Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/asterisk@1:22.3.0~dfsg%2B~cs6.15.60671435-1?distro=sid
Typedeb
Namespacedebian
Nameasterisk
Version1:22.3.0~dfsg+~cs6.15.60671435-1
Qualifiers
distro sid
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1:22.4.1~dfsg+~cs6.15.60671435-1
Latest_non_vulnerable_version1:22.9.0+dfsg+~cs6.16.60671434-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-r54j-ydjm-4uca
vulnerability_id VCID-r54j-ydjm-4uca
summary Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. NOTE: this is disputed by the Supplier because the impact is limited to creating empty files outside of the Asterisk product directory (aka directory traversal) and the attack can only be performed by a privileged user who has the ability to manage the configuration.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-57520
reference_id
reference_type
scores
0
value 0.03515
scoring_system epss
scoring_elements 0.87649
published_at 2026-04-18T12:55:00Z
1
value 0.03515
scoring_system epss
scoring_elements 0.8763
published_at 2026-04-09T12:55:00Z
2
value 0.03515
scoring_system epss
scoring_elements 0.87641
published_at 2026-04-11T12:55:00Z
3
value 0.03515
scoring_system epss
scoring_elements 0.87636
published_at 2026-04-12T12:55:00Z
4
value 0.03515
scoring_system epss
scoring_elements 0.87634
published_at 2026-04-13T12:55:00Z
5
value 0.03515
scoring_system epss
scoring_elements 0.87588
published_at 2026-04-02T12:55:00Z
6
value 0.03515
scoring_system epss
scoring_elements 0.87601
published_at 2026-04-04T12:55:00Z
7
value 0.03515
scoring_system epss
scoring_elements 0.87604
published_at 2026-04-07T12:55:00Z
8
value 0.03515
scoring_system epss
scoring_elements 0.87624
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-57520
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57520
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57520
2
reference_url https://github.com/asterisk/asterisk/issues/1122
reference_id 1122
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-06T15:16:16Z/
url https://github.com/asterisk/asterisk/issues/1122
3
reference_url https://gist.github.com/hyp164D1/ae76ab25acfbe263b2ed7b24b6e5c621
reference_id ae76ab25acfbe263b2ed7b24b6e5c621
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-06T15:16:16Z/
url https://gist.github.com/hyp164D1/ae76ab25acfbe263b2ed7b24b6e5c621
fixed_packages
0
url pkg:deb/debian/asterisk@1:22.3.0~dfsg%2B~cs6.15.60671435-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.3.0~dfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.3.0~dfsg%252B~cs6.15.60671435-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2024-57520
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r54j-ydjm-4uca
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.3.0~dfsg%252B~cs6.15.60671435-1%3Fdistro=sid