Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-h4am-zzay-w7cg

Summary

Aliases

alias	CVE-2026-42154

alias	GHSA-8rm2-7qqf-34qm

Fixed_packages

url	pkg:apk/alpine/prometheus@3.5.3-r0?arch=s390x&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/prometheus@3.5.3-r0?arch=s390x&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/prometheus@3.5.3-r0%3Farch=s390x&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/prometheus@3.5.3-r0?arch=x86&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/prometheus@3.5.3-r0?arch=x86&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/prometheus@3.5.3-r0%3Farch=x86&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/prometheus@3.5.3-r0?arch=x86_64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/prometheus@3.5.3-r0?arch=x86_64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/prometheus@3.5.3-r0%3Farch=x86_64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/prometheus@3.5.3-r0?arch=s390x&distroversion=edge&reponame=community
purl	pkg:apk/alpine/prometheus@3.5.3-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/prometheus@3.5.3-r0%3Farch=s390x&distroversion=edge&reponame=community

url	pkg:apk/alpine/prometheus@3.5.3-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/prometheus@3.5.3-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/prometheus@3.5.3-r0%3Farch=riscv64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/prometheus@3.5.3-r0?arch=loongarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/prometheus@3.5.3-r0?arch=loongarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/prometheus@3.5.3-r0%3Farch=loongarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/prometheus@3.5.3-r0?arch=ppc64le&distroversion=edge&reponame=community
purl	pkg:apk/alpine/prometheus@3.5.3-r0?arch=ppc64le&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/prometheus@3.5.3-r0%3Farch=ppc64le&distroversion=edge&reponame=community

url	pkg:apk/alpine/prometheus@3.5.3-r0?arch=riscv64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/prometheus@3.5.3-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/prometheus@3.5.3-r0%3Farch=riscv64&distroversion=edge&reponame=community

url	pkg:apk/alpine/prometheus@3.5.3-r0?arch=aarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/prometheus@3.5.3-r0?arch=aarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/prometheus@3.5.3-r0%3Farch=aarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/prometheus@3.5.3-r0?arch=armhf&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/prometheus@3.5.3-r0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/prometheus@3.5.3-r0%3Farch=armhf&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/prometheus@3.5.3-r0?arch=armv7&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/prometheus@3.5.3-r0?arch=armv7&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/prometheus@3.5.3-r0%3Farch=armv7&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/prometheus@3.5.3-r0?arch=loongarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/prometheus@3.5.3-r0?arch=loongarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/prometheus@3.5.3-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/prometheus@3.5.3-r0?arch=ppc64le&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/prometheus@3.5.3-r0?arch=ppc64le&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/prometheus@3.5.3-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/prometheus@3.5.3-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/prometheus@3.5.3-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/prometheus@3.5.3-r0%3Farch=aarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/prometheus@3.5.3-r0?arch=armhf&distroversion=edge&reponame=community
purl	pkg:apk/alpine/prometheus@3.5.3-r0?arch=armhf&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/prometheus@3.5.3-r0%3Farch=armhf&distroversion=edge&reponame=community

url	pkg:apk/alpine/prometheus@3.5.3-r0?arch=armv7&distroversion=edge&reponame=community
purl	pkg:apk/alpine/prometheus@3.5.3-r0?arch=armv7&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/prometheus@3.5.3-r0%3Farch=armv7&distroversion=edge&reponame=community

url	pkg:apk/alpine/prometheus@3.5.3-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/prometheus@3.5.3-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/prometheus@3.5.3-r0%3Farch=x86&distroversion=edge&reponame=community

url	pkg:apk/alpine/prometheus@3.5.3-r0?arch=x86_64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/prometheus@3.5.3-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/prometheus@3.5.3-r0%3Farch=x86_64&distroversion=edge&reponame=community

url	pkg:golang/github.com/prometheus/prometheus@0.311.3
purl	pkg:golang/github.com/prometheus/prometheus@0.311.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/prometheus/prometheus@0.311.3

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-42154

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.05785
published_at	2026-05-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-42154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42154

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/prometheus/prometheus

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/prometheus/prometheus

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-42154

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-42154

reference_url

https://github.com/prometheus/prometheus/pull/18584

reference_id

18584

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T20:18:48Z/

url

https://github.com/prometheus/prometheus/pull/18584

reference_url

https://github.com/prometheus/prometheus/pull/18585

reference_id

18585

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T20:18:48Z/

url

https://github.com/prometheus/prometheus/pull/18585

reference_url

https://github.com/prometheus/prometheus/security/advisories/GHSA-8rm2-7qqf-34qm

reference_id

GHSA-8rm2-7qqf-34qm

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T20:18:48Z/

url

https://github.com/prometheus/prometheus/security/advisories/GHSA-8rm2-7qqf-34qm

reference_url

https://github.com/prometheus/prometheus/releases/tag/v3.11.3

reference_id

v3.11.3

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T20:18:48Z/

url

https://github.com/prometheus/prometheus/releases/tag/v3.11.3

reference_url

https://github.com/prometheus/prometheus/releases/tag/v3.5.3

reference_id

v3.5.3

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T20:18:48Z/

url

https://github.com/prometheus/prometheus/releases/tag/v3.5.3

Weaknesses

cwe_id	400
name	Uncontrolled Resource Consumption
description	The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

cwe_id	789
name	Memory Allocation with Excessive Size Value
description	The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4am-zzay-w7cg

Vulnerability Instance