Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/modsecurity@3.0.14-1?distro=trixie
Typedeb
Namespacedebian
Namemodsecurity
Version3.0.14-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-93qw-yjha-tyce
vulnerability_id VCID-93qw-yjha-tyce
summary ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-1019
reference_id
reference_type
scores
0
value 0.00306
scoring_system epss
scoring_elements 0.53751
published_at 2026-04-07T12:55:00Z
1
value 0.00306
scoring_system epss
scoring_elements 0.53778
published_at 2026-04-04T12:55:00Z
2
value 0.00306
scoring_system epss
scoring_elements 0.53803
published_at 2026-04-08T12:55:00Z
3
value 0.00306
scoring_system epss
scoring_elements 0.53801
published_at 2026-04-09T12:55:00Z
4
value 0.00306
scoring_system epss
scoring_elements 0.53849
published_at 2026-04-11T12:55:00Z
5
value 0.00306
scoring_system epss
scoring_elements 0.53832
published_at 2026-04-12T12:55:00Z
6
value 0.00306
scoring_system epss
scoring_elements 0.53816
published_at 2026-04-13T12:55:00Z
7
value 0.00306
scoring_system epss
scoring_elements 0.53853
published_at 2026-04-16T12:55:00Z
8
value 0.00306
scoring_system epss
scoring_elements 0.53857
published_at 2026-04-18T12:55:00Z
9
value 0.00306
scoring_system epss
scoring_elements 0.53837
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-1019
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1019
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1019
fixed_packages
0
url pkg:deb/debian/modsecurity@3.0.12-1?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.12-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.12-1%3Fdistro=trixie
1
url pkg:deb/debian/modsecurity@3.0.14-1?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.14-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.14-1%3Fdistro=trixie
aliases CVE-2024-1019
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-93qw-yjha-tyce
1
url VCID-azf2-ue64-y7eb
vulnerability_id VCID-azf2-ue64-y7eb
summary mod_security: DoS Vulnerability in Four Transformations
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38285.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38285.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38285
reference_id
reference_type
scores
0
value 0.00487
scoring_system epss
scoring_elements 0.65415
published_at 2026-04-02T12:55:00Z
1
value 0.00487
scoring_system epss
scoring_elements 0.65469
published_at 2026-04-09T12:55:00Z
2
value 0.00487
scoring_system epss
scoring_elements 0.65446
published_at 2026-04-13T12:55:00Z
3
value 0.00487
scoring_system epss
scoring_elements 0.65484
published_at 2026-04-16T12:55:00Z
4
value 0.00487
scoring_system epss
scoring_elements 0.65495
published_at 2026-04-18T12:55:00Z
5
value 0.00487
scoring_system epss
scoring_elements 0.65442
published_at 2026-04-04T12:55:00Z
6
value 0.00487
scoring_system epss
scoring_elements 0.65405
published_at 2026-04-07T12:55:00Z
7
value 0.00487
scoring_system epss
scoring_elements 0.65458
published_at 2026-04-08T12:55:00Z
8
value 0.00487
scoring_system epss
scoring_elements 0.65488
published_at 2026-04-11T12:55:00Z
9
value 0.00487
scoring_system epss
scoring_elements 0.65474
published_at 2026-04-12T12:55:00Z
10
value 0.00555
scoring_system epss
scoring_elements 0.6815
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38285
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38285
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38285
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042475
reference_id 1042475
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042475
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2226930
reference_id 2226930
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2226930
5
reference_url https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/
reference_id end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T15:41:59Z/
url https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/
6
reference_url https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/
reference_id modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T15:41:59Z/
url https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/
fixed_packages
0
url pkg:deb/debian/modsecurity@3.0.9-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.9-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93qw-yjha-tyce
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.9-1%252Bdeb12u1%3Fdistro=trixie
1
url pkg:deb/debian/modsecurity@3.0.10-1?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.10-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.10-1%3Fdistro=trixie
2
url pkg:deb/debian/modsecurity@3.0.14-1?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.14-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.14-1%3Fdistro=trixie
aliases CVE-2023-38285
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-azf2-ue64-y7eb
2
url VCID-cq83-mkc9-g3e2
vulnerability_id VCID-cq83-mkc9-g3e2
summary Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19886
reference_id
reference_type
scores
0
value 0.04013
scoring_system epss
scoring_elements 0.88399
published_at 2026-04-01T12:55:00Z
