Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/servicemesh@2.0.9-3?arch=el8
Typerpm
Namespaceredhat
Nameservicemesh
Version2.0.9-3
Qualifiers
arch el8
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-63v8-dt23-9ue7
vulnerability_id VCID-63v8-dt23-9ue7
summary Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29923.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29923.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29923
reference_id
reference_type
scores
0
value 0.00254
scoring_system epss
scoring_elements 0.48625
published_at 2026-04-01T12:55:00Z
1
value 0.00254
scoring_system epss
scoring_elements 0.48641
published_at 2026-04-29T12:55:00Z
2
value 0.00254
scoring_system epss
scoring_elements 0.48681
published_at 2026-04-24T12:55:00Z
3
value 0.00254
scoring_system epss
scoring_elements 0.48691
published_at 2026-04-26T12:55:00Z
4
value 0.00254
scoring_system epss
scoring_elements 0.48666
published_at 2026-04-02T12:55:00Z
5
value 0.00254
scoring_system epss
scoring_elements 0.48687
published_at 2026-04-04T12:55:00Z
6
value 0.00254
scoring_system epss
scoring_elements 0.4864
published_at 2026-04-07T12:55:00Z
7
value 0.00254
scoring_system epss
scoring_elements 0.48694
published_at 2026-04-13T12:55:00Z
8
value 0.00254
scoring_system epss
scoring_elements 0.4869
published_at 2026-04-09T12:55:00Z
9
value 0.00254
scoring_system epss
scoring_elements 0.48708
published_at 2026-04-11T12:55:00Z
10
value 0.00254
scoring_system epss
scoring_elements 0.48682
published_at 2026-04-12T12:55:00Z
11
value 0.00254
scoring_system epss
scoring_elements 0.48743
published_at 2026-04-16T12:55:00Z
12
value 0.00254
scoring_system epss
scoring_elements 0.48739
published_at 2026-04-18T12:55:00Z
13
value 0.00254
scoring_system epss
scoring_elements 0.48696
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29923
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29923
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29923
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1992006
reference_id 1992006
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1992006
5
reference_url https://security.archlinux.org/AVG-1357
reference_id AVG-1357
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1357
6
reference_url https://security.gentoo.org/glsa/202208-02
reference_id GLSA-202208-02
reference_type
scores
url https://security.gentoo.org/glsa/202208-02
7
reference_url https://access.redhat.com/errata/RHSA-2021:3431
reference_id RHSA-2021:3431
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3431
8
reference_url https://access.redhat.com/errata/RHSA-2021:3585
reference_id RHSA-2021:3585
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3585
9
reference_url https://access.redhat.com/errata/RHSA-2021:4722
reference_id RHSA-2021:4722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4722
10
reference_url https://access.redhat.com/errata/RHSA-2021:4725
reference_id RHSA-2021:4725
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4725
11
reference_url https://access.redhat.com/errata/RHSA-2021:4902
reference_id RHSA-2021:4902
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4902
12
reference_url https://access.redhat.com/errata/RHSA-2021:4910
reference_id RHSA-2021:4910
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4910
13
reference_url https://access.redhat.com/errata/RHSA-2022:0237
reference_id RHSA-2022:0237
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0237
14
reference_url https://access.redhat.com/errata/RHSA-2022:0260
reference_id RHSA-2022:0260
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0260
15
reference_url https://access.redhat.com/errata/RHSA-2022:0431
reference_id RHSA-2022:0431
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0431
16
reference_url https://access.redhat.com/errata/RHSA-2022:0432
reference_id RHSA-2022:0432
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0432
17
reference_url https://access.redhat.com/errata/RHSA-2022:0434
reference_id RHSA-2022:0434
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0434
18
reference_url https://access.redhat.com/errata/RHSA-2022:0557
reference_id RHSA-2022:0557
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0557
19
reference_url https://access.redhat.com/errata/RHSA-2022:0561
reference_id RHSA-2022:0561
