Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-53zr-h1xh-w3fg
SummaryBotan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by the DNS name constraints, even though this check is technically not required by RFC 5280. However this check failed to account for the possibility of a mixed-case CN. Thus a certificate with CN=Sub.EVIL.COM and no subject alternative name would bypasses an excludedSubtrees constraint for evil.com because the comparison is case-sensitive. This issue has been patched in version 3.11.0.
Aliases
0
alias CVE-2026-32884
Fixed_packages
0
url pkg:deb/debian/botan3@3.11.0%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/botan3@3.11.0%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/botan3@3.11.0%252Bdfsg-2%3Fdistro=trixie
1
url pkg:deb/debian/botan3@3.11.1%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/botan3@3.11.1%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/botan3@3.11.1%252Bdfsg-2%3Fdistro=trixie
2
url pkg:deb/debian/botan3@3.11.1%2Bdfsg-2
purl pkg:deb/debian/botan3@3.11.1%2Bdfsg-2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/botan3@3.11.1%252Bdfsg-2
Affected_packages
0
url pkg:deb/debian/botan3@3.7.1%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/botan3@3.7.1%2Bdfsg-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-53zr-h1xh-w3fg
1
vulnerability VCID-8xnb-g7pw-y3cn
2
vulnerability VCID-gw14-fx4m-qqag
3
vulnerability VCID-kyg3-jbf1-qyb1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/botan3@3.7.1%252Bdfsg-2%3Fdistro=trixie
1
url pkg:deb/debian/botan3@3.7.1%2Bdfsg-2
purl pkg:deb/debian/botan3@3.7.1%2Bdfsg-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-53zr-h1xh-w3fg
1
vulnerability VCID-8xnb-g7pw-y3cn
2
vulnerability VCID-gw14-fx4m-qqag
3
vulnerability VCID-kyg3-jbf1-qyb1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/botan3@3.7.1%252Bdfsg-2
2
url pkg:deb/debian/botan3@3.10.0%2Bdfsg-2
purl pkg:deb/debian/botan3@3.10.0%2Bdfsg-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-53zr-h1xh-w3fg
1
vulnerability VCID-8xnb-g7pw-y3cn
2
vulnerability VCID-gw14-fx4m-qqag
3
vulnerability VCID-kyg3-jbf1-qyb1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/botan3@3.10.0%252Bdfsg-2
3
url pkg:deb/debian/botan3@3.10.0%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/botan3@3.10.0%2Bdfsg-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-53zr-h1xh-w3fg
1
vulnerability VCID-8xnb-g7pw-y3cn
2
vulnerability VCID-gw14-fx4m-qqag
3
vulnerability VCID-kyg3-jbf1-qyb1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/botan3@3.10.0%252Bdfsg-2%3Fdistro=trixie
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32884.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32884.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32884
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.03627
published_at 2026-04-04T12:55:00Z
1
value 0.00016
scoring_system epss
scoring_elements 0.03612
published_at 2026-04-02T12:55:00Z
2
value 0.00021
scoring_system epss
scoring_elements 0.05673
published_at 2026-04-08T12:55:00Z
3
value 0.00021
scoring_system epss
scoring_elements 0.057
published_at 2026-04-09T12:55:00Z
4
value 0.00021
scoring_system epss
scoring_elements 0.05671
published_at 2026-04-12T12:55:00Z
5
value 0.00021
scoring_system epss
scoring_elements 0.05679
published_at 2026-04-11T12:55:00Z
6
value 0.00021
scoring_system epss
scoring_elements 0.05665
published_at 2026-04-13T12:55:00Z
7
value 0.00021
scoring_system epss
scoring_elements 0.05636
published_at 2026-04-07T12:55:00Z
8
value 0.00022
scoring_system epss
scoring_elements 0.06103
published_at 2026-04-21T12:55:00Z
9
value 0.00022
scoring_system epss
scoring_elements 0.0594
published_at 2026-04-16T12:55:00Z
10
value 0.00022
scoring_system epss
scoring_elements 0.05951
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32884
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32884
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32884
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2453205
reference_id 2453205
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2453205
5
reference_url https://github.com/randombit/botan/security/advisories/GHSA-7c3g-7763-ggj5
reference_id GHSA-7c3g-7763-ggj5
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:34Z/
url https://github.com/randombit/botan/security/advisories/GHSA-7c3g-7763-ggj5
Weaknesses
0
cwe_id 295
name Improper Certificate Validation
description The product does not validate, or incorrectly validates, a certificate.
1
cwe_id 178
name Improper Handling of Case Sensitivity
description The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.
Exploits
Severity_range_score5.9 - 6.5
Exploitability0.5
Weighted_severity5.9
Risk_score3.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-53zr-h1xh-w3fg