Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/rhc-worker-playbook@0.1.10-1?arch=el9_5
Typerpm
Namespaceredhat
Namerhc-worker-playbook
Version0.1.10-1
Qualifiers
arch el9_5
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-12sa-qzjz-2ya9
vulnerability_id VCID-12sa-qzjz-2ya9
summary An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40898.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40898.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-40898
reference_id
reference_type
scores
0
value 0.00162
scoring_system epss
scoring_elements 0.37045
published_at 2026-04-21T12:55:00Z
1
value 0.00162
scoring_system epss
scoring_elements 0.37101
published_at 2026-04-18T12:55:00Z
2
value 0.00162
scoring_system epss
scoring_elements 0.37119
published_at 2026-04-16T12:55:00Z
3
value 0.00162
scoring_system epss
scoring_elements 0.37073
published_at 2026-04-13T12:55:00Z
4
value 0.00162
scoring_system epss
scoring_elements 0.371
published_at 2026-04-12T12:55:00Z
5
value 0.00162
scoring_system epss
scoring_elements 0.37134
published_at 2026-04-11T12:55:00Z
6
value 0.00162
scoring_system epss
scoring_elements 0.37124
published_at 2026-04-09T12:55:00Z
7
value 0.00162
scoring_system epss
scoring_elements 0.3711
published_at 2026-04-08T12:55:00Z
8
value 0.00162
scoring_system epss
scoring_elements 0.37059
published_at 2026-04-07T12:55:00Z
9
value 0.00162
scoring_system epss
scoring_elements 0.37228
published_at 2026-04-04T12:55:00Z
10
value 0.00162
scoring_system epss
scoring_elements 0.37199
published_at 2026-04-02T12:55:00Z
11
value 0.00172
scoring_system epss
scoring_elements 0.38407
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-40898
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40898
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40898
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wheel/PYSEC-2022-43017.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wheel/PYSEC-2022-43017.yaml
5
reference_url https://github.com/pypa/wheel
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/wheel
6
reference_url https://github.com/pypa/wheel/blob/main/src/wheel/wheelfile.py#L18
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:53:45Z/
url https://github.com/pypa/wheel/blob/main/src/wheel/wheelfile.py#L18
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-40898
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-40898
8
reference_url https://pypi.org/project/wheel
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/wheel
9
reference_url https://pypi.org/project/wheel/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:53:45Z/
url https://pypi.org/project/wheel/
10
reference_url https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
11
reference_url https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:53:45Z/
url https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/
12
reference_url https://pyup.io/vulnerabilities/CVE-2022-40898/51499
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pyup.io/vulnerabilities/CVE-2022-40898/51499
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2165864
reference_id 2165864
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2165864
14
reference_url https://github.com/advisories/GHSA-qwmp-2cf2-g9g6
reference_id GHSA-qwmp-2cf2-g9g6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qwmp-2cf2-g9g6
15
reference_url https://access.redhat.com/errata/RHSA-2023:6712
reference_id RHSA-2023:6712
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6712
16
reference_url https://access.redhat.com/errata/RHSA-2023:6793
reference_id RHSA-2023:6793
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6793
17
reference_url https://access.redhat.com/errata/RHSA-2024:10761
reference_id RHSA-2024:10761
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10761
18
reference_url https://usn.ubuntu.com/5821-1/
reference_id USN-5821-1
reference_type
scores
url https://usn.ubuntu.com/5821-1/
19
reference_url https://usn.ubuntu.com/5821-3/
reference_id USN-5821-3
reference_type
scores