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0561
20
reference_url https://access.redhat.com/errata/RHSA-2022:0577
reference_id RHSA-2022:0577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0577
21
reference_url https://access.redhat.com/errata/RHSA-2022:0988
reference_id RHSA-2022:0988
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0988
22
reference_url https://access.redhat.com/errata/RHSA-2022:0989
reference_id RHSA-2022:0989
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0989
23
reference_url https://access.redhat.com/errata/RHSA-2022:0997
reference_id RHSA-2022:0997
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0997
24
reference_url https://access.redhat.com/errata/RHSA-2022:0998
reference_id RHSA-2022:0998
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0998
25
reference_url https://access.redhat.com/errata/RHSA-2022:1276
reference_id RHSA-2022:1276
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1276
26
reference_url https://access.redhat.com/errata/RHSA-2022:1372
reference_id RHSA-2022:1372
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1372
fixed_packages
aliases CVE-2021-29923
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-63v8-dt23-9ue7
1
url VCID-ad5y-3exv-y7bq
vulnerability_id VCID-ad5y-3exv-y7bq
summary istio: Unauthenticated control plane denial of service attack due to stack exhaustion
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24726.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24726.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24726
reference_id
reference_type
scores
0
value 0.0041
scoring_system epss
scoring_elements 0.61288
published_at 2026-04-02T12:55:00Z
1
value 0.0041
scoring_system epss
scoring_elements 0.61355
published_at 2026-04-29T12:55:00Z
2
value 0.0041
scoring_system epss
scoring_elements 0.61335
published_at 2026-04-13T12:55:00Z
3
value 0.0041
scoring_system epss
scoring_elements 0.61374
published_at 2026-04-16T12:55:00Z
4
value 0.0041
scoring_system epss
scoring_elements 0.61378
published_at 2026-04-18T12:55:00Z
5
value 0.0041
scoring_system epss
scoring_elements 0.61358
published_at 2026-04-21T12:55:00Z
6
value 0.0041
scoring_system epss
scoring_elements 0.61347
published_at 2026-04-24T12:55:00Z
7
value 0.0041
scoring_system epss
scoring_elements 0.61362
published_at 2026-04-26T12:55:00Z
8
value 0.0041
scoring_system epss
scoring_elements 0.61317
published_at 2026-04-04T12:55:00Z
9
value 0.0041
scoring_system epss
scoring_elements 0.61285
published_at 2026-04-07T12:55:00Z
10
value 0.0041
scoring_system epss
scoring_elements 0.61333
published_at 2026-04-08T12:55:00Z
11
value 0.0041
scoring_system epss
scoring_elements 0.61348
published_at 2026-04-09T12:55:00Z
12
value 0.0041
scoring_system epss
scoring_elements 0.61368
published_at 2026-04-11T12:55:00Z
13
value 0.0041
scoring_system epss
scoring_elements 0.61354
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24726
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2061638
reference_id 2061638
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2061638
3
reference_url https://github.com/golang/go/issues/51112
reference_id 51112
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/
url https://github.com/golang/go/issues/51112
4
reference_url https://github.com/istio/istio/commit/6ca5055a4db6695ef5504eabdfde3799f2ea91fd
reference_id 6ca5055a4db6695ef5504eabdfde3799f2ea91fd
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/
url https://github.com/istio/istio/commit/6ca5055a4db6695ef5504eabdfde3799f2ea91fd
5
reference_url https://github.com/istio/istio/security/advisories/GHSA-8w5h-qr4r-2h6g
reference_id GHSA-8w5h-qr4r-2h6g
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/
url https://github.com/istio/istio/security/advisories/GHSA-8w5h-qr4r-2h6g
6
reference_url https://access.redhat.com/errata/RHSA-2022:1275
reference_id RHSA-2022:1275
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1275
7
reference_url https://access.redhat.com/errata/RHSA-2022:1276
reference_id RHSA-2022:1276
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1276
fixed_packages
aliases CVE-2022-24726
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ad5y-3exv-y7bq
2
url VCID-esea-tj2b-h7ey
vulnerability_id VCID-esea-tj2b-h7ey
summary 
github.com/ulikunitz/xz fixes readUvarint Denial of Service (DoS)
### Impact

xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input.

### Patches

The problem has been fixed in release v0.5.8.

### Workarounds

Limit the size of the compressed file input to a reasonable size for your use case.

### References

The standard library had recently the same issue and got the [CVE-2020-16845](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16845) allocated.

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [xz](https://github.com/ulikunitz/xz/issues).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29482.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29482.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29482
reference_id
reference_type
scores
0
value 0.00433
scoring_system epss
scoring_elements 0.62789
published_at 2026-04-29T12:55:00Z
1
value 0.00433
scoring_system epss
scoring_elements 0.62712
published_at 2026-04-04T12:55:00Z
2
value 0.00433
scoring_system epss
scoring_elements 0.62676
published_at 2026-04-07T12:55:00Z
3
value 0.00433
scoring_system epss
scoring_elements 0.62728
published_at 2026-04-13T12:55:00Z
4
value 0.00433
scoring_system epss
scoring_elements 0.62744
published_at 2026-04-09T12:55:00Z
5
value 0.00433
scoring_system epss
scoring_elements 0.62762
published_at 2026-04-11T12:55:00Z
6
value 0.00433
scoring_system epss
scoring_elements 0.62752
published_at 2026-04-12T12:55:00Z
7
value 0.00433
scoring_system epss
scoring_elements 0.62769
published_at 2026-04-16T12:55:00Z
8
value 0.00433
scoring_system epss
scoring_elements 0.62777
published_at 2026-04-18T12:55:00Z
9
value 0.00433
scoring_system epss
scoring_elements 0.62758
published_at 2026-04-21T12:55:00Z
10
value 0.00433
scoring_system epss
scoring_elements 0.62773
published_at 2026-04-24T12:55:00Z
11
value 0.00433
scoring_system epss
scoring_elements 0.62621
published_at 2026-04-01T12:55:00Z
12
value 0.00433
scoring_system epss
scoring_elements 0.62679
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29482
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29482
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29482
3
reference_url https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b
4
reference_url https://github.com/ulikunitz/xz/issues/35
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ulikunitz/xz/issues/35
5
reference_url https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29482
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29482
7
reference_url https://pkg.go.dev/vuln/GO-2020-0016
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2020-0016
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1954368
reference_id 1954368
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1954368
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988243
reference_id 988243
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988243
10
reference_url https://access.redhat.com/errata/RHSA-2021:2920
reference_id RHSA-2021:2920
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2920
11
reference_url https://access.redhat.com/errata/RHSA-2022:0687
reference_id RHSA-2022:0687
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0687
12
reference_url https://access.redhat.com/errata/RHSA-2022:1276
reference_id RHSA-2022:1276
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1276
13
reference_url https://access.redhat.com/errata/RHSA-2022:2183
reference_id RHSA-2022:2183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2183
fixed_packages
aliases CVE-2021-29482, GHSA-25xm-hr59-7c27
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-esea-tj2b-h7ey
3
url VCID-hvfd-h9rm-jkbw
vulnerability_id VCID-hvfd-h9rm-jkbw
summary golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28852.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28852.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28852
reference_id
reference_type
scores
0
value 0.00107
scoring_system epss
scoring_elements 0.28995
published_at 2026-04-01T12:55:00Z
1
value 0.00107
scoring_system epss
scoring_elements 0.29072
published_at 2026-04-02T12:55:00Z
2
value 0.00107
scoring_system epss
scoring_elements 0.29123
published_at 2026-04-04T12:55:00Z
3
value 0.00107
scoring_system epss
scoring_elements 0.28934
published_at 2026-04-07T12:55:00Z
4
value 0.00107
scoring_system epss
scoring_elements 0.28999
published_at 2026-04-08T12:55:00Z
5
value 0.00107
scoring_system epss
scoring_elements 0.29042
published_at 2026-04-09T12:55:00Z
6
value 0.00107
scoring_system epss
scoring_elements 0.29046
published_at 2026-04-11T12:55:00Z
7
value 0.00107
scoring_system epss
scoring_elements 0.29001
published_at 2026-04-12T12:55:00Z
8
value 0.00107
scoring_system epss