1
value 0.04013
scoring_system epss
scoring_elements 0.88407
published_at 2026-04-02T12:55:00Z
2
value 0.04013
scoring_system epss
scoring_elements 0.88416
published_at 2026-04-04T12:55:00Z
3
value 0.04013
scoring_system epss
scoring_elements 0.8842
published_at 2026-04-07T12:55:00Z
4
value 0.04013
scoring_system epss
scoring_elements 0.88439
published_at 2026-04-08T12:55:00Z
5
value 0.04013
scoring_system epss
scoring_elements 0.88445
published_at 2026-04-09T12:55:00Z
6
value 0.04013
scoring_system epss
scoring_elements 0.88456
published_at 2026-04-11T12:55:00Z
7
value 0.04013
scoring_system epss
scoring_elements 0.88448
published_at 2026-04-12T12:55:00Z
8
value 0.04013
scoring_system epss
scoring_elements 0.88447
published_at 2026-04-13T12:55:00Z
9
value 0.04013
scoring_system epss
scoring_elements 0.88462
published_at 2026-04-16T12:55:00Z
10
value 0.04013
scoring_system epss
scoring_elements 0.88459
published_at 2026-04-18T12:55:00Z
11
value 0.04013
scoring_system epss
scoring_elements 0.88457
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19886
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19886
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19886
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949682
reference_id 949682
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949682
fixed_packages
0
url pkg:deb/debian/modsecurity@3.0.4-1?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.4-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.4-1%3Fdistro=trixie
1
url pkg:deb/debian/modsecurity@3.0.4-2?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.4-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93qw-yjha-tyce
1
vulnerability VCID-azf2-ue64-y7eb
2
vulnerability VCID-kg7a-8fqh-mffc
3
vulnerability VCID-y8ty-2cp5-y3gm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.4-2%3Fdistro=trixie
2
url pkg:deb/debian/modsecurity@3.0.9-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.9-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93qw-yjha-tyce
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.9-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/modsecurity@3.0.14-1?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.14-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.14-1%3Fdistro=trixie
aliases CVE-2019-19886
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cq83-mkc9-g3e2
3
url VCID-gr7r-94ky-x3ck
vulnerability_id VCID-gr7r-94ky-x3ck
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15598
reference_id
reference_type
scores
0
value 0.03785
scoring_system epss
scoring_elements 0.88011
published_at 2026-04-01T12:55:00Z
1
value 0.03785
scoring_system epss
scoring_elements 0.8802
published_at 2026-04-02T12:55:00Z
2
value 0.03785
scoring_system epss
scoring_elements 0.88034
published_at 2026-04-04T12:55:00Z
3
value 0.03785
scoring_system epss
scoring_elements 0.8804
published_at 2026-04-07T12:55:00Z
4
value 0.03785
scoring_system epss
scoring_elements 0.8806
published_at 2026-04-08T12:55:00Z
5
value 0.03785
scoring_system epss
scoring_elements 0.88066
published_at 2026-04-09T12:55:00Z
6
value 0.03785
scoring_system epss
scoring_elements 0.88076
published_at 2026-04-11T12:55:00Z
7
value 0.03785
scoring_system epss
scoring_elements 0.88069
published_at 2026-04-13T12:55:00Z
8
value 0.03785
scoring_system epss
scoring_elements 0.88083
published_at 2026-04-16T12:55:00Z
9
value 0.03785
scoring_system epss
scoring_elements 0.8808
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15598
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15598
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15598
fixed_packages
0
url pkg:deb/debian/modsecurity@3.0.4-2?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.4-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93qw-yjha-tyce
1
vulnerability VCID-azf2-ue64-y7eb
2
vulnerability VCID-kg7a-8fqh-mffc
3
vulnerability VCID-y8ty-2cp5-y3gm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.4-2%3Fdistro=trixie
1
url pkg:deb/debian/modsecurity@3.0.9-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.9-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93qw-yjha-tyce
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.9-1%252Bdeb12u1%3Fdistro=trixie
2
url pkg:deb/debian/modsecurity@3.0.14-1?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.14-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.14-1%3Fdistro=trixie
aliases CVE-2020-15598
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gr7r-94ky-x3ck
4
url VCID-htwm-7xz4-q3c7
vulnerability_id VCID-htwm-7xz4-q3c7
summary mod_security: Libmodsecurity3 has possible bypass of encoded HTML entities
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27110.json
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27110.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27110
reference_id
reference_type
scores
0
value 0.00144
scoring_system epss
scoring_elements 0.34802
published_at 2026-04-04T12:55:00Z
1
value 0.00144
scoring_system epss
scoring_elements 0.34776
published_at 2026-04-02T12:55:00Z
2
value 0.00274
scoring_system epss
scoring_elements 0.5088
