Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/php-phpseclib3@3.0.19-1%2Bdeb12u4?distro=trixie
Typedeb
Namespacedebian
Namephp-phpseclib3
Version3.0.19-1+deb12u4
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.0.33-1
Latest_non_vulnerable_version3.0.51-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-8h2u-szq5-13ar
vulnerability_id VCID-8h2u-szq5-13ar
summary 
Name confusion in x509 Subject Alternative Name fields
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-52892
reference_id
reference_type
scores
0
value 0.00183
scoring_system epss
scoring_elements 0.40068
published_at 2026-04-02T12:55:00Z
1
value 0.00183
scoring_system epss
scoring_elements 0.40094
published_at 2026-04-04T12:55:00Z
2
value 0.00188
scoring_system epss
scoring_elements 0.4069
published_at 2026-04-16T12:55:00Z
3
value 0.00188
scoring_system epss
scoring_elements 0.40645
published_at 2026-04-13T12:55:00Z
4
value 0.00188
scoring_system epss
scoring_elements 0.40664
published_at 2026-04-12T12:55:00Z
5
value 0.00188
scoring_system epss
scoring_elements 0.40699
published_at 2026-04-11T12:55:00Z
6
value 0.00188
scoring_system epss
scoring_elements 0.40672
published_at 2026-04-08T12:55:00Z
7
value 0.00188
scoring_system epss
scoring_elements 0.40622
published_at 2026-04-07T12:55:00Z
8
value 0.00188
scoring_system epss
scoring_elements 0.40681
published_at 2026-04-09T12:55:00Z
9
value 0.00188
scoring_system epss
scoring_elements 0.40659
published_at 2026-04-18T12:55:00Z
10
value 0.00225
scoring_system epss
scoring_elements 0.45206
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-52892
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52892
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52892
2
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
3
reference_url https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-21T19:54:11Z/
url https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627
4
reference_url https://github.com/phpseclib/phpseclib/issues/1943
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-21T19:54:11Z/
url https://github.com/phpseclib/phpseclib/issues/1943
5
reference_url https://github.com/phpseclib/phpseclib/releases/tag/3.0.33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-21T19:54:11Z/
url https://github.com/phpseclib/phpseclib/releases/tag/3.0.33
6
reference_url https://github.com/x509-name-testing/name_testing_artifacts
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-21T19:54:11Z/
url https://github.com/x509-name-testing/name_testing_artifacts
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-52892
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-52892
8
reference_url https://github.com/advisories/GHSA-ff7q-6vwh-v9m4
reference_id GHSA-ff7q-6vwh-v9m4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ff7q-6vwh-v9m4
9
reference_url https://usn.ubuntu.com/7404-1/
reference_id USN-7404-1
reference_type
scores
url https://usn.ubuntu.com/7404-1/
fixed_packages
0
url pkg:deb/debian/php-phpseclib3@3.0.19-1%2Bdeb12u3?distro=trixie
purl pkg:deb/debian/php-phpseclib3@3.0.19-1%2Bdeb12u3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hnn9-wcwe-ffa5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib3@3.0.19-1%252Bdeb12u3%3Fdistro=trixie
1
url pkg:deb/debian/php-phpseclib3@3.0.19-1%2Bdeb12u4?distro=trixie
purl pkg:deb/debian/php-phpseclib3@3.0.19-1%2Bdeb12u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib3@3.0.19-1%252Bdeb12u4%3Fdistro=trixie
2
url pkg:deb/debian/php-phpseclib3@3.0.33-1?distro=trixie
purl pkg:deb/debian/php-phpseclib3@3.0.33-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib3@3.0.33-1%3Fdistro=trixie
3
url pkg:deb/debian/php-phpseclib3@3.0.43-2?distro=trixie
purl pkg:deb/debian/php-phpseclib3@3.0.43-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hnn9-wcwe-ffa5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib3@3.0.43-2%3Fdistro=trixie
4
url pkg:deb/debian/php-phpseclib3@3.0.50-1?distro=trixie
purl pkg:deb/debian/php-phpseclib3@3.0.50-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hnn9-wcwe-ffa5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib3@3.0.50-1%3Fdistro=trixie
5
url pkg:deb/debian/php-phpseclib3@3.0.51-1?distro=trixie
purl pkg:deb/debian/php-phpseclib3@3.0.51-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib3@3.0.51-1%3Fdistro=trixie
aliases CVE-2023-52892, GHSA-ff7q-6vwh-v9m4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8h2u-szq5-13ar
1
url VCID-ku5e-5j7s-qyc9
vulnerability_id VCID-ku5e-5j7s-qyc9
summary 
phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack
### Impact
Those using AES in CBC mode may be susceptible to a padding oracle timing attack.

