Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-cy7v-dhum-gfgk
Summary
Uncontrolled Resource Consumption
A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.
Aliases
0
alias CVE-2023-32636
Fixed_packages
0
url pkg:deb/debian/glib2.0@0?distro=trixie
purl pkg:deb/debian/glib2.0@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glib2.0@0%3Fdistro=trixie
1
url pkg:deb/debian/glib2.0@2.66.8-1%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/glib2.0@2.66.8-1%2Bdeb11u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glib2.0@2.66.8-1%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/glib2.0@2.74.6-2%2Bdeb12u8?distro=trixie
purl pkg:deb/debian/glib2.0@2.74.6-2%2Bdeb12u8?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a9dn-qcuy-f7cs
1
vulnerability VCID-gchd-ewt9-17dk
2
vulnerability VCID-gwaz-f5mw-j7cb
3
vulnerability VCID-u5sb-ke8a-qkd2
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glib2.0@2.74.6-2%252Bdeb12u8%3Fdistro=trixie
3
url pkg:deb/debian/glib2.0@2.84.4-3~deb13u2?distro=trixie
purl pkg:deb/debian/glib2.0@2.84.4-3~deb13u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a9dn-qcuy-f7cs
1
vulnerability VCID-gchd-ewt9-17dk
2
vulnerability VCID-gwaz-f5mw-j7cb
3
vulnerability VCID-u5sb-ke8a-qkd2
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glib2.0@2.84.4-3~deb13u2%3Fdistro=trixie
4
url pkg:deb/debian/glib2.0@2.88.0-1?distro=trixie
purl pkg:deb/debian/glib2.0@2.88.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glib2.0@2.88.0-1%3Fdistro=trixie
Affected_packages
0
url pkg:rpm/redhat/mingw-glib2@2.78.0-1?arch=el9
purl pkg:rpm/redhat/mingw-glib2@2.78.0-1?arch=el9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4em6-3x32-ybcv
1
vulnerability VCID-cy7v-dhum-gfgk
2
vulnerability VCID-tzt9-dtt8-bkfm
3
vulnerability VCID-z2v6-3j7r-vkaj
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/mingw-glib2@2.78.0-1%3Farch=el9
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32636.json
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32636.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32636
reference_id
reference_type
scores
0
value 0.00165
scoring_system epss
scoring_elements 0.37613
published_at 2026-04-02T12:55:00Z
1
value 0.00165
scoring_system epss
scoring_elements 0.3756
published_at 2026-04-18T12:55:00Z
2
value 0.00165
scoring_system epss
scoring_elements 0.37636
published_at 2026-04-04T12:55:00Z
3
value 0.00165
scoring_system epss
scoring_elements 0.37515
published_at 2026-04-07T12:55:00Z
4
value 0.00165
scoring_system epss
scoring_elements 0.37566
published_at 2026-04-08T12:55:00Z
5
value 0.00165
scoring_system epss
scoring_elements 0.37579
published_at 2026-04-16T12:55:00Z
6
value 0.00165
scoring_system epss
scoring_elements 0.37593
published_at 2026-04-11T12:55:00Z
7
value 0.00165
scoring_system epss
scoring_elements 0.37559
published_at 2026-04-12T12:55:00Z
8
value 0.00165
scoring_system epss
scoring_elements 0.37533
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32636
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://gitlab.gnome.org/GNOME/glib/-/issues/2841
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T17:51:57Z/
url https://gitlab.gnome.org/GNOME/glib/-/issues/2841
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2211833
reference_id 2211833
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2211833
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32636
reference_id CVE-2023-32636
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-32636
6
reference_url https://security.netapp.com/advisory/ntap-20231110-0002/
reference_id ntap-20231110-0002
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T17:51:57Z/
url https://security.netapp.com/advisory/ntap-20231110-0002/
7
reference_url https://access.redhat.com/errata/RHSA-2024:2528
reference_id RHSA-2024:2528
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2528
8
reference_url https://usn.ubuntu.com/6165-1/
reference_id USN-6165-1
reference_type
scores
url https://usn.ubuntu.com/6165-1/
9
reference_url https://usn.ubuntu.com/6165-2/
reference_id USN-6165-2
reference_type
scores
url https://usn.ubuntu.com/6165-2/
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 502
name Deserialization of Untrusted Data
description The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 400
name Uncontrolled Resource Consumption
description The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Exploits
Severity_range_score4.7 - 6.5
Exploitability0.5
Weighted_severity5.6
Risk_score2.8
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-cy7v-dhum-gfgk