Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-6gj4-t3v3-gyhp
Summary
Denial of service in github.com/buger/jsonparser
The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.
Aliases
0
alias CVE-2026-32285
1
alias GHSA-6g7g-w4f8-9c9x
Fixed_packages
0
url pkg:apk/alpine/rclone@1.73.5-r0?arch=armhf&distroversion=edge&reponame=community
purl pkg:apk/alpine/rclone@1.73.5-r0?arch=armhf&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=armhf&distroversion=edge&reponame=community
1
url pkg:apk/alpine/rclone@1.73.5-r0?arch=armv7&distroversion=edge&reponame=community
purl pkg:apk/alpine/rclone@1.73.5-r0?arch=armv7&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=armv7&distroversion=edge&reponame=community
2
url pkg:apk/alpine/rclone@1.73.5-r0?arch=loongarch64&distroversion=edge&reponame=community
purl pkg:apk/alpine/rclone@1.73.5-r0?arch=loongarch64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=loongarch64&distroversion=edge&reponame=community
3
url pkg:apk/alpine/rclone@1.73.5-r0?arch=ppc64le&distroversion=edge&reponame=community
purl pkg:apk/alpine/rclone@1.73.5-r0?arch=ppc64le&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=ppc64le&distroversion=edge&reponame=community
4
url pkg:apk/alpine/rclone@1.73.5-r0?arch=x86&distroversion=edge&reponame=community
purl pkg:apk/alpine/rclone@1.73.5-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=x86&distroversion=edge&reponame=community
5
url pkg:apk/alpine/rclone@1.73.5-r0?arch=x86_64&distroversion=edge&reponame=community
purl pkg:apk/alpine/rclone@1.73.5-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=x86_64&distroversion=edge&reponame=community
6
url pkg:apk/alpine/rclone@1.73.5-r0?arch=aarch64&distroversion=edge&reponame=community
purl pkg:apk/alpine/rclone@1.73.5-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=aarch64&distroversion=edge&reponame=community
7
url pkg:apk/alpine/rclone@1.73.5-r0?arch=s390x&distroversion=edge&reponame=community
purl pkg:apk/alpine/rclone@1.73.5-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=s390x&distroversion=edge&reponame=community
8
url pkg:apk/alpine/rclone@1.73.5-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/rclone@1.73.5-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=riscv64&distroversion=edge&reponame=community
9
url pkg:deb/debian/golang-github-buger-jsonparser@1.1.2-1?distro=trixie
purl pkg:deb/debian/golang-github-buger-jsonparser@1.1.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-buger-jsonparser@1.1.2-1%3Fdistro=trixie
10
url pkg:deb/debian/golang-github-buger-jsonparser@1.1.2-1
purl pkg:deb/debian/golang-github-buger-jsonparser@1.1.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-buger-jsonparser@1.1.2-1
11
url pkg:deb/debian/golang-github-buger-jsonparser@1.2.0-1?distro=trixie
purl pkg:deb/debian/golang-github-buger-jsonparser@1.2.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-buger-jsonparser@1.2.0-1%3Fdistro=trixie
12
url pkg:golang/github.com/buger/jsonparser@1.1.2
purl pkg:golang/github.com/buger/jsonparser@1.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/buger/jsonparser@1.1.2
Affected_packages
0
url pkg:deb/debian/golang-github-buger-jsonparser@1.1.1-1?distro=trixie
purl pkg:deb/debian/golang-github-buger-jsonparser@1.1.1-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6gj4-t3v3-gyhp
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-buger-jsonparser@1.1.1-1%3Fdistro=trixie
1
url pkg:deb/debian/golang-github-buger-jsonparser@1.1.1-1
purl pkg:deb/debian/golang-github-buger-jsonparser@1.1.1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6gj4-t3v3-gyhp
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-buger-jsonparser@1.1.1-1
2
url pkg:deb/debian/golang-github-buger-jsonparser@1.1.1-2?distro=trixie
purl pkg:deb/debian/golang-github-buger-jsonparser@1.1.1-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6gj4-t3v3-gyhp
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-buger-jsonparser@1.1.1-2%3Fdistro=trixie
3
url pkg:deb/debian/golang-github-buger-jsonparser@1.1.1-2
purl pkg:deb/debian/golang-github-buger-jsonparser@1.1.1-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6gj4-t3v3-gyhp
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-buger-jsonparser@1.1.1-2
4
url pkg:rpm/redhat/syft-main@1.42.4-0.1?arch=hum1
purl pkg:rpm/redhat/syft-main@1.42.4-0.1?arch=hum1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6gj4-t3v3-gyhp
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/syft-main@1.42.4-0.1%3Farch=hum1
