h36
reference_id GHSA-xv3h-4844-9h36
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-12T17:05:24Z/
url https://github.com/laminas/laminas-diactoros/security/advisories/GHSA-xv3h-4844-9h36
fixed_packages
0
url pkg:composer/laminas/laminas-diactoros@2.18.1
purl pkg:composer/laminas/laminas-diactoros@2.18.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.18.1
1
url pkg:composer/laminas/laminas-diactoros@2.19.1
purl pkg:composer/laminas/laminas-diactoros@2.19.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.19.1
2
url pkg:composer/laminas/laminas-diactoros@2.20.1
purl pkg:composer/laminas/laminas-diactoros@2.20.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.20.1
3
url pkg:composer/laminas/laminas-diactoros@2.21.1
purl pkg:composer/laminas/laminas-diactoros@2.21.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.21.1
4
url pkg:composer/laminas/laminas-diactoros@2.22.1
purl pkg:composer/laminas/laminas-diactoros@2.22.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.22.1
5
url pkg:composer/laminas/laminas-diactoros@2.23.1
purl pkg:composer/laminas/laminas-diactoros@2.23.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.23.1
6
url pkg:composer/laminas/laminas-diactoros@2.24.2
purl pkg:composer/laminas/laminas-diactoros@2.24.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.24.2
7
url pkg:composer/laminas/laminas-diactoros@2.25.2
purl pkg:composer/laminas/laminas-diactoros@2.25.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.25.2
aliases CVE-2023-29530, GHSA-xv3h-4844-9h36
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jc36-p4jx-t3e1
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/laminas/laminas-diactoros@2.24.2