url https://usn.ubuntu.com/5821-3/
20
reference_url https://usn.ubuntu.com/USN-5821-2/
reference_id USN-USN-5821-2
reference_type
scores
url https://usn.ubuntu.com/USN-5821-2/
fixed_packages
aliases CVE-2022-40898, GHSA-qwmp-2cf2-g9g6, PYSEC-2022-43017
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-12sa-qzjz-2ya9
1
url VCID-61xa-2pun-n3c9
vulnerability_id VCID-61xa-2pun-n3c9
summary 
Connection confusion in gRPC
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32731.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32731.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32731
reference_id
reference_type
scores
0
value 0.0007
scoring_system epss
scoring_elements 0.21629
published_at 2026-04-04T12:55:00Z
1
value 0.0007
scoring_system epss
scoring_elements 0.21571
published_at 2026-04-02T12:55:00Z
2
value 0.00075
scoring_system epss
scoring_elements 0.2233
published_at 2026-04-24T12:55:00Z
3
value 0.00075
scoring_system epss
scoring_elements 0.2247
published_at 2026-04-07T12:55:00Z
4
value 0.00075
scoring_system epss
scoring_elements 0.22552
published_at 2026-04-08T12:55:00Z
5
value 0.00075
scoring_system epss
scoring_elements 0.22606
published_at 2026-04-09T12:55:00Z
6
value 0.00075
scoring_system epss
scoring_elements 0.22622
published_at 2026-04-11T12:55:00Z
7
value 0.00075
scoring_system epss
scoring_elements 0.22581
published_at 2026-04-12T12:55:00Z
8
value 0.00075
scoring_system epss
scoring_elements 0.22527
published_at 2026-04-13T12:55:00Z
9
value 0.00075
scoring_system epss
scoring_elements 0.2254
published_at 2026-04-16T12:55:00Z
10
value 0.00075
scoring_system epss
scoring_elements 0.22535
published_at 2026-04-18T12:55:00Z
11
value 0.00075
scoring_system epss
scoring_elements 0.22485
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32731
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/grpc/grpc/commit/29d8beee0ac2555773b2a2dda5601c74a95d6c10
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/grpc/grpc/commit/29d8beee0ac2555773b2a2dda5601c74a95d6c10
4
reference_url https://github.com/grpc/grpc/commit/65a2a895afaf1d2072447b9baf246374b182a946
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/grpc/grpc/commit/65a2a895afaf1d2072447b9baf246374b182a946
5
reference_url https://github.com/grpc/grpc/issues/33463
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/grpc/grpc/issues/33463
6
reference_url https://github.com/grpc/grpc/pull/32309
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:07:16Z/
url https://github.com/grpc/grpc/pull/32309
7
reference_url https://github.com/grpc/grpc/pull/33005
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:07:16Z/
url https://github.com/grpc/grpc/pull/33005
8
reference_url https://github.com/grpc/grpc/releases/tag/v1.53.1
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/grpc/grpc/releases/tag/v1.53.1
9
reference_url https://github.com/grpc/grpc/releases/tag/v1.54.2
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/grpc/grpc/releases/tag/v1.54.2
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2214463
reference_id 2214463
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2214463
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32731
reference_id CVE-2023-32731
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32731
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-32731.yml
reference_id CVE-2023-32731.YML
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-32731.yml
13
reference_url https://github.com/advisories/GHSA-cfgp-2977-2fmm
reference_id GHSA-cfgp-2977-2fmm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cfgp-2977-2fmm
14
reference_url https://access.redhat.com/errata/RHSA-2024:10761
reference_id RHSA-2024:10761
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10761
fixed_packages
aliases CVE-2023-32731, GHSA-cfgp-2977-2fmm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-61xa-2pun-n3c9
2
url VCID-9rmn-3anf-fqcm
vulnerability_id VCID-9rmn-3anf-fqcm
summary 
Excessive Iteration in gRPC
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks:

