Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-hxpy-59gj-dygh
SummaryAn issue was discovered in Mbed TLS 3.5.x before 3.6.0. When negotiating the TLS version on the server side, it can fall back to the TLS 1.2 implementation of the protocol if it is disabled. If the TLS 1.2 implementation was disabled at build time, a TLS 1.2 client could put a TLS 1.3-only server into an infinite loop processing a TLS 1.2 ClientHello, resulting in a denial of service. If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client can successfully establish a TLS 1.2 connection with the server.
Aliases
0
alias CVE-2024-28836
Fixed_packages
0
url pkg:deb/debian/mbedtls@0?distro=trixie
purl pkg:deb/debian/mbedtls@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie
1
url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie
purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5bxk-rknm-zfhc
1
vulnerability VCID-f1fz-b8b6-dfb8
2
vulnerability VCID-gvkn-6e2m-dyez
3
vulnerability VCID-k8w1-nrjy-wfbe
4
vulnerability VCID-kchn-2wez-bbb2
5
vulnerability VCID-pj6w-rufw-nqgd
6
vulnerability VCID-vp4q-81cq-33cw
7
vulnerability VCID-vs6q-c4ug-xfer
8
vulnerability VCID-wsvw-6tmk-3kdj
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie
2
url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie
purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sbv-dqyv-6baw
1
vulnerability VCID-5bxk-rknm-zfhc
2
vulnerability VCID-7ppw-f9jy-k7ae
3
vulnerability VCID-7v3a-5q44-cucz
4
vulnerability VCID-98cg-wuhp-qudq
5
vulnerability VCID-f1fz-b8b6-dfb8
6
vulnerability VCID-gvkn-6e2m-dyez
7
vulnerability VCID-kchn-2wez-bbb2
8
vulnerability VCID-pj6w-rufw-nqgd
9
vulnerability VCID-vp4q-81cq-33cw
10
vulnerability VCID-vs6q-c4ug-xfer
11
vulnerability VCID-wsvw-6tmk-3kdj
12
vulnerability VCID-zpq1-dwvf-8ka2
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie
3
url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie
purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sbv-dqyv-6baw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie
purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sbv-dqyv-6baw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28836
reference_id
reference_type
scores
0
value 0.00113
scoring_system epss
scoring_elements 0.29642
published_at 2026-04-24T12:55:00Z
1
value 0.00113
scoring_system epss
scoring_elements 0.29768
published_at 2026-04-13T12:55:00Z
2
value 0.00113
scoring_system epss
scoring_elements 0.29787
published_at 2026-04-16T12:55:00Z
3
value 0.00113
scoring_system epss
scoring_elements 0.29767
published_at 2026-04-18T12:55:00Z
4
value 0.00113
scoring_system epss
scoring_elements 0.29721
published_at 2026-04-21T12:55:00Z
5
value 0.00113
scoring_system epss
scoring_elements 0.29899
published_at 2026-04-02T12:55:00Z
6
value 0.00113
scoring_system epss
scoring_elements 0.29947
published_at 2026-04-04T12:55:00Z
7
value 0.00113
scoring_system epss
scoring_elements 0.29759
published_at 2026-04-07T12:55:00Z
8
value 0.00113
scoring_system epss
scoring_elements 0.2982
published_at 2026-04-08T12:55:00Z
9
value 0.00113
scoring_system epss
scoring_elements 0.29856
published_at 2026-04-09T12:55:00Z
10
value 0.00113
scoring_system epss
scoring_elements 0.29865
published_at 2026-04-11T12:55:00Z
11
value 0.00113
scoring_system epss
scoring_elements 0.29819
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28836
1
reference_url https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/
reference_id security-advisories
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T15:03:49Z/
url https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/
2
reference_url https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0
reference_id v3.6.0
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T15:03:49Z/
url https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0
Weaknesses
Exploits
Severity_range_score5.4 - 5.4
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-hxpy-59gj-dygh