scoring_elements 0.28952
published_at 2026-04-13T12:55:00Z
9
value 0.00107
scoring_system epss
scoring_elements 0.28976
published_at 2026-04-16T12:55:00Z
10
value 0.00107
scoring_system epss
scoring_elements 0.28954
published_at 2026-04-18T12:55:00Z
11
value 0.00107
scoring_system epss
scoring_elements 0.28908
published_at 2026-04-21T12:55:00Z
12
value 0.00107
scoring_system epss
scoring_elements 0.28787
published_at 2026-04-24T12:55:00Z
13
value 0.00107
scoring_system epss
scoring_elements 0.28676
published_at 2026-04-26T12:55:00Z
14
value 0.00107
scoring_system epss
scoring_elements 0.28607
published_at 2026-04-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28852
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1913338
reference_id 1913338
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1913338
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980002
reference_id 980002
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980002
6
reference_url https://access.redhat.com/errata/RHSA-2021:2438
reference_id RHSA-2021:2438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2438
7
reference_url https://access.redhat.com/errata/RHSA-2022:0577
reference_id RHSA-2022:0577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0577
8
reference_url https://access.redhat.com/errata/RHSA-2022:1276
reference_id RHSA-2022:1276
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1276
9
reference_url https://access.redhat.com/errata/RHSA-2022:7129
reference_id RHSA-2022:7129
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7129
10
reference_url https://access.redhat.com/errata/RHSA-2022:7954
reference_id RHSA-2022:7954
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7954
11
reference_url https://usn.ubuntu.com/5873-1/
reference_id USN-5873-1
reference_type
scores
url https://usn.ubuntu.com/5873-1/
fixed_packages
aliases CVE-2020-28852
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hvfd-h9rm-jkbw
4
url VCID-qn4v-xah4-fya7
vulnerability_id VCID-qn4v-xah4-fya7
summary Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36221.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36221.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36221
reference_id
reference_type
scores
0
value 0.00231
scoring_system epss
scoring_elements 0.45869
published_at 2026-04-01T12:55:00Z
1
value 0.00231
scoring_system epss
scoring_elements 0.45916
published_at 2026-04-02T12:55:00Z
2
value 0.00231
scoring_system epss
scoring_elements 0.45937
published_at 2026-04-04T12:55:00Z
3
value 0.00231
scoring_system epss
scoring_elements 0.45885
published_at 2026-04-07T12:55:00Z
4
value 0.00231
scoring_system epss
scoring_elements 0.45941
published_at 2026-04-08T12:55:00Z
5
value 0.00231
scoring_system epss
scoring_elements 0.45938
published_at 2026-04-09T12:55:00Z
6
value 0.00231
scoring_system epss
scoring_elements 0.45961
published_at 2026-04-11T12:55:00Z
7
value 0.00231
scoring_system epss
scoring_elements 0.45932
published_at 2026-04-21T12:55:00Z
8
value 0.00231
scoring_system epss
scoring_elements 0.45939
published_at 2026-04-13T12:55:00Z
9
value 0.00231
scoring_system epss
scoring_elements 0.45991
published_at 2026-04-16T12:55:00Z
10
value 0.00231
scoring_system epss
scoring_elements 0.45987
published_at 2026-04-18T12:55:00Z
11
value 0.00231
scoring_system epss
scoring_elements 0.45882
published_at 2026-04-24T12:55:00Z
12
value 0.00231
scoring_system epss
scoring_elements 0.45892
published_at 2026-04-26T12:55:00Z
13
value 0.00231
scoring_system epss
scoring_elements 0.45835
published_at 2026-04-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36221
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36221
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36221
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1995656
reference_id 1995656
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1995656
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991961
reference_id 991961
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991961
5
reference_url https://security.archlinux.org/AVG-2259
reference_id AVG-2259
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2259
6
reference_url https://security.gentoo.org/glsa/202208-02
reference_id GLSA-202208-02
reference_type
scores
url https://security.gentoo.org/glsa/202208-02
7
reference_url https://access.redhat.com/errata/RHSA-2021:4156
reference_id RHSA-2021:4156
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4156
8
reference_url https://access.redhat.com/errata/RHSA-2021:4765
reference_id RHSA-2021:4765
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4765
9
