Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.0

Type nuget

Namespace

Name Microsoft.NetCore.App.Runtime.win-x86

Version 6.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-19ue-6u5k-53gc

vulnerability_id VCID-19ue-6u5k-53gc

summary

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24897.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24897.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-24897

reference_id

reference_type

scores

value	0.01788
scoring_system	epss
scoring_elements	0.83056
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-24897

reference_url

https://github.com/dotnet/announcements/issues/260

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/announcements/issues/260

reference_url

https://github.com/dotnet/runtime

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/runtime

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2192437
reference_id	2192437
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2192437

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897

reference_id

CVE-2023-24897

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T19:43:18Z/

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-24897

reference_id

CVE-2023-24897

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-24897

reference_url

https://github.com/advisories/GHSA-88q2-h5g3-p4pg

reference_id

GHSA-88q2-h5g3-p4pg

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-88q2-h5g3-p4pg

reference_url

https://github.com/dotnet/runtime/security/advisories/GHSA-88q2-h5g3-p4pg

reference_id

GHSA-88q2-h5g3-p4pg

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/runtime/security/advisories/GHSA-88q2-h5g3-p4pg

fixed_packages

url	pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.18
purl	pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.18
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.18

url	pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@7.0.7
purl	pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@7.0.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@7.0.7

aliases CVE-2023-24897, GHSA-88q2-h5g3-p4pg

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-19ue-6u5k-53gc

url VCID-269z-8xfd-7bhw

vulnerability_id VCID-269z-8xfd-7bhw

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38095.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38095.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-38095

reference_id

reference_type

scores

value	0.02007
scoring_system	epss
scoring_elements	0.83984
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-38095

reference_url

https://github.com/dotnet/runtime

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/runtime

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2295323
reference_id	2295323
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2295323

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38095

reference_id

CVE-2024-38095

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-09T20:02:27Z/

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38095

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-38095

reference_id

CVE-2024-38095

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-38095

reference_url

https://github.com/advisories/GHSA-447r-wph3-92pm

reference_id

GHSA-447r-wph3-92pm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-447r-wph3-92pm

reference_url

https://github.com/dotnet/runtime/security/advisories/GHSA-447r-wph3-92pm

reference_id

GHSA-447r-wph3-92pm

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/runtime/security/advisories/GHSA-447r-wph3-92pm

reference_url	https://access.redhat.com/errata/RHSA-2024:4438
reference_id	RHSA-2024:4438
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4438

reference_url	https://access.redhat.com/errata/RHSA-2024:4439
reference_id	RHSA-2024:4439
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4439

reference_url	https://access.redhat.com/errata/RHSA-2024:4450
reference_id	RHSA-2024:4450
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4450

reference_url	https://access.redhat.com/errata/RHSA-2024:4451
reference_id	RHSA-2024:4451
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4451

reference_url	https://usn.ubuntu.com/6889-1/
reference_id	USN-6889-1
reference_type
scores
url	https://usn.ubuntu.com/6889-1/

fixed_packages

url	pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.32
purl	pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.32
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.32

url	pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@8.0.7
purl	pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@8.0.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@8.0.7

aliases CVE-2024-38095, GHSA-447r-wph3-92pm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-269z-8xfd-7bhw

url VCID-43hs-h939-abgy

vulnerability_id VCID-43hs-h939-abgy

summary

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
.NET DLL Hijacking Remote Code Execution Vulnerability

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28260.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28260.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28260

reference_id

reference_type

scores

value	0.01557
scoring_system	epss
scoring_elements	0.81762
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28260

reference_url

https://github.com/dotnet/runtime

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/runtime

reference_url

https://www.cve.org/CVERecord?id=CVE-2023-28260

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.cve.org/CVERecord?id=CVE-2023-28260

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2185016
reference_id	2185016
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2185016

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28260

reference_id

CVE-2023-28260

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-03T18:19:25Z/

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28260

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-28260

reference_id

CVE-2023-28260

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-28260

reference_url

https://github.com/advisories/GHSA-w4m3-43gp-x8hx

reference_id

GHSA-w4m3-43gp-x8hx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w4m3-43gp-x8hx

reference_url

https://github.com/dotnet/runtime/security/advisories/GHSA-w4m3-43gp-x8hx

reference_id

GHSA-w4m3-43gp-x8hx

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/runtime/security/advisories/GHSA-w4m3-43gp-x8hx

reference_url	https://usn.ubuntu.com/6006-1/
reference_id	USN-6006-1
reference_type
scores
url	https://usn.ubuntu.com/6006-1/

fixed_packages

url pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.16

purl pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19ue-6u5k-53gc

vulnerability	VCID-6jg2-cqdk-4qej

vulnerability	VCID-fjvh-u5ag-wqdb

vulnerability	VCID-jxkp-swjn-j3fw

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.16

url pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@7.0.5

purl pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@7.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19ue-6u5k-53gc

