Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/jbcs-httpd24-httpd@2.4.51-28?arch=el7jbcs
Typerpm
Namespaceredhat
Namejbcs-httpd24-httpd
Version2.4.51-28
Qualifiers
arch el7jbcs
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-cqjv-6m9n-mfeq
vulnerability_id VCID-cqjv-6m9n-mfeq
summary 
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery).

This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44224.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44224.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-44224
reference_id
reference_type
scores
0
value 0.1096
scoring_system epss
scoring_elements 0.93382
published_at 2026-04-01T12:55:00Z
1
value 0.1096
scoring_system epss
scoring_elements 0.93414
published_at 2026-04-12T12:55:00Z
2
value 0.1096
scoring_system epss
scoring_elements 0.93409
published_at 2026-04-09T12:55:00Z
3
value 0.1096
scoring_system epss
scoring_elements 0.93415
published_at 2026-04-13T12:55:00Z
4
value 0.1096
scoring_system epss
scoring_elements 0.9339
published_at 2026-04-02T12:55:00Z
5
value 0.1096
scoring_system epss
scoring_elements 0.93398
published_at 2026-04-07T12:55:00Z
6
value 0.1096
scoring_system epss
scoring_elements 0.93406
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-44224
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2034672
reference_id 2034672
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2034672
6
reference_url https://httpd.apache.org/security/json/CVE-2021-44224.json
reference_id CVE-2021-44224
reference_type
scores
0
value moderate
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2021-44224.json
7
reference_url https://security.gentoo.org/glsa/202208-20
reference_id GLSA-202208-20
reference_type
scores
url https://security.gentoo.org/glsa/202208-20
8
reference_url https://access.redhat.com/errata/RHSA-2022:1915
reference_id RHSA-2022:1915
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1915
9
reference_url https://access.redhat.com/errata/RHSA-2022:6753
reference_id RHSA-2022:6753
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6753
10
reference_url https://access.redhat.com/errata/RHSA-2022:7143
reference_id RHSA-2022:7143
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7143
11
reference_url https://access.redhat.com/errata/RHSA-2022:7144
reference_id RHSA-2022:7144
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7144
12
reference_url https://usn.ubuntu.com/5212-1/
reference_id USN-5212-1
reference_type
scores
url https://usn.ubuntu.com/5212-1/
13
reference_url https://usn.ubuntu.com/5212-2/
reference_id USN-5212-2
reference_type
scores
url https://usn.ubuntu.com/5212-2/
fixed_packages
aliases CVE-2021-44224
risk_score 3.2
exploitability 0.5
weighted_severity 6.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cqjv-6m9n-mfeq
1
url VCID-db6k-j9mj-e7hy
vulnerability_id VCID-db6k-j9mj-e7hy
summary 
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.

This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33193.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33193.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33193
reference_id
reference_type
scores
0
value 0.00739
scoring_system epss
scoring_elements 0.72839
published_at 2026-04-01T12:55:00Z
1
value 0.00739
scoring_system epss
scoring_elements 0.729
published_at 2026-04-12T12:55:00Z
2
value 0.00739
scoring_system epss
scoring_elements 0.72879
published_at 2026-04-08T12:55:00Z
3
value 0.00739
scoring_system epss
scoring_elements 0.72892
published_at 2026-04-13T12:55:00Z
4
value 0.00739
scoring_system epss
scoring_elements 0.72917
published_at 2026-04-11T12:55:00Z
5
value 0.00739
scoring_system epss
scoring_elements 0.72846
published_at 2026-04-02T12:55:00Z
6
value 0.00739
scoring_system epss
scoring_elements 0.72866
published_at 2026-04-04T12:55:00Z
7
value 0.00739
scoring_system epss
scoring_elements 0.72841
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33193
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1966728
reference_id 1966728
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1966728
5
reference_url https://security.archlinux.org/AVG-2289
reference_id AVG-2289
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2289
6
reference_url https://httpd.apache.org/security/json/CVE-2021-33193.json
reference_id CVE-2021-33193
reference_type
scores
0
value moderate
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2021-33193.json
7
reference_url https://security.gentoo.org/glsa/202208-20
reference_id GLSA-202208-20
reference_type
scores
url https://security.gentoo.org/glsa/202208-20
8
reference_url https://access.redhat.com/errata/RHSA-2022:1915
reference_id RHSA-2022:1915
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1915
9
reference_url https://access.redhat.com/errata/RHSA-2022:6753
reference_id RHSA-2022:6753
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6753
10
reference_url https://access.redhat.com/errata/RHSA-2022:7143
reference_id RHSA-2022:7143
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7143
11
reference_url https://access.redhat.com/errata/RHSA-2022:7144
reference_id RHSA-2022:7144
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7144
12
reference_url https://usn.ubuntu.com/5090-1/
reference_id USN-5090-1
reference_type
scores
url https://usn.ubuntu.com/5090-1/
fixed_packages
aliases CVE-2021-33193
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-db6k-j9mj-e7hy
2
url VCID-hj5r-jms3-x3fe
vulnerability_id VCID-hj5r-jms3-x3fe
summary 
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing,
allowing an external source to DoS the server. This requires a specially crafted request. 