reference_url https://access.redhat.com/errata/RHSA-2021:4766
reference_id RHSA-2021:4766
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4766
10
reference_url https://access.redhat.com/errata/RHSA-2022:0557
reference_id RHSA-2022:0557
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0557
11
reference_url https://access.redhat.com/errata/RHSA-2022:0561
reference_id RHSA-2022:0561
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0561
12
reference_url https://access.redhat.com/errata/RHSA-2022:0577
reference_id RHSA-2022:0577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0577
13
reference_url https://access.redhat.com/errata/RHSA-2022:0855
reference_id RHSA-2022:0855
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0855
14
reference_url https://access.redhat.com/errata/RHSA-2022:1276
reference_id RHSA-2022:1276
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1276
15
reference_url https://access.redhat.com/errata/RHSA-2022:1361
reference_id RHSA-2022:1361
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1361
16
reference_url https://access.redhat.com/errata/RHSA-2022:1372
reference_id RHSA-2022:1372
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1372
17
reference_url https://access.redhat.com/errata/RHSA-2022:1396
reference_id RHSA-2022:1396
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1396
18
reference_url https://access.redhat.com/errata/RHSA-2022:7457
reference_id RHSA-2022:7457
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7457
fixed_packages
aliases CVE-2021-36221
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qn4v-xah4-fya7
5
url VCID-r52s-2crw-tfbx
vulnerability_id VCID-r52s-2crw-tfbx
summary golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28851.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28851.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28851
reference_id
reference_type
scores
0
value 0.00138
scoring_system epss
scoring_elements 0.3356
published_at 2026-04-01T12:55:00Z
1
value 0.00138
scoring_system epss
scoring_elements 0.33894
published_at 2026-04-02T12:55:00Z
2
value 0.00138
scoring_system epss
scoring_elements 0.33926
published_at 2026-04-04T12:55:00Z
3
value 0.00138
scoring_system epss
scoring_elements 0.33779
published_at 2026-04-21T12:55:00Z
4
value 0.00138
scoring_system epss
scoring_elements 0.33822
published_at 2026-04-08T12:55:00Z
5
value 0.00138
scoring_system epss
scoring_elements 0.33855
published_at 2026-04-09T12:55:00Z
6
value 0.00138
scoring_system epss
scoring_elements 0.33853
published_at 2026-04-11T12:55:00Z
7
value 0.00138
scoring_system epss
scoring_elements 0.33811
published_at 2026-04-18T12:55:00Z
8
value 0.00138
scoring_system epss
scoring_elements 0.33787
published_at 2026-04-13T12:55:00Z
9
value 0.00138
scoring_system epss
scoring_elements 0.33825
published_at 2026-04-16T12:55:00Z
10
value 0.00138
scoring_system epss
scoring_elements 0.33412
published_at 2026-04-24T12:55:00Z
11
value 0.00138
scoring_system epss
scoring_elements 0.33393
published_at 2026-04-26T12:55:00Z
12
value 0.00138
scoring_system epss
scoring_elements 0.33311
published_at 2026-04-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28851
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1913333
reference_id 1913333
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1913333
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980001
reference_id 980001
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980001
6
reference_url https://access.redhat.com/errata/RHSA-2022:0577
reference_id RHSA-2022:0577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0577
7
reference_url https://access.redhat.com/errata/RHSA-2022:1276
reference_id RHSA-2022:1276
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1276
8
reference_url https://access.redhat.com/errata/RHSA-2022:1762
reference_id RHSA-2022:1762
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1762
9
reference_url https://access.redhat.com/errata/RHSA-2022:7129
reference_id RHSA-2022:7129
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7129
10
reference_url https://access.redhat.com/errata/RHSA-2022:7954
reference_id RHSA-2022:7954
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7954
11
reference_url https://usn.ubuntu.com/5873-1/
reference_id USN-5873-1
reference_type
scores
url https://usn.ubuntu.com/5873-1/
fixed_packages
aliases CVE-2020-28851
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r52s-2crw-tfbx
6
url VCID-xref-9byg-nkdw
vulnerability_id VCID-xref-9byg-nkdw
summary 
Unauthenticated control plane denial of service attack in Istio
### Impact
The Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker.