vulnerability	VCID-6jg2-cqdk-4qej

vulnerability	VCID-etht-h2wy-c7ha

vulnerability	VCID-fjvh-u5ag-wqdb

vulnerability	VCID-jxkp-swjn-j3fw

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@7.0.5

aliases CVE-2023-28260, GHSA-w4m3-43gp-x8hx

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-43hs-h939-abgy

url VCID-6jg2-cqdk-4qej

vulnerability_id VCID-6jg2-cqdk-4qej

summary

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24936.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24936.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-24936

reference_id

reference_type

scores

value	0.01159
scoring_system	epss
scoring_elements	0.78894
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-24936

reference_url

https://github.com/dotnet/announcements/issues/259

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/announcements/issues/259

reference_url

https://github.com/dotnet/runtime

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/runtime

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2192438
reference_id	2192438
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2192438

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936

reference_id

CVE-2023-24936

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-29T14:48:19Z/

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-24936

reference_id

CVE-2023-24936

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-24936

reference_url

https://github.com/advisories/GHSA-jx7q-xxmw-44vf

reference_id

GHSA-jx7q-xxmw-44vf

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jx7q-xxmw-44vf

reference_url

https://github.com/dotnet/runtime/security/advisories/GHSA-jx7q-xxmw-44vf

reference_id

GHSA-jx7q-xxmw-44vf

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/runtime/security/advisories/GHSA-jx7q-xxmw-44vf

reference_url	https://access.redhat.com/errata/RHSA-2023:3580
reference_id	RHSA-2023:3580
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3580

reference_url	https://access.redhat.com/errata/RHSA-2023:3581
reference_id	RHSA-2023:3581
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3581

reference_url	https://access.redhat.com/errata/RHSA-2023:3582
reference_id	RHSA-2023:3582
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3582

reference_url	https://access.redhat.com/errata/RHSA-2023:3592
reference_id	RHSA-2023:3592
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3592

reference_url	https://access.redhat.com/errata/RHSA-2023:3593
reference_id	RHSA-2023:3593
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3593

reference_url	https://usn.ubuntu.com/6161-1/
reference_id	USN-6161-1
reference_type
scores
url	https://usn.ubuntu.com/6161-1/

fixed_packages

url	pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.18
purl	pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.18
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.18

url	pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@7.0.7
purl	pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@7.0.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@7.0.7

aliases CVE-2023-24936, GHSA-jx7q-xxmw-44vf

risk_score 3.4

exploitability 0.5

weighted_severity 6.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6jg2-cqdk-4qej

url VCID-6tq2-vne9-77gb

vulnerability_id VCID-6tq2-vne9-77gb

summary

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
.NET and Visual Studio Remote Code Execution Vulnerability

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-21808.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-21808.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-21808

reference_id

reference_type

scores

value	0.01277
scoring_system	epss
scoring_elements	0.79875
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-21808

reference_url

https://github.com/dotnet/runtime

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/runtime

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2183195
reference_id	2183195
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2183195

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808

reference_id

CVE-2023-21808

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-28T20:23:13Z/

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-21808

reference_id

CVE-2023-21808

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-21808

reference_url

https://github.com/advisories/GHSA-824j-wqm8-89mj

reference_id

GHSA-824j-wqm8-89mj

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-824j-wqm8-89mj

reference_url

https://github.com/dotnet/runtime/security/advisories/GHSA-824j-wqm8-89mj

reference_id

GHSA-824j-wqm8-89mj

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/runtime/security/advisories/GHSA-824j-wqm8-89mj

fixed_packages

url	pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.14
purl	pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.14

url	pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@7.0.3
purl	pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@7.0.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@7.0.3

aliases CVE-2023-21808, GHSA-824j-wqm8-89mj

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6tq2-vne9-77gb

url VCID-b2rf-4qqz-4yft

vulnerability_id VCID-b2rf-4qqz-4yft

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-21538.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-21538.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-21538

reference_id

reference_type

scores

value	0.01123
scoring_system	epss
scoring_elements	0.78574
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-21538

reference_url

https://github.com/dotnet/runtime

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/runtime

reference_url

https://github.com/dotnet/runtime/security/advisories/GHSA-8f7f-vqg5-jrv9

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/runtime/security/advisories/GHSA-8f7f-vqg5-jrv9

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GV5QDWYJ4C26JB7RTI55Z4O76WSH4FMV

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GV5QDWYJ4C26JB7RTI55Z4O76WSH4FMV

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GV5QDWYJ4C26JB7RTI55Z4O76WSH4FMV/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GV5QDWYJ4C26JB7RTI55Z4O76WSH4FMV/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI27LYW5C4Z4644WYIQWOXBZL7WIP2X6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI27LYW5C4Z4644WYIQWOXBZL7WIP2X6

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI27LYW5C4Z4644WYIQWOXBZL7WIP2X6/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI27LYW5C4Z4644WYIQWOXBZL7WIP2X6/