published_at 2026-04-21T12:55:00Z
3
value 0.00274
scoring_system epss
scoring_elements 0.50895
published_at 2026-04-11T12:55:00Z
4
value 0.00274
scoring_system epss
scoring_elements 0.50872
published_at 2026-04-12T12:55:00Z
5
value 0.00274
scoring_system epss
scoring_elements 0.50857
published_at 2026-04-13T12:55:00Z
6
value 0.00274
scoring_system epss
scoring_elements 0.50894
published_at 2026-04-16T12:55:00Z
7
value 0.00274
scoring_system epss
scoring_elements 0.50901
published_at 2026-04-18T12:55:00Z
8
value 0.00274
scoring_system epss
scoring_elements 0.50799
published_at 2026-04-07T12:55:00Z
9
value 0.00274
scoring_system epss
scoring_elements 0.50856
published_at 2026-04-08T12:55:00Z
10
value 0.00274
scoring_system epss
scoring_elements 0.50854
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27110
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098910
reference_id 1098910
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098910
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2347591
reference_id 2347591
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2347591
5
reference_url https://github.com/owasp-modsecurity/ModSecurity/issues/3340
reference_id 3340
reference_type
scores
0
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T16:37:26Z/
url https://github.com/owasp-modsecurity/ModSecurity/issues/3340
6
reference_url https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-42w7-rmv5-4x2j
reference_id GHSA-42w7-rmv5-4x2j
reference_type
scores
0
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T16:37:26Z/
url https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-42w7-rmv5-4x2j
fixed_packages
0
url pkg:deb/debian/modsecurity@0?distro=trixie
purl pkg:deb/debian/modsecurity@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@0%3Fdistro=trixie
1
url pkg:deb/debian/modsecurity@3.0.4-2?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.4-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93qw-yjha-tyce
1
vulnerability VCID-azf2-ue64-y7eb
2
vulnerability VCID-kg7a-8fqh-mffc
3
vulnerability VCID-y8ty-2cp5-y3gm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.4-2%3Fdistro=trixie
2
url pkg:deb/debian/modsecurity@3.0.9-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.9-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93qw-yjha-tyce
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.9-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/modsecurity@3.0.14-1?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.14-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.14-1%3Fdistro=trixie
aliases CVE-2025-27110
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-htwm-7xz4-q3c7
5
url VCID-kg7a-8fqh-mffc
vulnerability_id VCID-kg7a-8fqh-mffc
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-42717
reference_id
reference_type
scores
0
value 0.0204
scoring_system epss
scoring_elements 0.8386
published_at 2026-04-21T12:55:00Z
1
value 0.0204
scoring_system epss
scoring_elements 0.83765
published_at 2026-04-01T12:55:00Z
2
value 0.0204
scoring_system epss
scoring_elements 0.83778
published_at 2026-04-02T12:55:00Z
3
value 0.0204
scoring_system epss
scoring_elements 0.83792
published_at 2026-04-04T12:55:00Z
4
value 0.0204
scoring_system epss
scoring_elements 0.83793
published_at 2026-04-07T12:55:00Z
5
value 0.0204
scoring_system epss
scoring_elements 0.83817
published_at 2026-04-08T12:55:00Z
6
value 0.0204
scoring_system epss
scoring_elements 0.83823
published_at 2026-04-09T12:55:00Z
7
value 0.0204
scoring_system epss
scoring_elements 0.83839
published_at 2026-04-11T12:55:00Z
8
value 0.0204
scoring_system epss
scoring_elements 0.83833
published_at 2026-04-12T12:55:00Z
9
value 0.0204
scoring_system epss
scoring_elements 0.83828
published_at 2026-04-13T12:55:00Z
10
value 0.0204
scoring_system epss
scoring_elements 0.83862
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-42717
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42717
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42717
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://usn.ubuntu.com/6370-1/
reference_id USN-6370-1
reference_type
scores
url https://usn.ubuntu.com/6370-1/
fixed_packages
0
url pkg:deb/debian/modsecurity@3.0.6-1?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.6-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.6-1%3Fdistro=trixie
1
url pkg:deb/debian/modsecurity@3.0.9-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.9-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93qw-yjha-tyce
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.9-1%252Bdeb12u1%3Fdistro=trixie
2
url pkg:deb/debian/modsecurity@3.0.14-1?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.14-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.14-1%3Fdistro=trixie
aliases CVE-2021-42717
risk_score 1.9
exploitability 0.5
weighted_severity 3.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kg7a-8fqh-mffc
6
url VCID-m634-5nyb-skeu
vulnerability_id VCID-m634-5nyb-skeu
summary ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-25043
reference_id
reference_type
scores
0
value 0.00382
