Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-x54w-scep-kyde
Summary
golang.org/x/net/http2/h2c vulnerable to request smuggling attack
A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.

### Specific Go Packages Affected
golang.org/x/net/http2/h2c
Aliases
0
alias CVE-2022-41721
1
alias GHSA-fxg5-wq6x-vr4w
Fixed_packages
0
url pkg:deb/debian/golang-golang-x-net@0?distro=trixie
purl pkg:deb/debian/golang-golang-x-net@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-net@0%3Fdistro=trixie
1
url pkg:deb/debian/golang-golang-x-net@1:0.0%2Bgit20210119.5f4716e%2Bdfsg-4?distro=trixie
purl pkg:deb/debian/golang-golang-x-net@1:0.0%2Bgit20210119.5f4716e%2Bdfsg-4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3zyn-rapk-ybe8
1
vulnerability VCID-5kkq-5jpf-fqev
2
vulnerability VCID-73s2-6cpr-gkdu
3
vulnerability VCID-aj2b-56uj-gkar
4
vulnerability VCID-asx6-ds7x-6ubz
5
vulnerability VCID-azr4-u36f-pbew
6
vulnerability VCID-g8qg-4g78-pfgn
7
vulnerability VCID-k6de-54xk-dkfv
8
vulnerability VCID-sdd3-35ng-g7a3
9
vulnerability VCID-w53f-uad6-gqdn
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-net@1:0.0%252Bgit20210119.5f4716e%252Bdfsg-4%3Fdistro=trixie
2
url pkg:deb/debian/golang-golang-x-net@1:0.4.0%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/golang-golang-x-net@1:0.4.0%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-net@1:0.4.0%252Bdfsg-1%3Fdistro=trixie
3
url pkg:deb/debian/golang-golang-x-net@1:0.7.0%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/golang-golang-x-net@1:0.7.0%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3zyn-rapk-ybe8
1
vulnerability VCID-73s2-6cpr-gkdu
2
vulnerability VCID-aj2b-56uj-gkar
3
vulnerability VCID-asx6-ds7x-6ubz
4
vulnerability VCID-g8qg-4g78-pfgn
5
vulnerability VCID-k6de-54xk-dkfv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-net@1:0.7.0%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/golang-golang-x-net@1:0.27.0-2?distro=trixie
purl pkg:deb/debian/golang-golang-x-net@1:0.27.0-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-73s2-6cpr-gkdu
1
vulnerability VCID-asx6-ds7x-6ubz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-net@1:0.27.0-2%3Fdistro=trixie
5
url pkg:deb/debian/golang-golang-x-net@1:0.47.0-2?distro=trixie
purl pkg:deb/debian/golang-golang-x-net@1:0.47.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-net@1:0.47.0-2%3Fdistro=trixie
6
url pkg:deb/debian/golang-golang-x-net@1:0.53.0-1?distro=trixie
purl pkg:deb/debian/golang-golang-x-net@1:0.53.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-net@1:0.53.0-1%3Fdistro=trixie
Affected_packages
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41721.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41721.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41721
reference_id
reference_type
scores
0
value 0.00066
scoring_system epss
scoring_elements 0.20528
published_at 2026-04-18T12:55:00Z
1
value 0.00066
scoring_system epss
scoring_elements 0.20531
published_at 2026-04-16T12:55:00Z
2
value 0.00066
scoring_system epss
scoring_elements 0.20546
published_at 2026-04-13T12:55:00Z
3
value 0.00066
scoring_system epss
scoring_elements 0.20599
published_at 2026-04-12T12:55:00Z
4
value 0.00066
scoring_system epss
scoring_elements 0.20641
published_at 2026-04-11T12:55:00Z
5
value 0.00066
scoring_system epss
scoring_elements 0.20621
published_at 2026-04-09T12:55:00Z
6
value 0.00066
scoring_system epss
scoring_elements 0.20562
published_at 2026-04-08T12:55:00Z
7
value 0.00066
scoring_system epss
scoring_elements 0.20485
published_at 2026-04-07T12:55:00Z
8
value 0.00066
scoring_system epss
scoring_elements 0.20765
published_at 2026-04-04T12:55:00Z
9
value 0.00066
scoring_system epss
scoring_elements 0.20705
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41721
2
reference_url https://cs.opensource.google/go/x/net
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cs.opensource.google/go/x/net
3
reference_url https://go.dev/cl/447396
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-04T14:43:40Z/
url https://go.dev/cl/447396
4
reference_url https://go.dev/issue/56352
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-04T14:43:40Z/
url https://go.dev/issue/56352
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3H3EWQXM2XL5AGBX6UL443JEJ3GQXJN
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3H3EWQXM2XL5AGBX6UL443JEJ3GQXJN
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5DXTLLWN6HKI5I35EUZRBISTNZJ75GP
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5DXTLLWN6HKI5I35EUZRBISTNZJ75GP
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-41721
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-41721
8
reference_url https://pkg.go.dev/vuln/GO-2023-1495
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-04T14:43:40Z/
url https://pkg.go.dev/vuln/GO-2023-1495
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2162182
reference_id 2162182
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2162182
10
reference_url https://access.redhat.com/errata/RHSA-2023:1326
reference_id RHSA-2023:1326
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1326
11
reference_url https://access.redhat.com/errata/RHSA-2023:4627
reference_id RHSA-2023:4627
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4627
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3H3EWQXM2XL5AGBX6UL443JEJ3GQXJN/
reference_id X3H3EWQXM2XL5AGBX6UL443JEJ3GQXJN
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-04T14:43:40Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3H3EWQXM2XL5AGBX6UL443JEJ3GQXJN/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5DXTLLWN6HKI5I35EUZRBISTNZJ75GP/
reference_id X5DXTLLWN6HKI5I35EUZRBISTNZJ75GP
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-04T14:43:40Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5DXTLLWN6HKI5I35EUZRBISTNZJ75GP/
Weaknesses
0
cwe_id 444
name Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
description The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.
Exploits
Severity_range_score7.0 - 8.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-x54w-scep-kyde