Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/undertow@1.4.18-1?distro=sid
Typedeb
Namespacedebian
Nameundertow
Version1.4.18-1
Qualifiers
distro sid
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.4.22-1
Latest_non_vulnerable_version2.3.20-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-77xn-dtdn-hfa2
vulnerability_id VCID-77xn-dtdn-hfa2
summary 
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
It was discovered in Undertow that the code that parses the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2017-1409.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2017-1409.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2666.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2666.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2666
reference_id
reference_type
scores
0
value 0.01394
scoring_system epss
scoring_elements 0.80416
published_at 2026-04-21T12:55:00Z
1
value 0.01394
scoring_system epss
scoring_elements 0.80404
published_at 2026-04-11T12:55:00Z
2
value 0.01394
scoring_system epss
scoring_elements 0.80389
published_at 2026-04-12T12:55:00Z
3
value 0.01394
scoring_system epss
scoring_elements 0.80382
published_at 2026-04-13T12:55:00Z
4
value 0.01394
scoring_system epss
scoring_elements 0.80411
published_at 2026-04-16T12:55:00Z
5
value 0.01394
scoring_system epss
scoring_elements 0.80412
published_at 2026-04-18T12:55:00Z
6
value 0.01394
scoring_system epss
scoring_elements 0.8033
published_at 2026-04-01T12:55:00Z
7
value 0.01394
scoring_system epss
scoring_elements 0.80337
published_at 2026-04-02T12:55:00Z
8
value 0.01394
scoring_system epss
scoring_elements 0.80357
published_at 2026-04-04T12:55:00Z
9
value 0.01394
scoring_system epss
scoring_elements 0.80346
published_at 2026-04-07T12:55:00Z
10
value 0.01394
scoring_system epss
scoring_elements 0.80375
published_at 2026-04-08T12:55:00Z
11
value 0.01394
scoring_system epss
scoring_elements 0.80385
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2666
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2666
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2666
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2670
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2670
6
reference_url https://github.com/advisories/GHSA-mcfm-h73v-635m
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-mcfm-h73v-635m
7
reference_url http://www.securityfocus.com/bid/98966
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/98966
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1436163
reference_id 1436163
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1436163
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405
reference_id 864405
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2666
reference_id CVE-2017-2666
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2666
11
reference_url https://access.redhat.com/errata/RHSA-2017:1409
reference_id RHSA-2017:1409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1409
fixed_packages
0
url pkg:deb/debian/undertow@1.4.18-1?distro=sid
purl pkg:deb/debian/undertow@1.4.18-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@1.4.18-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2017-2666, GHSA-mcfm-h73v-635m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-77xn-dtdn-hfa2
1
url VCID-9zut-79gt-1bgy
vulnerability_id VCID-9zut-79gt-1bgy
summary It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2017-1409.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2017-1409.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2670.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2670.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2670
reference_id
reference_type
scores
0
value 0.05972
scoring_system epss
scoring_elements 0.90673
published_at 2026-04-21T12:55:00Z
1
value 0.05972
scoring_system epss
scoring_elements 0.90656
published_at 2026-04-09T12:55:00Z
2
value 0.05972
scoring_system epss
scoring_elements 0.90665
published_at 2026-04-12T12:55:00Z
3
value 0.05972
scoring_system epss
scoring_elements 0.90659
published_at 2026-04-13T12:55:00Z
4
value 0.05972
scoring_system epss
scoring_elements 0.90678
published_at 2026-04-16T12:55:00Z
5
value 0.05972
scoring_system epss
scoring_elements 0.90676
published_at 2026-04-18T12:55:00Z
6
value 0.05972
scoring_system epss
scoring_elements 0.90617
published_at 2026-04-01T12:55:00Z
7
value 0.05972
scoring_system epss
scoring_elements 0.90621
published_at 2026-04-02T12:55:00Z
8
value 0.05972
scoring_system epss
scoring_elements 0.90631
published_at 2026-04-04T12:55:00Z
9
value 0.05972
scoring_system epss
scoring_elements 0.90639
published_at 2026-04-07T12:55:00Z
10
value 0.05972
scoring_system epss
scoring_elements 0.9065
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2670
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2666
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2666
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2670
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2670
6
reference_url https://github.com/advisories/GHSA-3x7h-5hfr-hvjm
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-3x7h-5hfr-hvjm
7
reference_url https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d
8
reference_url http://www.securityfocus.com/bid/98965
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/98965
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1438885
reference_id 1438885
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1438885
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405
reference_id 864405
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2670
reference_id CVE-2017-2670
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2670
12
reference_url https://access.redhat.com/errata/RHSA-2017:1409
reference_id RHSA-2017:1409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1409
fixed_packages
0
url pkg:deb/debian/undertow@1.4.18-1?distro=sid
purl pkg:deb/debian/undertow@1.4.18-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@1.4.18-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2017-2670, GHSA-3x7h-5hfr-hvjm
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9zut-79gt-1bgy
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@1.4.18-1%3Fdistro=sid