scoring_system epss
scoring_elements 0.59489
published_at 2026-04-01T12:55:00Z
1
value 0.00382
scoring_system epss
scoring_elements 0.59562
published_at 2026-04-02T12:55:00Z
2
value 0.00382
scoring_system epss
scoring_elements 0.59586
published_at 2026-04-04T12:55:00Z
3
value 0.00382
scoring_system epss
scoring_elements 0.59556
published_at 2026-04-07T12:55:00Z
4
value 0.00382
scoring_system epss
scoring_elements 0.59607
published_at 2026-04-08T12:55:00Z
5
value 0.00382
scoring_system epss
scoring_elements 0.5962
published_at 2026-04-09T12:55:00Z
6
value 0.00382
scoring_system epss
scoring_elements 0.59639
published_at 2026-04-11T12:55:00Z
7
value 0.00382
scoring_system epss
scoring_elements 0.59622
published_at 2026-04-12T12:55:00Z
8
value 0.00382
scoring_system epss
scoring_elements 0.59602
published_at 2026-04-13T12:55:00Z
9
value 0.00382
scoring_system epss
scoring_elements 0.59635
published_at 2026-04-16T12:55:00Z
10
value 0.00382
scoring_system epss
scoring_elements 0.59643
published_at 2026-04-18T12:55:00Z
11
value 0.00382
scoring_system epss
scoring_elements 0.59626
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-25043
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25043
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25043
fixed_packages
0
url pkg:deb/debian/modsecurity@3.0.4-1?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.4-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.4-1%3Fdistro=trixie
1
url pkg:deb/debian/modsecurity@3.0.4-2?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.4-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93qw-yjha-tyce
1
vulnerability VCID-azf2-ue64-y7eb
2
vulnerability VCID-kg7a-8fqh-mffc
3
vulnerability VCID-y8ty-2cp5-y3gm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.4-2%3Fdistro=trixie
2
url pkg:deb/debian/modsecurity@3.0.9-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.9-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93qw-yjha-tyce
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.9-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/modsecurity@3.0.14-1?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.14-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.14-1%3Fdistro=trixie
aliases CVE-2019-25043
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m634-5nyb-skeu
7
url VCID-mhtt-q3pz-q7ct
vulnerability_id VCID-mhtt-q3pz-q7ct
summary mod_security: a segfault and a resultant crash of a worker process in some configurations with certain inputs
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28882.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28882.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28882
reference_id
reference_type
scores
0
value 0.00095
scoring_system epss
scoring_elements 0.26438
published_at 2026-04-02T12:55:00Z
1
value 0.00095
scoring_system epss
scoring_elements 0.26225
published_at 2026-04-21T12:55:00Z
2
value 0.00095
scoring_system epss
scoring_elements 0.26279
published_at 2026-04-13T12:55:00Z
3
value 0.00095
scoring_system epss
scoring_elements 0.26285
published_at 2026-04-16T12:55:00Z
4
value 0.00095
scoring_system epss
scoring_elements 0.26261
published_at 2026-04-18T12:55:00Z
5
value 0.00095
scoring_system epss
scoring_elements 0.26482
published_at 2026-04-04T12:55:00Z
6
value 0.00095
scoring_system epss
scoring_elements 0.26256
published_at 2026-04-07T12:55:00Z
7
value 0.00095
scoring_system epss
scoring_elements 0.26324
published_at 2026-04-08T12:55:00Z
8
value 0.00095
scoring_system epss
scoring_elements 0.26375
published_at 2026-04-09T12:55:00Z
9
value 0.00095
scoring_system epss
scoring_elements 0.26384
published_at 2026-04-11T12:55:00Z
10
value 0.00095
scoring_system epss
scoring_elements 0.26338
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28882
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035083
reference_id 1035083
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035083
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2190381
reference_id 2190381
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2190381
5
reference_url https://www.trustwave.com/en-us/resources/security-resources/software-updates/announcing-modsecurity-version-309/
reference_id announcing-modsecurity-version-309
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:41:56Z/
url https://www.trustwave.com/en-us/resources/security-resources/software-updates/announcing-modsecurity-version-309/
fixed_packages
0
url pkg:deb/debian/modsecurity@0?distro=trixie
purl pkg:deb/debian/modsecurity@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@0%3Fdistro=trixie
1
url pkg:deb/debian/modsecurity@3.0.4-2?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.4-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93qw-yjha-tyce
1
vulnerability VCID-azf2-ue64-y7eb
2
vulnerability VCID-kg7a-8fqh-mffc
3
vulnerability VCID-y8ty-2cp5-y3gm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.4-2%3Fdistro=trixie
2
url pkg:deb/debian/modsecurity@3.0.9-1?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.9-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.9-1%3Fdistro=trixie
3