### Patches
https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788

### Workarounds
Use AES in CTR, CFB or OFB modes
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32935
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02587
published_at 2026-04-16T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02604
published_at 2026-04-13T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02595
published_at 2026-04-18T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.02838
published_at 2026-04-07T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.0284
published_at 2026-04-08T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.02816
published_at 2026-04-02T12:55:00Z
6
value 0.00015
scoring_system epss
scoring_elements 0.0283
published_at 2026-04-11T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.02811
published_at 2026-04-12T12:55:00Z
8
value 0.00015
scoring_system epss
scoring_elements 0.02861
published_at 2026-04-09T12:55:00Z
9
value 0.0002
scoring_system epss
scoring_elements 0.05315
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32935
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32935
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32935
2
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
3
reference_url https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T16:31:59Z/
url https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788
4
reference_url https://github.com/phpseclib/phpseclib/security/advisories/GHSA-94g3-g5v7-q4jg
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T16:31:59Z/
url https://github.com/phpseclib/phpseclib/security/advisories/GHSA-94g3-g5v7-q4jg
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-32935
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-32935
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131482
reference_id 1131482
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131482
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131483
reference_id 1131483
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131483
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131484
reference_id 1131484
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131484
9
reference_url https://github.com/advisories/GHSA-94g3-g5v7-q4jg
reference_id GHSA-94g3-g5v7-q4jg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-94g3-g5v7-q4jg
fixed_packages
0
url pkg:deb/debian/php-phpseclib3@3.0.19-1%2Bdeb12u3?distro=trixie
purl pkg:deb/debian/php-phpseclib3@3.0.19-1%2Bdeb12u3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hnn9-wcwe-ffa5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib3@3.0.19-1%252Bdeb12u3%3Fdistro=trixie
1
url pkg:deb/debian/php-phpseclib3@3.0.19-1%2Bdeb12u4?distro=trixie
purl pkg:deb/debian/php-phpseclib3@3.0.19-1%2Bdeb12u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib3@3.0.19-1%252Bdeb12u4%3Fdistro=trixie
2
url pkg:deb/debian/php-phpseclib3@3.0.43-2?distro=trixie
purl pkg:deb/debian/php-phpseclib3@3.0.43-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hnn9-wcwe-ffa5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib3@3.0.43-2%3Fdistro=trixie
3
url pkg:deb/debian/php-phpseclib3@3.0.43-2%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/php-phpseclib3@3.0.43-2%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib3@3.0.43-2%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/php-phpseclib3@3.0.50-1?distro=trixie
purl pkg:deb/debian/php-phpseclib3@3.0.50-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hnn9-wcwe-ffa5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib3@3.0.50-1%3Fdistro=trixie
5
url pkg:deb/debian/php-phpseclib3@3.0.51-1?distro=trixie
purl pkg:deb/debian/php-phpseclib3@3.0.51-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib3@3.0.51-1%3Fdistro=trixie
aliases CVE-2026-32935, GHSA-94g3-g5v7-q4jg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ku5e-5j7s-qyc9
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib3@3.0.19-1%252Bdeb12u4%3Fdistro=trixie