The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41524.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41524.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41524
reference_id
reference_type
scores
0
value 0.07103
scoring_system epss
scoring_elements 0.91488
published_at 2026-04-01T12:55:00Z
1
value 0.07103
scoring_system epss
scoring_elements 0.91533
published_at 2026-04-13T12:55:00Z
2
value 0.07103
scoring_system epss
scoring_elements 0.91534
published_at 2026-04-11T12:55:00Z
3
value 0.07103
scoring_system epss
scoring_elements 0.91535
published_at 2026-04-12T12:55:00Z
4
value 0.07103
scoring_system epss
scoring_elements 0.91495
published_at 2026-04-02T12:55:00Z
5
value 0.07103
scoring_system epss
scoring_elements 0.91502
published_at 2026-04-04T12:55:00Z
6
value 0.07103
scoring_system epss
scoring_elements 0.9151
published_at 2026-04-07T12:55:00Z
7
value 0.07103
scoring_system epss
scoring_elements 0.91523
published_at 2026-04-08T12:55:00Z
8
value 0.07103
scoring_system epss
scoring_elements 0.91529
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41524
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2010934
reference_id 2010934
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2010934
3
reference_url https://security.archlinux.org/AVG-2442
reference_id AVG-2442
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2442
4
reference_url https://httpd.apache.org/security/json/CVE-2021-41524.json
reference_id CVE-2021-41524
reference_type
scores
0
value moderate
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2021-41524.json
5
reference_url https://security.gentoo.org/glsa/202208-20
reference_id GLSA-202208-20
reference_type
scores
url https://security.gentoo.org/glsa/202208-20
6
reference_url https://access.redhat.com/errata/RHSA-2022:7143
reference_id RHSA-2022:7143
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7143
7
reference_url https://access.redhat.com/errata/RHSA-2022:7144
reference_id RHSA-2022:7144
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7144
fixed_packages
aliases CVE-2021-41524
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hj5r-jms3-x3fe
3
url VCID-rdtq-8ng5-53fn
vulnerability_id VCID-rdtq-8ng5-53fn
summary 
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).

