Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/botan@2.9.0-r0?arch=aarch64&distroversion=v3.20&reponame=main
Typeapk
Namespacealpine
Namebotan
Version2.9.0-r0
Qualifiers
arch aarch64
distroversion v3.20
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.17.3-r0
Latest_non_vulnerable_version2.19.5-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-31pb-3pss-ybg3
vulnerability_id VCID-31pb-3pss-ybg3
summary A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded Montgomery ladder whose loop iteration count depends on the bitlength of the secret. This issue affects only key generation, not ECDSA signatures or ECDH key agreement.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20187
reference_id
reference_type
scores
0
value 0.00487
scoring_system epss
scoring_elements 0.65496
published_at 2026-04-18T12:55:00Z
1
value 0.00487
scoring_system epss
scoring_elements 0.65448
published_at 2026-04-13T12:55:00Z
2
value 0.00487
scoring_system epss
scoring_elements 0.65485
published_at 2026-04-16T12:55:00Z
3
value 0.00487
scoring_system epss
scoring_elements 0.65368
published_at 2026-04-01T12:55:00Z
4
value 0.00487
scoring_system epss
scoring_elements 0.65417
published_at 2026-04-02T12:55:00Z
5
value 0.00487
scoring_system epss
scoring_elements 0.65444
published_at 2026-04-04T12:55:00Z
6
value 0.00487
scoring_system epss
scoring_elements 0.65406
published_at 2026-04-07T12:55:00Z
7
value 0.00487
scoring_system epss
scoring_elements 0.65459
published_at 2026-04-08T12:55:00Z
8
value 0.00487
scoring_system epss
scoring_elements 0.6547
published_at 2026-04-09T12:55:00Z
9
value 0.00487
scoring_system epss
scoring_elements 0.65489
published_at 2026-04-11T12:55:00Z
10
value 0.00487
scoring_system epss
scoring_elements 0.65476
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20187
1
reference_url https://botan.randombit.net/news.html
reference_id
reference_type
scores
url https://botan.randombit.net/news.html
2
reference_url https://botan.randombit.net/security.html
reference_id
reference_type
scores
url https://botan.randombit.net/security.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20187
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20187
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/crocs-muni/ECTester
reference_id
reference_type
scores
url https://github.com/crocs-muni/ECTester
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918732
reference_id 918732
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918732
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-20187
reference_id CVE-2018-20187
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
1
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2018-20187
fixed_packages
0
url pkg:apk/alpine/botan@2.9.0-r0?arch=aarch64&distroversion=v3.20&reponame=main
purl pkg:apk/alpine/botan@2.9.0-r0?arch=aarch64&distroversion=v3.20&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/botan@2.9.0-r0%3Farch=aarch64&distroversion=v3.20&reponame=main
aliases CVE-2018-20187
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-31pb-3pss-ybg3
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/botan@2.9.0-r0%3Farch=aarch64&distroversion=v3.20&reponame=main