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32285.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32285.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32285
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.05903
published_at 2026-05-05T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.0817
published_at 2026-05-07T12:55:00Z
2
value 0.00052
scoring_system epss
scoring_elements 0.16264
published_at 2026-04-26T12:55:00Z
3
value 0.00052
scoring_system epss
scoring_elements 0.16269
published_at 2026-04-24T12:55:00Z
4
value 0.00054
scoring_system epss
scoring_elements 0.17129
published_at 2026-04-12T12:55:00Z
5
value 0.00054
scoring_system epss
scoring_elements 0.17176
published_at 2026-04-11T12:55:00Z
6
value 0.00054
scoring_system epss
scoring_elements 0.17201
published_at 2026-04-09T12:55:00Z
7
value 0.00054
scoring_system epss
scoring_elements 0.17144
published_at 2026-04-08T12:55:00Z
8
value 0.00054
scoring_system epss
scoring_elements 0.17054
published_at 2026-04-07T12:55:00Z
9
value 0.00054
scoring_system epss
scoring_elements 0.17273
published_at 2026-04-04T12:55:00Z
10
value 0.00054
scoring_system epss
scoring_elements 0.17223
published_at 2026-04-02T12:55:00Z
11
value 0.00054
scoring_system epss
scoring_elements 0.17045
published_at 2026-04-21T12:55:00Z
12
value 0.00054
scoring_system epss
scoring_elements 0.17009
published_at 2026-04-18T12:55:00Z
13
value 0.00054
scoring_system epss
scoring_elements 0.17005
published_at 2026-04-16T12:55:00Z
14
value 0.00054
scoring_system epss
scoring_elements 0.17069
published_at 2026-04-13T12:55:00Z
15
value 0.00057
scoring_system epss
scoring_elements 0.1769
published_at 2026-04-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32285
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32285
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32285
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/buger/jsonparser
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/buger/jsonparser
5
reference_url https://github.com/buger/jsonparser/commit/a69e7e01cd4ad67bdfd3ac2c080b9212af16f4b0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/buger/jsonparser/commit/a69e7e01cd4ad67bdfd3ac2c080b9212af16f4b0
6
reference_url https://github.com/buger/jsonparser/issues/275
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-30T14:05:55Z/
url https://github.com/buger/jsonparser/issues/275
7
reference_url https://github.com/buger/jsonparser/pull/276
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/buger/jsonparser/pull/276
8
reference_url https://github.com/buger/jsonparser/releases/tag/v1.1.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/buger/jsonparser/releases/tag/v1.1.2
9
reference_url https://github.com/golang/vulndb/issues/4514
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-30T14:05:55Z/
url https://github.com/golang/vulndb/issues/4514
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-32285
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-32285
11
reference_url https://pkg.go.dev/vuln/GO-2026-4514
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-30T14:05:55Z/
url https://pkg.go.dev/vuln/GO-2026-4514
12
reference_url https://securityinfinity.com/research/buger-jsonparser-negative-slice-panic-dos-2026
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://securityinfinity.com/research/buger-jsonparser-negative-slice-panic-dos-2026
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2451846
reference_id 2451846
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2451846
14
reference_url https://access.redhat.com/errata/RHSA-2026:13548
reference_id RHSA-2026:13548
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13548
15
reference_url https://access.redhat.com/errata/RHSA-2026:7191
reference_id RHSA-2026:7191
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7191
16
reference_url https://access.redhat.com/errata/RHSA-2026:9385
reference_id RHSA-2026:9385
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:9385
Weaknesses
0
cwe_id 125
name Out-of-bounds Read
description The product reads data past the end, or before the beginning, of the intended buffer.
1
cwe_id 1285
name Improper Validation of Specified Index, Position, or Offset in Input
description The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.
2
cwe_id 129
name Improper Validation of Array Index
description The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
Exploits
Severity_range_score5.5 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-6gj4-t3v3-gyhp