Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-4hs3-be7k-9qe7
Summary
Apache Traffic Server allows request smuggling if chunked messages are malformed. 

This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1.

Users are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue.
Aliases
0
alias CVE-2025-65114
Fixed_packages
0
url pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3?distro=sid
purl pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3%3Fdistro=sid
1
url pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
purl pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3
2
url pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u4?distro=sid
purl pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u4?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u4%3Fdistro=sid
Affected_packages
0
url pkg:deb/debian/trafficserver@8.1.10%2Bds-1~deb11u1
purl pkg:deb/debian/trafficserver@8.1.10%2Bds-1~deb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4738-xk8n-hbac
1
vulnerability VCID-4hs3-be7k-9qe7
2
vulnerability VCID-4uhe-mtbx-nfdu
3
vulnerability VCID-5e1r-3jec-tkhp
4
vulnerability VCID-c62p-6ghw-j3dv
5
vulnerability VCID-eay7-63um-43e9
6
vulnerability VCID-esap-nkps-cfg9
7
vulnerability VCID-jabw-thzt-63bb
8
vulnerability VCID-jb1b-9gr2-suez
9
vulnerability VCID-kjah-am9e-xkev
10
vulnerability VCID-rcdg-j23x-xfbn
11
vulnerability VCID-rw58-bnwt-2bam
12
vulnerability VCID-tevw-8dcp-yfh6
13
vulnerability VCID-ww3t-p3pq-gkhy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@8.1.10%252Bds-1~deb11u1
1
url pkg:deb/debian/trafficserver@8.1.10%2Bds-1~deb11u1?distro=sid
purl pkg:deb/debian/trafficserver@8.1.10%2Bds-1~deb11u1?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4738-xk8n-hbac
1
vulnerability VCID-4hs3-be7k-9qe7
2
vulnerability VCID-4uhe-mtbx-nfdu
3
vulnerability VCID-5e1r-3jec-tkhp
4
vulnerability VCID-c62p-6ghw-j3dv
5
vulnerability VCID-eay7-63um-43e9
6
vulnerability VCID-kjah-am9e-xkev
7
vulnerability VCID-tevw-8dcp-yfh6
8
vulnerability VCID-ww3t-p3pq-gkhy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@8.1.10%252Bds-1~deb11u1%3Fdistro=sid
2
url pkg:deb/debian/trafficserver@9.2.5%2Bds-1
purl pkg:deb/debian/trafficserver@9.2.5%2Bds-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4738-xk8n-hbac
1
vulnerability VCID-4hs3-be7k-9qe7
2
vulnerability VCID-4uhe-mtbx-nfdu
3
vulnerability VCID-5e1r-3jec-tkhp
4
vulnerability VCID-c62p-6ghw-j3dv
5
vulnerability VCID-eay7-63um-43e9
6
vulnerability VCID-jabw-thzt-63bb
7
vulnerability VCID-kjah-am9e-xkev
8
vulnerability VCID-rcdg-j23x-xfbn
9
vulnerability VCID-tevw-8dcp-yfh6
10
vulnerability VCID-ww3t-p3pq-gkhy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-1
3
url pkg:deb/debian/trafficserver@9.2.5%2Bds-1?distro=sid
purl pkg:deb/debian/trafficserver@9.2.5%2Bds-1?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4738-xk8n-hbac
1
vulnerability VCID-4hs3-be7k-9qe7
2
vulnerability VCID-4uhe-mtbx-nfdu
3
vulnerability VCID-5e1r-3jec-tkhp
4
vulnerability VCID-c62p-6ghw-j3dv
5
vulnerability VCID-eay7-63um-43e9
6
vulnerability VCID-jabw-thzt-63bb
7
vulnerability VCID-kjah-am9e-xkev
8
vulnerability VCID-rcdg-j23x-xfbn
9
vulnerability VCID-tevw-8dcp-yfh6
10
vulnerability VCID-ww3t-p3pq-gkhy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-1%3Fdistro=sid
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65114
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.08219
published_at 2026-04-04T12:55:00Z
1
value 0.00163
scoring_system epss
scoring_elements 0.37207
published_at 2026-04-07T12:55:00Z
2
value 0.0021
scoring_system epss
scoring_elements 0.43424
published_at 2026-04-18T12:55:00Z
3
value 0.0021
scoring_system epss
scoring_elements 0.43358
published_at 2026-04-21T12:55:00Z
4
value 0.00215
scoring_system epss
scoring_elements 0.43969
published_at 2026-04-13T12:55:00Z
5
value 0.00215
scoring_system epss
scoring_elements 0.44031
published_at 2026-04-16T12:55:00Z
6
value 0.00215
scoring_system epss
scoring_elements 0.44017
published_at 2026-04-11T12:55:00Z
7
value 0.00215
scoring_system epss
scoring_elements 0.43999
published_at 2026-04-08T12:55:00Z
8
value 0.00215
scoring_system epss
scoring_elements 0.44002
published_at 2026-04-09T12:55:00Z
9
value 0.00215
scoring_system epss
scoring_elements 0.43984
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65114
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65114
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65114
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132717
reference_id 1132717
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132717
3
reference_url https://lists.apache.org/thread/2s11roxlv1j8ph6q52rqo1klvl01n14q
reference_id 2s11roxlv1j8ph6q52rqo1klvl01n14q
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:09:43Z/
url https://lists.apache.org/thread/2s11roxlv1j8ph6q52rqo1klvl01n14q
Weaknesses
0
cwe_id 444
name Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
description The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.
Exploits
Severity_range_score7.5 - 7.5
Exploitability0.5
Weighted_severity6.8
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-4hs3-be7k-9qe7