Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-p463-b1yc-jkev
SummaryH2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can lead to crashes or leak of information to back end HTTP servers. Pull request number 3229 fixes the issue. The pull request has been merged to the `master` branch in commit f010336. Users should upgrade to commit f010336 or later.
Aliases
0
alias CVE-2023-30847
Fixed_packages
0
url pkg:deb/debian/h2o@0?distro=bullseye
purl pkg:deb/debian/h2o@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@0%3Fdistro=bullseye
1
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye
2
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30847
reference_id
reference_type
scores
0
value 0.00348
scoring_system epss
scoring_elements 0.57394
published_at 2026-04-18T12:55:00Z
1
value 0.00348
scoring_system epss
scoring_elements 0.57396
published_at 2026-04-08T12:55:00Z
2
value 0.00348
scoring_system epss
scoring_elements 0.57398
published_at 2026-04-16T12:55:00Z
3
value 0.00348
scoring_system epss
scoring_elements 0.57413
published_at 2026-04-11T12:55:00Z
4
value 0.00348
scoring_system epss
scoring_elements 0.57393
published_at 2026-04-12T12:55:00Z
5
value 0.00348
scoring_system epss
scoring_elements 0.57372
published_at 2026-04-21T12:55:00Z
6
value 0.00348
scoring_system epss
scoring_elements 0.57346
published_at 2026-04-02T12:55:00Z
7
value 0.00348
scoring_system epss
scoring_elements 0.57368
published_at 2026-04-04T12:55:00Z
8
value 0.00348
scoring_system epss
scoring_elements 0.57344
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30847
1
reference_url https://github.com/h2o/h2o/pull/3229
reference_id 3229
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-30T19:51:39Z/
url https://github.com/h2o/h2o/pull/3229
2
reference_url https://github.com/h2o/h2o/commit/f010336bab162839df43d9e87570897466c97e33
reference_id f010336bab162839df43d9e87570897466c97e33
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-30T19:51:39Z/
url https://github.com/h2o/h2o/commit/f010336bab162839df43d9e87570897466c97e33
3
reference_url https://github.com/h2o/h2o/security/advisories/GHSA-p5hj-phwj-hrvx
reference_id GHSA-p5hj-phwj-hrvx
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-30T19:51:39Z/
url https://github.com/h2o/h2o/security/advisories/GHSA-p5hj-phwj-hrvx
Weaknesses
0
cwe_id 824
name Access of Uninitialized Pointer
description The product accesses or uses a pointer that has not been initialized.
Exploits
Severity_range_score8.2 - 8.2
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-p463-b1yc-jkev