This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36160.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36160.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36160
reference_id
reference_type
scores
0
value 0.03716
scoring_system epss
scoring_elements 0.8792
published_at 2026-04-01T12:55:00Z
1
value 0.03716
scoring_system epss
scoring_elements 0.87977
published_at 2026-04-13T12:55:00Z
2
value 0.03716
scoring_system epss
scoring_elements 0.87974
published_at 2026-04-09T12:55:00Z
3
value 0.03716
scoring_system epss
scoring_elements 0.87985
published_at 2026-04-11T12:55:00Z
4
value 0.03716
scoring_system epss
scoring_elements 0.87978
published_at 2026-04-12T12:55:00Z
5
value 0.03716
scoring_system epss
scoring_elements 0.8793
published_at 2026-04-02T12:55:00Z
6
value 0.03716
scoring_system epss
scoring_elements 0.87943
published_at 2026-04-04T12:55:00Z
7
value 0.03716
scoring_system epss
scoring_elements 0.87947
published_at 2026-04-07T12:55:00Z
8
value 0.03716
scoring_system epss
scoring_elements 0.87968
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36160
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2005124
reference_id 2005124
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2005124
8
reference_url https://security.archlinux.org/AVG-2289
reference_id AVG-2289
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2289
9
reference_url https://httpd.apache.org/security/json/CVE-2021-36160.json
reference_id CVE-2021-36160
reference_type
scores
0
value moderate
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2021-36160.json
10
reference_url https://security.gentoo.org/glsa/202208-20
reference_id GLSA-202208-20
reference_type
scores
url https://security.gentoo.org/glsa/202208-20
11
reference_url https://access.redhat.com/errata/RHSA-2022:1915
reference_id RHSA-2022:1915
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1915
12
reference_url https://access.redhat.com/errata/RHSA-2022:6753
reference_id RHSA-2022:6753
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6753
13
reference_url https://access.redhat.com/errata/RHSA-2022:7143
reference_id RHSA-2022:7143
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7143
14
reference_url https://access.redhat.com/errata/RHSA-2022:7144
reference_id RHSA-2022:7144
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7144
15
reference_url https://usn.ubuntu.com/5090-1/
reference_id USN-5090-1
reference_type
scores
url https://usn.ubuntu.com/5090-1/
fixed_packages
aliases CVE-2021-36160
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rdtq-8ng5-53fn
4
url VCID-wrw6-uzz4-rkfb
vulnerability_id VCID-wrw6-uzz4-rkfb
summary 
ap_escape_quotes() may write beyond the end of a buffer when given malicious input.  
No included modules pass untrusted data to these functions, but third-party / external modules may.

This issue affects Apache HTTP Server 2.4.48 and earlier.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39275.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39275.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39275
reference_id
reference_type
scores
0
value 0.37674
scoring_system epss
scoring_elements 0.97171
published_at 2026-04-01T12:55:00Z
1
value 0.37674
scoring_system epss
scoring_elements 0.97199
published_at 2026-04-13T12:55:00Z
2
value 0.37674
scoring_system epss
scoring_elements 0.97193
published_at 2026-04-08T12:55:00Z
3
value 0.37674
scoring_system epss
scoring_elements 0.97194
published_at 2026-04-09T12:55:00Z
4
value 0.37674
scoring_system epss
scoring_elements 0.97198
published_at 2026-04-11T12:55:00Z
5
value 0.37674
scoring_system epss
scoring_elements 0.97177
published_at 2026-04-02T12:55:00Z
6
value 0.37674
scoring_system epss
scoring_elements 0.97183
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39275
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2005119
reference_id 2005119
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2005119
8
reference_url https://security.archlinux.org/AVG-2289
reference_id AVG-2289
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2289
9
reference_url https://httpd.apache.org/security/json/CVE-2021-39275.json
reference_id CVE-2021-39275
reference_type
scores
0
value low
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2021-39275.json
10
reference_url https://security.gentoo.org/glsa/202208-20
reference_id GLSA-202208-20
reference_type
scores
url https://security.gentoo.org/glsa/202208-20
11
reference_url https://access.redhat.com/errata/RHSA-2022:0143
reference_id RHSA-2022:0143
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0143
12
reference_url https://access.redhat.com/errata/RHSA-2022:0891
reference_id RHSA-2022:0891
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0891
13
reference_url https://access.redhat.com/errata/RHSA-2022:6753
reference_id RHSA-2022:6753
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6753
14
reference_url https://access.redhat.com/errata/RHSA-2022:7143
reference_id RHSA-2022:7143
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7143
15
reference_url https://access.redhat.com/errata/RHSA-2022:7144
reference_id RHSA-2022:7144
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7144
16
reference_url https://usn.ubuntu.com/5090-1/
reference_id USN-5090-1
reference_type
scores
url https://usn.ubuntu.com/5090-1/
17
reference_url https://usn.ubuntu.com/5090-2/
reference_id USN-5090-2
reference_type
scores
url https://usn.ubuntu.com/5090-2/
fixed_packages
aliases CVE-2021-39275
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wrw6-uzz4-rkfb
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.51-28%3Farch=el7jbcs