Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/mbedtls@3.6.0-3?distro=trixie
Typedeb
Namespacedebian
Namembedtls
Version3.6.0-3
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.6.2-1
Latest_non_vulnerable_version3.6.4-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-vs6q-c4ug-xfer
vulnerability_id VCID-vs6q-c4ug-xfer
summary An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing any TLS 1.3 connection, potentially resulting in a Denial of Service or forced version downgrade from TLS 1.3 to TLS 1.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28755
reference_id
reference_type
scores
0
value 0.00127
scoring_system epss
scoring_elements 0.32036
published_at 2026-04-21T12:55:00Z
1
value 0.00127
scoring_system epss
scoring_elements 0.32037
published_at 2026-04-07T12:55:00Z
2
value 0.00127
scoring_system epss
scoring_elements 0.32088
published_at 2026-04-08T12:55:00Z
3
value 0.00127
scoring_system epss
scoring_elements 0.32117
published_at 2026-04-09T12:55:00Z
4
value 0.00127
scoring_system epss
scoring_elements 0.32121
published_at 2026-04-11T12:55:00Z
5
value 0.00127
scoring_system epss
scoring_elements 0.32083
published_at 2026-04-12T12:55:00Z
6
value 0.00127
scoring_system epss
scoring_elements 0.32052
published_at 2026-04-13T12:55:00Z
7
value 0.00127
scoring_system epss
scoring_elements 0.32086
published_at 2026-04-16T12:55:00Z
8
value 0.00127
scoring_system epss
scoring_elements 0.32064
published_at 2026-04-18T12:55:00Z
9
value 0.00127
scoring_system epss
scoring_elements 0.32176
published_at 2026-04-02T12:55:00Z
10
value 0.00127
scoring_system epss
scoring_elements 0.32214
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28755
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28755
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28755
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077686
reference_id 1077686
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077686
3
reference_url https://github.com/hey3e
reference_id hey3e
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:04:39Z/
url https://github.com/hey3e
4
reference_url https://hey3e.github.io
reference_id hey3e.github.io
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:04:39Z/
url https://hey3e.github.io
5
reference_url https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/
reference_id security-advisories
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:04:39Z/
url https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/
6
reference_url https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0
reference_id v3.6.0
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:04:39Z/
url https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0
fixed_packages
0
url pkg:deb/debian/mbedtls@3.6.0-3?distro=trixie
purl pkg:deb/debian/mbedtls@3.6.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.0-3%3Fdistro=trixie
1
url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie
purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sbv-dqyv-6baw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie
2
url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie
purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sbv-dqyv-6baw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie
aliases CVE-2024-28755
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vs6q-c4ug-xfer
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.0-3%3Fdistro=trixie