Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-7nsr-5xpe-vke4

Summary Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController.

Aliases

alias	CVE-2021-31866

Fixed_packages

url pkg:alpm/archlinux/redmine@4.2.1-1

purl pkg:alpm/archlinux/redmine@4.2.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gjey-bqtd-kqa1

vulnerability	VCID-pwfc-n1q7-b7e4

vulnerability	VCID-wg3a-j2dp-ayh4

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/redmine@4.2.1-1

url	pkg:deb/debian/redmine@5.0.0-1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.0-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
purl	pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
purl	pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie

Affected_packages

url pkg:alpm/archlinux/redmine@4.1.1-2

purl pkg:alpm/archlinux/redmine@4.1.1-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fe1-sdn1-jfcw

vulnerability	VCID-7nsr-5xpe-vke4

vulnerability	VCID-8cvp-423x-qfga

vulnerability	VCID-a2t5-u2dx-5fc2

vulnerability	VCID-r8j4-1ux4-6ycy

vulnerability	VCID-yjxe-atwc-6yec

vulnerability	VCID-zbef-znuk-eqhr

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/redmine@4.1.1-2

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-31866

reference_id

reference_type

scores

value	0.00442
scoring_system	epss
scoring_elements	0.63327
published_at	2026-04-18T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63196
published_at	2026-04-01T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63255
published_at	2026-04-02T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63284
published_at	2026-04-04T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63249
published_at	2026-04-07T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.633
published_at	2026-04-08T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63318
published_at	2026-04-09T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63335
published_at	2026-04-11T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63319
published_at	2026-04-16T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63283
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-31866

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792
reference_id	990792
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792

reference_url	https://security.archlinux.org/ASA-202105-1
reference_id	ASA-202105-1
reference_type
scores
url	https://security.archlinux.org/ASA-202105-1

reference_url

https://security.archlinux.org/AVG-1743

reference_id

AVG-1743

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1743

Weaknesses

Exploits

Severity_range_score 9.0 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7nsr-5xpe-vke4

Vulnerability Instance