For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet.

### Patches

- Istio 1.13.1 and above
- Istio 1.12.4 and above
- Istio 1.11.7 and above

### Workarounds
There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.

### References
More details can be found in the [Istio Security Bulletin](https://istio.io/latest/news/security/istio-security-2022-003)

### For more information
If you have any questions or comments about this advisory, please email us at [istio-security-vulnerability-reports@googlegroups.com](mailto:istio-security-vulnerability-reports@googlegroups.com)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23635.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23635.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23635
reference_id
reference_type
scores
0
value 0.00679
scoring_system epss
scoring_elements 0.71653
published_at 2026-04-29T12:55:00Z
1
value 0.00679
scoring_system epss
scoring_elements 0.71648
published_at 2026-04-26T12:55:00Z
2
value 0.00679
scoring_system epss
scoring_elements 0.71644
published_at 2026-04-24T12:55:00Z
3
value 0.00679
scoring_system epss
scoring_elements 0.71593
published_at 2026-04-21T12:55:00Z
4
value 0.00679
scoring_system epss
scoring_elements 0.71613
published_at 2026-04-18T12:55:00Z
5
value 0.00679
scoring_system epss
scoring_elements 0.71609
published_at 2026-04-16T12:55:00Z
6
value 0.00679
scoring_system epss
scoring_elements 0.71582
published_at 2026-04-12T12:55:00Z
7
value 0.00679
scoring_system epss
scoring_elements 0.71598
published_at 2026-04-11T12:55:00Z
8
value 0.00679
scoring_system epss
scoring_elements 0.71551
published_at 2026-04-04T12:55:00Z
9
value 0.00679
scoring_system epss
scoring_elements 0.71524
published_at 2026-04-07T12:55:00Z
10
value 0.00679
scoring_system epss
scoring_elements 0.71533
published_at 2026-04-02T12:55:00Z
11
value 0.00679
scoring_system epss
scoring_elements 0.71575
published_at 2026-04-09T12:55:00Z
12
value 0.00679
scoring_system epss
scoring_elements 0.71564
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23635
2
reference_url https://github.com/istio/istio
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/istio/istio
3
reference_url https://github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:30Z/
url https://github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84
4
reference_url https://github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:30Z/
url https://github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f
5
reference_url https://istio.io/latest/news/security/istio-security-2022-003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:30Z/
url https://istio.io/latest/news/security/istio-security-2022-003
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23635
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23635
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2057277
reference_id 2057277
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2057277
8
reference_url https://access.redhat.com/errata/RHSA-2022:1275
reference_id RHSA-2022:1275
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1275
9
reference_url https://access.redhat.com/errata/RHSA-2022:1276
reference_id RHSA-2022:1276
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1276
fixed_packages
aliases CVE-2022-23635, GHSA-856q-xv3c-7f2f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xref-9byg-nkdw
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/servicemesh@2.0.9-3%3Farch=el8