Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-keum-zdsz-s3by

Summary

Allocation of Resources Without Limits or Throttling in Apache Avro
A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro and prior versions. Users should update to which addresses this issue.

Aliases

alias	CVE-2021-43045

alias	GHSA-868x-rg4c-cjqg

Fixed_packages

url pkg:nuget/Apache.Avro@1.11.0

purl pkg:nuget/Apache.Avro@1.11.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yqn-2w2d-3yd3

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Apache.Avro@1.11.0

Affected_packages

url pkg:nuget/Apache.Avro@1.7.7

purl pkg:nuget/Apache.Avro@1.7.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yqn-2w2d-3yd3

vulnerability	VCID-keum-zdsz-s3by

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Apache.Avro@1.7.7

url pkg:nuget/Apache.Avro@1.7.7.1

purl pkg:nuget/Apache.Avro@1.7.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yqn-2w2d-3yd3

vulnerability	VCID-keum-zdsz-s3by

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Apache.Avro@1.7.7.1

url pkg:nuget/Apache.Avro@1.7.7.2

purl pkg:nuget/Apache.Avro@1.7.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yqn-2w2d-3yd3

vulnerability	VCID-keum-zdsz-s3by

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Apache.Avro@1.7.7.2

url pkg:nuget/Apache.Avro@1.9.0-beta001

purl pkg:nuget/Apache.Avro@1.9.0-beta001

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yqn-2w2d-3yd3

vulnerability	VCID-keum-zdsz-s3by

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Apache.Avro@1.9.0-beta001

url pkg:nuget/Apache.Avro@1.9.0-beta002

purl pkg:nuget/Apache.Avro@1.9.0-beta002

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yqn-2w2d-3yd3

vulnerability	VCID-keum-zdsz-s3by

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Apache.Avro@1.9.0-beta002

url pkg:nuget/Apache.Avro@1.9.0-rc1

purl pkg:nuget/Apache.Avro@1.9.0-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yqn-2w2d-3yd3

vulnerability	VCID-keum-zdsz-s3by

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Apache.Avro@1.9.0-rc1

url pkg:nuget/Apache.Avro@1.9.0-rc4

purl pkg:nuget/Apache.Avro@1.9.0-rc4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yqn-2w2d-3yd3

vulnerability	VCID-keum-zdsz-s3by

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Apache.Avro@1.9.0-rc4

url pkg:nuget/Apache.Avro@1.9.0

purl pkg:nuget/Apache.Avro@1.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yqn-2w2d-3yd3

vulnerability	VCID-keum-zdsz-s3by

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Apache.Avro@1.9.0

url pkg:nuget/Apache.Avro@1.9.1-alpha001

purl pkg:nuget/Apache.Avro@1.9.1-alpha001

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yqn-2w2d-3yd3

vulnerability	VCID-keum-zdsz-s3by

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Apache.Avro@1.9.1-alpha001

url pkg:nuget/Apache.Avro@1.9.1-alpha002

purl pkg:nuget/Apache.Avro@1.9.1-alpha002

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yqn-2w2d-3yd3

vulnerability	VCID-keum-zdsz-s3by

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Apache.Avro@1.9.1-alpha002

url pkg:nuget/Apache.Avro@1.9.1-alpha003

purl pkg:nuget/Apache.Avro@1.9.1-alpha003

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yqn-2w2d-3yd3

vulnerability	VCID-keum-zdsz-s3by

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Apache.Avro@1.9.1-alpha003

url pkg:nuget/Apache.Avro@1.9.1-rc1

purl pkg:nuget/Apache.Avro@1.9.1-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yqn-2w2d-3yd3

vulnerability	VCID-keum-zdsz-s3by

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Apache.Avro@1.9.1-rc1

url pkg:nuget/Apache.Avro@1.9.1

purl pkg:nuget/Apache.Avro@1.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yqn-2w2d-3yd3

vulnerability	VCID-keum-zdsz-s3by

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Apache.Avro@1.9.1

url pkg:nuget/Apache.Avro@1.9.2

purl pkg:nuget/Apache.Avro@1.9.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yqn-2w2d-3yd3

vulnerability	VCID-keum-zdsz-s3by

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Apache.Avro@1.9.2

url pkg:nuget/Apache.Avro@1.10.0-alpha001

purl pkg:nuget/Apache.Avro@1.10.0-alpha001

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yqn-2w2d-3yd3

vulnerability	VCID-keum-zdsz-s3by

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Apache.Avro@1.10.0-alpha001

url pkg:nuget/Apache.Avro@1.10.0

purl pkg:nuget/Apache.Avro@1.10.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yqn-2w2d-3yd3

vulnerability	VCID-keum-zdsz-s3by

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Apache.Avro@1.10.0

url pkg:nuget/Apache.Avro@1.10.1

purl pkg:nuget/Apache.Avro@1.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yqn-2w2d-3yd3

vulnerability	VCID-keum-zdsz-s3by

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Apache.Avro@1.10.1

url pkg:nuget/Apache.Avro@1.10.2

purl pkg:nuget/Apache.Avro@1.10.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yqn-2w2d-3yd3

vulnerability	VCID-keum-zdsz-s3by

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Apache.Avro@1.10.2

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43045.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43045.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-43045

reference_id

reference_type

scores

value	0.0037
scoring_system	epss
scoring_elements	0.58883
published_at	2026-04-21T12:55:00Z

value	0.0037
scoring_system	epss
scoring_elements	0.58762
published_at	2026-04-01T12:55:00Z

value	0.0037
scoring_system	epss
scoring_elements	0.58837
published_at	2026-04-02T12:55:00Z

value	0.0037
scoring_system	epss
scoring_elements	0.58859
published_at	2026-04-04T12:55:00Z

value	0.0037
scoring_system	epss
scoring_elements	0.58828
published_at	2026-04-07T12:55:00Z

value	0.0037
scoring_system	epss
scoring_elements	0.58879
published_at	2026-04-08T12:55:00Z

value	0.0037
scoring_system	epss
scoring_elements	0.58886
published_at	2026-04-09T12:55:00Z

value	0.0037
scoring_system	epss
scoring_elements	0.58903
published_at	2026-04-11T12:55:00Z

value	0.0037
scoring_system	epss
scoring_elements	0.58885
published_at	2026-04-12T12:55:00Z

value	0.0037
scoring_system	epss
scoring_elements	0.58866
published_at	2026-04-24T12:55:00Z

value	0.0037
scoring_system	epss
scoring_elements	0.58899
published_at	2026-04-16T12:55:00Z

value	0.0037
scoring_system	epss
scoring_elements	0.58904
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-43045

reference_url

https://github.com/apache/avro

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/avro

reference_url

https://github.com/apache/avro/pull/1357

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/avro/pull/1357

reference_url

https://issues.apache.org/jira/browse/AVRO-3225

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/AVRO-3225

reference_url

https://issues.apache.org/jira/browse/AVRO-3226

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/AVRO-3226

reference_url

https://lists.apache.org/thread/5fttw9vk6gd2p3b846nox7hcj5469xfd

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/5fttw9vk6gd2p3b846nox7hcj5469xfd

reference_url

http://www.openwall.com/lists/oss-security/2022/01/06/8

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/01/06/8

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2042576
reference_id	2042576
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2042576

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-43045

reference_id

CVE-2021-43045

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-43045

reference_url

https://github.com/advisories/GHSA-868x-rg4c-cjqg

reference_id

GHSA-868x-rg4c-cjqg

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-868x-rg4c-cjqg

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	770
name	Allocation of Resources Without Limits or Throttling
description	The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-keum-zdsz-s3by

Vulnerability Instance