Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/python-werkzeug@1.0.1-3?arch=el8ost
Typerpm
Namespaceredhat
Namepython-werkzeug
Version1.0.1-3
Qualifiers
arch el8ost
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-qn4r-71h3-sbgb
vulnerability_id VCID-qn4r-71h3-sbgb
summary Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25577.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25577.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25577
reference_id
reference_type
scores
0
value 0.00366
scoring_system epss
scoring_elements 0.58604
published_at 2026-04-26T12:55:00Z
1
value 0.00366
scoring_system epss
scoring_elements 0.58592
published_at 2026-04-24T12:55:00Z
2
value 0.00366
scoring_system epss
scoring_elements 0.58624
published_at 2026-04-21T12:55:00Z
3
value 0.00366
scoring_system epss
scoring_elements 0.58647
published_at 2026-04-18T12:55:00Z
4
value 0.00366
scoring_system epss
scoring_elements 0.58642
published_at 2026-04-16T12:55:00Z
5
value 0.00366
scoring_system epss
scoring_elements 0.58609
published_at 2026-04-13T12:55:00Z
6
value 0.00366
scoring_system epss
scoring_elements 0.58629
published_at 2026-04-12T12:55:00Z
7
value 0.00366
scoring_system epss
scoring_elements 0.58648
published_at 2026-04-11T12:55:00Z
8
value 0.00366
scoring_system epss
scoring_elements 0.58632
published_at 2026-04-09T12:55:00Z
9
value 0.00366
scoring_system epss
scoring_elements 0.58625
published_at 2026-04-08T12:55:00Z
10
value 0.00366
scoring_system epss
scoring_elements 0.58573
published_at 2026-04-07T12:55:00Z
11
value 0.00366
scoring_system epss
scoring_elements 0.58603
published_at 2026-04-04T12:55:00Z
12
value 0.00366
scoring_system epss
scoring_elements 0.58583
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25577
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23934
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23934
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25577
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/pallets/werkzeug
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug
6
reference_url https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1
7
reference_url https://github.com/pallets/werkzeug/releases/tag/2.2.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://github.com/pallets/werkzeug/releases/tag/2.2.3
8
reference_url https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-58.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-58.yaml
10
reference_url https://security.netapp.com/advisory/ntap-20230818-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230818-0003
11
reference_url https://www.debian.org/security/2023/dsa-5470
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://www.debian.org/security/2023/dsa-5470
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031370
reference_id 1031370
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031370
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2170242
reference_id 2170242
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2170242
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25577
reference_id CVE-2023-25577
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25577
15
reference_url https://github.com/advisories/GHSA-xg9f-g7g7-2323
reference_id GHSA-xg9f-g7g7-2323
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xg9f-g7g7-2323
16
reference_url https://security.netapp.com/advisory/ntap-20230818-0003/
reference_id ntap-20230818-0003
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://security.netapp.com/advisory/ntap-20230818-0003/
17
reference_url https://access.redhat.com/errata/RHSA-2023:1018
reference_id RHSA-2023:1018
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1018
18
reference_url https://access.redhat.com/errata/RHSA-2023:1281
reference_id RHSA-2023:1281
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1281
19
reference_url https://access.redhat.com/errata/RHSA-2023:1325
reference_id RHSA-2023:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1325
20
reference_url https://access.redhat.com/errata/RHSA-2023:7341
reference_id RHSA-2023:7341
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7341
21
reference_url https://access.redhat.com/errata/RHSA-2023:7473
reference_id RHSA-2023:7473
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7473
22
reference_url https://access.redhat.com/errata/RHSA-2025:4664
reference_id RHSA-2025:4664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4664
23
reference_url https://access.redhat.com/errata/RHSA-2025:9775
reference_id RHSA-2025:9775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9775
24
reference_url https://usn.ubuntu.com/5948-1/
reference_id USN-5948-1
reference_type
scores
url https://usn.ubuntu.com/5948-1/
25
reference_url https://usn.ubuntu.com/5948-2/
reference_id USN-5948-2
reference_type
scores
url https://usn.ubuntu.com/5948-2/
fixed_packages
aliases CVE-2023-25577, GHSA-xg9f-g7g7-2323, PYSEC-2023-58
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qn4r-71h3-sbgb
1
url VCID-x63z-bjr8-j7d7
vulnerability_id VCID-x63z-bjr8-j7d7
summary A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2996.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2996.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2996
reference_id
reference_type
scores
0
value 0.00231
scoring_system epss
scoring_elements 0.45891
published_at 2026-04-26T12:55:00Z
1
value 0.00231
scoring_system epss
scoring_elements 0.45915
published_at 2026-04-02T12:55:00Z
2
value 0.00231
scoring_system epss
scoring_elements 0.45936
published_at 2026-04-04T12:55:00Z
3
value 0.00231
scoring_system epss
scoring_elements 0.45884
published_at 2026-04-07T12:55:00Z
4
value 0.00231
scoring_system epss
scoring_elements 0.4594
published_at 2026-04-08T12:55:00Z
5
value 0.00231
scoring_system epss
scoring_elements 0.45937
published_at 2026-04-09T12:55:00Z
6
value 0.00231
scoring_system epss
scoring_elements 0.4596
published_at 2026-04-11T12:55:00Z
7
value 0.00231
scoring_system epss
scoring_elements 0.45931
published_at 2026-04-12T12:55:00Z
8
value 0.00231
scoring_system epss
scoring_elements 0.45939
published_at 2026-04-13T12:55:00Z
9
value 0.00231
scoring_system epss
scoring_elements 0.4599
published_at 2026-04-16T12:55:00Z
10
value 0.00231
scoring_system epss
scoring_elements 0.45986
published_at 2026-04-18T12:55:00Z
11
value 0.00231
scoring_system epss
scoring_elements 0.45932
published_at 2026-04-21T12:55:00Z
12
value 0.00231
scoring_system epss
scoring_elements 0.45881
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2996
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2996
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2996
3
reference_url https://github.com/openstack-archive/python-scciclient
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/openstack-archive/python-scciclient
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/python-scciclient/PYSEC-2022-43152.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/python-scciclient/PYSEC-2022-43152.yaml
5
reference_url https://lists.debian.org/debian-lts-announce/2022/11/msg00006.html
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/11/msg00006.html
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2996
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2996
7
reference_url https://opendev.org/x/python-scciclient/commit/274dca0344b65b4ac113d3271d21c17e970a636c
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://opendev.org/x/python-scciclient/commit/274dca0344b65b4ac113d3271d21c17e970a636c
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018213
reference_id 1018213
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018213
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2115122
reference_id 2115122
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2115122
10
reference_url https://github.com/advisories/GHSA-rf3f-3p37-2qh4
reference_id GHSA-rf3f-3p37-2qh4
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rf3f-3p37-2qh4
11
reference_url https://access.redhat.com/errata/RHSA-2022:7398
reference_id RHSA-2022:7398
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7398
12
reference_url https://access.redhat.com/errata/RHSA-2022:8854
reference_id RHSA-2022:8854
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8854
13
reference_url https://access.redhat.com/errata/RHSA-2022:8868
reference_id RHSA-2022:8868
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8868
14
reference_url https://access.redhat.com/errata/RHSA-2023:0276
reference_id RHSA-2023:0276
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0276
fixed_packages
aliases CVE-2022-2996, GHSA-rf3f-3p37-2qh4, PYSEC-2022-43152
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x63z-bjr8-j7d7
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-werkzeug@1.0.1-3%3Farch=el8ost