Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/httpd24-httpd@2.4.34-23.el7?arch=1

Type rpm

Namespace redhat

Name httpd24-httpd

Version 2.4.34-23.el7

Qualifiers

arch	1

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-xwnu-h1xh-3bg6

vulnerability_id

VCID-xwnu-h1xh-3bg6

summary

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts).
The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one.

This issue affects Apache HTTP Server 2.4.51 and earlier.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44790.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44790.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44790

reference_id

reference_type

scores

value	0.86011
scoring_system	epss
scoring_elements	0.99396
published_at	2026-04-26T12:55:00Z

value	0.86011
scoring_system	epss
scoring_elements	0.99393
published_at	2026-04-13T12:55:00Z

value	0.86011
scoring_system	epss
scoring_elements	0.99395
published_at	2026-04-24T12:55:00Z

value	0.86011
scoring_system	epss
scoring_elements	0.99394
published_at	2026-04-21T12:55:00Z

value	0.86227
scoring_system	epss
scoring_elements	0.99407
published_at	2026-04-29T12:55:00Z

value	0.87092
scoring_system	epss
scoring_elements	0.99441
published_at	2026-04-09T12:55:00Z

value	0.87092
scoring_system	epss
scoring_elements	0.99438
published_at	2026-04-01T12:55:00Z

value	0.87092
scoring_system	epss
scoring_elements	0.99437
published_at	2026-04-02T12:55:00Z

value	0.87092
scoring_system	epss
scoring_elements	0.99439
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2034674
reference_id	2034674
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2034674

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/51193.py
reference_id	CVE-2021-44790
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/51193.py

reference_url

https://httpd.apache.org/security/json/CVE-2021-44790.json

reference_id

CVE-2021-44790

reference_type

scores

value	important
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-44790.json

reference_url	https://security.gentoo.org/glsa/202208-20
reference_id	GLSA-202208-20
reference_type
scores
url	https://security.gentoo.org/glsa/202208-20

reference_url	https://access.redhat.com/errata/RHSA-2022:0143
reference_id	RHSA-2022:0143
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0143

reference_url	https://access.redhat.com/errata/RHSA-2022:0258
reference_id	RHSA-2022:0258
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0258

reference_url	https://access.redhat.com/errata/RHSA-2022:0288
reference_id	RHSA-2022:0288
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0288

reference_url	https://access.redhat.com/errata/RHSA-2022:0303
reference_id	RHSA-2022:0303
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0303

reference_url	https://access.redhat.com/errata/RHSA-2022:1136
reference_id	RHSA-2022:1136
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1136

reference_url	https://access.redhat.com/errata/RHSA-2022:1137
reference_id	RHSA-2022:1137
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1137

reference_url	https://access.redhat.com/errata/RHSA-2022:1138
reference_id	RHSA-2022:1138
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1138

reference_url	https://access.redhat.com/errata/RHSA-2022:1139
reference_id	RHSA-2022:1139
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1139

reference_url	https://usn.ubuntu.com/5212-1/
reference_id	USN-5212-1
reference_type
scores
url	https://usn.ubuntu.com/5212-1/

reference_url	https://usn.ubuntu.com/5212-2/
reference_id	USN-5212-2
reference_type
scores
url	https://usn.ubuntu.com/5212-2/

fixed_packages

aliases

CVE-2021-44790

risk_score

10.0

exploitability

2.0

weighted_severity

8.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-xwnu-h1xh-3bg6

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/httpd24-httpd@2.4.34-23.el7%3Farch=1

Package Instance