url pkg:deb/debian/modsecurity@3.0.9-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.9-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93qw-yjha-tyce
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.9-1%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/modsecurity@3.0.14-1?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.14-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.14-1%3Fdistro=trixie
aliases CVE-2023-28882
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mhtt-q3pz-q7ct
8
url VCID-y8ty-2cp5-y3gm
vulnerability_id VCID-y8ty-2cp5-y3gm
summary mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48279.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48279.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-48279
reference_id
reference_type
scores
0
value 0.00649
scoring_system epss
scoring_elements 0.7075
published_at 2026-04-02T12:55:00Z
1
value 0.00649
scoring_system epss
scoring_elements 0.70825
published_at 2026-04-21T12:55:00Z
2
value 0.00649
scoring_system epss
scoring_elements 0.70768
published_at 2026-04-04T12:55:00Z
3
value 0.00649
scoring_system epss
scoring_elements 0.70743
published_at 2026-04-07T12:55:00Z
4
value 0.00649
scoring_system epss
scoring_elements 0.70788
published_at 2026-04-08T12:55:00Z
5
value 0.00649
scoring_system epss
scoring_elements 0.70804
published_at 2026-04-09T12:55:00Z
6
value 0.00649
scoring_system epss
scoring_elements 0.70827
published_at 2026-04-11T12:55:00Z
7
value 0.00649
scoring_system epss
scoring_elements 0.70811
published_at 2026-04-12T12:55:00Z
8
value 0.00649
scoring_system epss
scoring_elements 0.70795
published_at 2026-04-13T12:55:00Z
9
value 0.00649
scoring_system epss
scoring_elements 0.70841
published_at 2026-04-16T12:55:00Z
10
value 0.00649
scoring_system epss
scoring_elements 0.70847
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-48279
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48279
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48279
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2163622
reference_id 2163622
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2163622
5
reference_url https://github.com/SpiderLabs/ModSecurity/pull/2795
reference_id 2795
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/
url https://github.com/SpiderLabs/ModSecurity/pull/2795
6
reference_url https://github.com/SpiderLabs/ModSecurity/pull/2797
reference_id 2797
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/
url https://github.com/SpiderLabs/ModSecurity/pull/2797
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/
reference_id 52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52TGCZCOHYBDCVWJYNN2PS4QLOHCXWTQ/
8
reference_url https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
reference_id crs-version-3-3-3-and-3-2-2-covering-several-cves
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/
url https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
9
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html
reference_id msg00023.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/
url https://lists.debian.org/debian-lts-announce/2023/01/msg00023.html
10
reference_url https://access.redhat.com/errata/RHSA-2023:4628
reference_id RHSA-2023:4628
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4628
11
reference_url https://access.redhat.com/errata/RHSA-2023:4629
reference_id RHSA-2023:4629
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4629
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/
reference_id SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYRTXTOQQI6SB2TLI5QXU76DURSLS4XI/
13
reference_url https://usn.ubuntu.com/6370-1/
reference_id USN-6370-1
reference_type
scores
url https://usn.ubuntu.com/6370-1/
14
reference_url https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6
reference_id v2.9.6
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/
url https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6
15
reference_url https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8
reference_id v3.0.8
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/
url https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/
reference_id WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T18:41:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCH6JM4I4MD4YABYFHSBDDOUFDGIFJKL/
fixed_packages
0
url pkg:deb/debian/modsecurity@3.0.8-1?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.8-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.8-1%3Fdistro=trixie
1
url pkg:deb/debian/modsecurity@3.0.9-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.9-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93qw-yjha-tyce
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.9-1%252Bdeb12u1%3Fdistro=trixie
2
url pkg:deb/debian/modsecurity@3.0.14-1?distro=trixie
purl pkg:deb/debian/modsecurity@3.0.14-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.14-1%3Fdistro=trixie
aliases CVE-2022-48279
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y8ty-2cp5-y3gm
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/modsecurity@3.0.14-1%3Fdistro=trixie