- Unbounded memory buffering in the HPACK parser
- Unbounded CPU consumption in the HPACK parser

The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.

The unbounded memory buffering bugs:

- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.
- HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse.
- gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33953.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33953.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33953
reference_id
reference_type
scores
0
value 0.00116
scoring_system epss
scoring_elements 0.30187
published_at 2026-04-24T12:55:00Z
1
value 0.00116
scoring_system epss
scoring_elements 0.30353
published_at 2026-04-08T12:55:00Z
2
value 0.00116
scoring_system epss
scoring_elements 0.30345
published_at 2026-04-12T12:55:00Z
3
value 0.00116
scoring_system epss
scoring_elements 0.30389
published_at 2026-04-11T12:55:00Z
4
value 0.00116
scoring_system epss
scoring_elements 0.30438
published_at 2026-04-02T12:55:00Z
5
value 0.00116
scoring_system epss
scoring_elements 0.30484
published_at 2026-04-04T12:55:00Z
6
value 0.00116
scoring_system epss
scoring_elements 0.30294
published_at 2026-04-07T12:55:00Z
7
value 0.00116
scoring_system epss
scoring_elements 0.30387
published_at 2026-04-09T12:55:00Z
8
value 0.00116
scoring_system epss
scoring_elements 0.30252
published_at 2026-04-21T12:55:00Z
9
value 0.00116
scoring_system epss
scoring_elements 0.30297
published_at 2026-04-18T12:55:00Z
10
value 0.00116
scoring_system epss
scoring_elements 0.30314
published_at 2026-04-16T12:55:00Z
11
value 0.00116
scoring_system epss
scoring_elements 0.30298
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33953
2
reference_url https://cloud.google.com/support/bulletins#gcp-2023-022
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:54:21Z/
url https://cloud.google.com/support/bulletins#gcp-2023-022
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33953
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33953
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://security.snyk.io/vuln/SNYK-RUBY-GRPC-5834442
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-RUBY-GRPC-5834442
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059279
reference_id 1059279
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059279
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2230890
reference_id 2230890
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2230890
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33953
reference_id CVE-2023-33953
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33953
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-33953.yml
reference_id CVE-2023-33953.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-33953.yml
10
reference_url https://github.com/advisories/GHSA-496j-2rq6-j6cc
reference_id GHSA-496j-2rq6-j6cc
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-496j-2rq6-j6cc
11
reference_url https://access.redhat.com/errata/RHSA-2024:10761
reference_id RHSA-2024:10761
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10761
fixed_packages
aliases CVE-2023-33953, GHSA-496j-2rq6-j6cc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9rmn-3anf-fqcm
3
url VCID-qatb-my8j-b3hr
vulnerability_id VCID-qatb-my8j-b3hr
summary 
gRPC Reachable Assertion issue
There exists an vulnerability causing an abort() to be called in gRPC.
The following headers cause gRPC's C++ implementation to abort() when called via http2:

te: x (x != trailers)

:scheme: x (x != http, https)

grpclb_client_stats: x (x == anything)

On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1428.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1428.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1428
reference_id
reference_type
scores
0
value 0.00073
scoring_system epss
scoring_elements 0.2234
published_at 2026-04-04T12:55:00Z
1
value 0.00073
scoring_system epss
scoring_elements 0.22296
published_at 2026-04-02T12:55:00Z
2
value 0.00078
scoring_system epss
scoring_elements 0.23029
published_at 2026-04-24T12:55:00Z
3
value 0.00078
scoring_system epss
scoring_elements 0.23183
published_at 2026-04-07T12:55:00Z
4
value 0.00078
scoring_system epss
scoring_elements 0.23257
published_at 2026-04-08T12:55:00Z
5
value 0.00078
scoring_system epss
scoring_elements 0.23307
published_at 2026-04-09T12:55:00Z
6
value 0.00078
scoring_system epss
scoring_elements 0.23328
published_at 2026-04-11T12:55:00Z
7
value 0.00078
scoring_system epss
scoring_elements 0.2329
published_at 2026-04-12T12:55:00Z
8
value 0.00078
scoring_system epss
scoring_elements 0.23233
published_at 2026-04-13T12:55:00Z
9
value 0.00078
scoring_system epss
scoring_elements 0.23249
published_at 2026-04-16T12:55:00Z
10
value 0.00078
scoring_system epss
scoring_elements 0.23241
published_at 2026-04-18T12:55:00Z
11
value 0.00078
scoring_system epss
scoring_elements 0.23221
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1428
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/grpc/grpc/commit/2485fa94bd8a723e5c977d55a3ce10b301b437f8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T18:57:29Z/
url https://github.com/grpc/grpc/commit/2485fa94bd8a723e5c977d55a3ce10b301b437f8
4
reference_url https://github.com/grpc/grpc/issues/33463
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/grpc/grpc/issues/33463
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2214473
reference_id 2214473
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2214473
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1428
reference_id CVE-2023-1428
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1428
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-1428.yml
reference_id CVE-2023-1428.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-1428.yml
8
reference_url https://github.com/advisories/GHSA-6628-q6j9-w8vg
reference_id GHSA-6628-q6j9-w8vg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6628-q6j9-w8vg
9
reference_url https://access.redhat.com/errata/RHSA-2024:10761
reference_id RHSA-2024:10761
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10761
fixed_packages
aliases CVE-2023-1428, GHSA-6628-q6j9-w8vg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qatb-my8j-b3hr
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rhc-worker-playbook@0.1.10-1%3Farch=el9_5