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21538

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T22:02:43Z/

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21538

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-21538

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-21538

reference_url

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21538

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21538

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2158342
reference_id	2158342
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2158342

reference_url

https://github.com/advisories/GHSA-8f7f-vqg5-jrv9

reference_id

GHSA-8f7f-vqg5-jrv9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8f7f-vqg5-jrv9

reference_url	https://access.redhat.com/errata/RHSA-2023:0077
reference_id	RHSA-2023:0077
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0077

reference_url	https://access.redhat.com/errata/RHSA-2023:0078
reference_id	RHSA-2023:0078
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0078

reference_url	https://access.redhat.com/errata/RHSA-2023:0079
reference_id	RHSA-2023:0079
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0079

reference_url	https://usn.ubuntu.com/5798-1/
reference_id	USN-5798-1
reference_type
scores
url	https://usn.ubuntu.com/5798-1/

fixed_packages

url pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.13

purl pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6tq2-vne9-77gb

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.13

aliases CVE-2023-21538, GHSA-8f7f-vqg5-jrv9

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b2rf-4qqz-4yft

url VCID-fjvh-u5ag-wqdb

vulnerability_id VCID-fjvh-u5ag-wqdb

summary

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29331.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29331.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-29331

reference_id

reference_type

scores

value	0.01128
scoring_system	epss
scoring_elements	0.78611
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-29331

reference_url

https://github.com/dotnet/announcements/issues/257

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/announcements/issues/257

reference_url

https://github.com/dotnet/runtime

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/runtime

reference_url

https://support.microsoft.com/kb/5025823

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.microsoft.com/kb/5025823

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2212617
reference_id	2212617
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2212617

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331

reference_id

CVE-2023-29331

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-28T20:20:14Z/

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-29331

reference_id

CVE-2023-29331

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-29331

reference_url

https://github.com/advisories/GHSA-555c-2p6r-68mm

reference_id

GHSA-555c-2p6r-68mm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-555c-2p6r-68mm

reference_url

https://github.com/dotnet/runtime/security/advisories/GHSA-555c-2p6r-68mm

reference_id

GHSA-555c-2p6r-68mm

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/runtime/security/advisories/GHSA-555c-2p6r-68mm

reference_url	https://access.redhat.com/errata/RHSA-2023:3580
reference_id	RHSA-2023:3580
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3580

reference_url	https://access.redhat.com/errata/RHSA-2023:3581
reference_id	RHSA-2023:3581
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3581

reference_url	https://access.redhat.com/errata/RHSA-2023:3582
reference_id	RHSA-2023:3582
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3582

reference_url	https://access.redhat.com/errata/RHSA-2023:3592
reference_id	RHSA-2023:3592
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3592

reference_url	https://access.redhat.com/errata/RHSA-2023:3593
reference_id	RHSA-2023:3593
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3593

reference_url	https://access.redhat.com/errata/RHSA-2023:4448
reference_id	RHSA-2023:4448
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4448

reference_url	https://access.redhat.com/errata/RHSA-2023:4449
reference_id	RHSA-2023:4449
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4449

reference_url	https://usn.ubuntu.com/6161-1/
reference_id	USN-6161-1
reference_type
scores
url	https://usn.ubuntu.com/6161-1/

fixed_packages

url	pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.18
purl	pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.18
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.18

url	pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@7.0.7
purl	pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@7.0.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@7.0.7

aliases CVE-2023-29331, GHSA-555c-2p6r-68mm

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fjvh-u5ag-wqdb

url VCID-jxkp-swjn-j3fw

vulnerability_id VCID-jxkp-swjn-j3fw

summary

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
.NET and Visual Studio Remote Code Execution Vulnerability

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33126.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33126.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-33126

reference_id

reference_type

scores

value	0.00873
scoring_system	epss
scoring_elements	0.75564
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-33126

reference_url

https://github.com/dotnet/announcements/issues/254

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/announcements/issues/254

reference_url

https://github.com/dotnet/sdk

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/sdk

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2212620
reference_id	2212620
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2212620

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33126

reference_id

CVE-2023-33126

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-08T14:17:17Z/

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33126

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-33126

reference_id

CVE-2023-33126

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-33126

reference_url

https://github.com/advisories/GHSA-gh24-9qjj-mr67

reference_id

GHSA-gh24-9qjj-mr67

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gh24-9qjj-mr67

reference_url

https://github.com/dotnet/sdk/security/advisories/GHSA-gh24-9qjj-mr67

reference_id

GHSA-gh24-9qjj-mr67

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/sdk/security/advisories/GHSA-gh24-9qjj-mr67

fixed_packages

url	pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.18
purl	pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.18
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.18

url	pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@7.0.7
purl	pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@7.0.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@7.0.7

aliases CVE-2023-33126, GHSA-gh24-9qjj-mr67

risk_score 3.3

exploitability 0.5

weighted_severity 6.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jxkp-swjn-j3fw

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.NetCore.App.Runtime.win-x86@6.0.0

Package Instance