Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-a5vu-jbue-xud3
Summary
Netty-handler does not validate host names by default
This vulnerability has been marked as a false positive.
Aliases
0
alias CVE-2023-4586
1
alias GHSA-57m8-f3v5-hm5m
Fixed_packages
Affected_packages
0
url pkg:maven/io.netty/netty-handler@4.1.0.Final
purl pkg:maven/io.netty/netty-handler@4.1.0.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2tr1-48cx-ubbh
1
vulnerability VCID-3mgs-vrus-q3ag
2
vulnerability VCID-8b9g-6r2j-tqhw
3
vulnerability VCID-9a4r-nbdk-37fu
4
vulnerability VCID-a5vu-jbue-xud3
5
vulnerability VCID-e92u-331h-bkcb
6
vulnerability VCID-m9t3-3sxz-8faz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-handler@4.1.0.Final
1
url pkg:maven/io.netty/netty-handler@4.1.99.Final
purl pkg:maven/io.netty/netty-handler@4.1.99.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5vu-jbue-xud3
1
vulnerability VCID-epex-9q5x-ykf3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-handler@4.1.99.Final
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4586.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4586.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-4586
reference_id
reference_type
scores
0
value 0.0013
scoring_system epss
scoring_elements 0.32458
published_at 2026-04-13T12:55:00Z
1
value 0.0013
scoring_system epss
scoring_elements 0.32485
published_at 2026-04-12T12:55:00Z
2
value 0.0013
scoring_system epss
scoring_elements 0.32494
published_at 2026-04-16T12:55:00Z
3
value 0.0013
scoring_system epss
scoring_elements 0.32472
published_at 2026-04-18T12:55:00Z
4
value 0.0013
scoring_system epss
scoring_elements 0.32523
published_at 2026-04-11T12:55:00Z
5
value 0.0013
scoring_system epss
scoring_elements 0.32519
published_at 2026-04-09T12:55:00Z
6
value 0.0013
scoring_system epss
scoring_elements 0.32492
published_at 2026-04-08T12:55:00Z
7
value 0.0013
scoring_system epss
scoring_elements 0.32443
published_at 2026-04-07T12:55:00Z
8
value 0.0013
scoring_system epss
scoring_elements 0.32621
published_at 2026-04-04T12:55:00Z
9
value 0.0013
scoring_system epss
scoring_elements 0.32585
published_at 2026-04-02T12:55:00Z
10
value 0.00247
scoring_system epss
scoring_elements 0.47953
published_at 2026-04-24T12:55:00Z
11
value 0.00247
scoring_system epss
scoring_elements 0.47972
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-4586
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2235564
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2235564
3
reference_url https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLParameters.html#setEndpointIdentificationAlgorithm-java.lang.String-
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLParameters.html#setEndpointIdentificationAlgorithm-java.lang.String-
4
reference_url https://github.com/netty/netty
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty
5
reference_url https://github.com/netty/netty/issues/8537
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/issues/8537
6
reference_url https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-1042268
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-1042268
7
reference_url https://access.redhat.com/security/cve/CVE-2023-4586
reference_id CVE-2023-4586
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2023-4586
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4586
reference_id CVE-2023-4586
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-4586
9
reference_url https://github.com/advisories/GHSA-57m8-f3v5-hm5m
reference_id GHSA-57m8-f3v5-hm5m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-57m8-f3v5-hm5m
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 295
name Improper Certificate Validation
description The product does not validate, or incorrectly validates, a certificate.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Exploits
Severity_range_score4.0 - 7.4
Exploitability0.5
Weighted_severity6.7
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-a5vu-jbue-xud3