Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/arj@3.10.22-24?distro=trixie

Type deb

Namespace debian

Name arj

Version 3.10.22-24

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.10.22-26

Latest_non_vulnerable_version 3.10.22-29

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-4d97-px4k-v3cf

vulnerability_id VCID-4d97-px4k-v3cf

summary Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-0557

reference_id

reference_type

scores

value	0.02096
scoring_system	epss
scoring_elements	0.84355
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-0557

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0556
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0556

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0557
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0557

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2782
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2782

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435
reference_id	774435
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435

reference_url	https://security.gentoo.org/glsa/201612-15
reference_id	GLSA-201612-15
reference_type
scores
url	https://security.gentoo.org/glsa/201612-15

fixed_packages

url	pkg:deb/debian/arj@3.10.22-13?distro=trixie
purl	pkg:deb/debian/arj@3.10.22-13?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-13%3Fdistro=trixie

url	pkg:deb/debian/arj@3.10.22-24?distro=trixie
purl	pkg:deb/debian/arj@3.10.22-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-24%3Fdistro=trixie

url	pkg:deb/debian/arj@3.10.22-26?distro=trixie
purl	pkg:deb/debian/arj@3.10.22-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-26%3Fdistro=trixie

url	pkg:deb/debian/arj@3.10.22-28?distro=trixie
purl	pkg:deb/debian/arj@3.10.22-28?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-28%3Fdistro=trixie

url	pkg:deb/debian/arj@3.10.22-29?distro=trixie
purl	pkg:deb/debian/arj@3.10.22-29?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-29%3Fdistro=trixie

aliases CVE-2015-0557

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4d97-px4k-v3cf

url VCID-c741-c27z-2ket

vulnerability_id VCID-c741-c27z-2ket

summary Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-0556

reference_id

reference_type

scores

value	0.01551
scoring_system	epss
scoring_elements	0.81748
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-0556

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0556
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0556

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0557
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0557

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2782
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2782

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774434
reference_id	774434
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774434

reference_url	https://security.gentoo.org/glsa/201612-15
reference_id	GLSA-201612-15
reference_type
scores
url	https://security.gentoo.org/glsa/201612-15

fixed_packages

url	pkg:deb/debian/arj@3.10.22-13?distro=trixie
purl	pkg:deb/debian/arj@3.10.22-13?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-13%3Fdistro=trixie

url	pkg:deb/debian/arj@3.10.22-24?distro=trixie
purl	pkg:deb/debian/arj@3.10.22-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-24%3Fdistro=trixie

url	pkg:deb/debian/arj@3.10.22-26?distro=trixie
purl	pkg:deb/debian/arj@3.10.22-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-26%3Fdistro=trixie

url	pkg:deb/debian/arj@3.10.22-28?distro=trixie
purl	pkg:deb/debian/arj@3.10.22-28?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-28%3Fdistro=trixie

url	pkg:deb/debian/arj@3.10.22-29?distro=trixie
purl	pkg:deb/debian/arj@3.10.22-29?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-29%3Fdistro=trixie

aliases CVE-2015-0556

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c741-c27z-2ket

url VCID-mcg3-5bfh-b7gn

vulnerability_id VCID-mcg3-5bfh-b7gn

summary Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-1027.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-1027.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2004-1027

reference_id

reference_type

scores

value	0.06284
scoring_system	epss
scoring_elements	0.91092
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2004-1027

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1617356
reference_id	1617356
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1617356

reference_url	https://access.redhat.com/errata/RHSA-2005:007
reference_id	RHSA-2005:007
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2005:007

fixed_packages

url	pkg:deb/debian/arj@0?distro=trixie
purl	pkg:deb/debian/arj@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@0%3Fdistro=trixie

url	pkg:deb/debian/arj@3.10.22-24?distro=trixie
purl	pkg:deb/debian/arj@3.10.22-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-24%3Fdistro=trixie

url	pkg:deb/debian/arj@3.10.22-26?distro=trixie
purl	pkg:deb/debian/arj@3.10.22-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-26%3Fdistro=trixie

url	pkg:deb/debian/arj@3.10.22-28?distro=trixie
purl	pkg:deb/debian/arj@3.10.22-28?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-28%3Fdistro=trixie

url	pkg:deb/debian/arj@3.10.22-29?distro=trixie
purl	pkg:deb/debian/arj@3.10.22-29?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-29%3Fdistro=trixie

aliases CVE-2004-1027

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mcg3-5bfh-b7gn

url VCID-u8v6-1vsn-mua5

vulnerability_id VCID-u8v6-1vsn-mua5

summary Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0947.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0947.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2004-0947

reference_id

reference_type

scores

value	0.0675
scoring_system	epss
scoring_elements	0.9145
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2004-0947

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1617328
reference_id	1617328
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1617328

reference_url	https://access.redhat.com/errata/RHSA-2005:007
reference_id	RHSA-2005:007
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2005:007

fixed_packages

url	pkg:deb/debian/arj@0?distro=trixie
purl	pkg:deb/debian/arj@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@0%3Fdistro=trixie

url	pkg:deb/debian/arj@3.10.22-24?distro=trixie
purl	pkg:deb/debian/arj@3.10.22-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-24%3Fdistro=trixie

url	pkg:deb/debian/arj@3.10.22-26?distro=trixie
purl	pkg:deb/debian/arj@3.10.22-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-26%3Fdistro=trixie

url	pkg:deb/debian/arj@3.10.22-28?distro=trixie
purl	pkg:deb/debian/arj@3.10.22-28?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-28%3Fdistro=trixie

url	pkg:deb/debian/arj@3.10.22-29?distro=trixie
purl	pkg:deb/debian/arj@3.10.22-29?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-29%3Fdistro=trixie

aliases CVE-2004-0947

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u8v6-1vsn-mua5

url VCID-weda-75ms-8bbb

vulnerability_id VCID-weda-75ms-8bbb

summary Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-2782

reference_id

reference_type

scores

value	0.05446
scoring_system	epss
scoring_elements	0.90342
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-2782

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0556
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0556

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0557
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0557

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2782
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2782

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774015
reference_id	774015
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774015

reference_url	https://security.gentoo.org/glsa/201612-15
reference_id	GLSA-201612-15
reference_type
scores
url	https://security.gentoo.org/glsa/201612-15

fixed_packages

url	pkg:deb/debian/arj@3.10.22-13?distro=trixie
purl	pkg:deb/debian/arj@3.10.22-13?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-13%3Fdistro=trixie

url	pkg:deb/debian/arj@3.10.22-24?distro=trixie
purl	pkg:deb/debian/arj@3.10.22-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-24%3Fdistro=trixie

url	pkg:deb/debian/arj@3.10.22-26?distro=trixie
purl	pkg:deb/debian/arj@3.10.22-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-26%3Fdistro=trixie

url	pkg:deb/debian/arj@3.10.22-28?distro=trixie
purl	pkg:deb/debian/arj@3.10.22-28?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-28%3Fdistro=trixie

url	pkg:deb/debian/arj@3.10.22-29?distro=trixie
purl	pkg:deb/debian/arj@3.10.22-29?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-29%3Fdistro=trixie

aliases CVE-2015-2782

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-weda-75ms-8bbb

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/arj@3.10.22-24%3Fdistro=trixie

Package Instance