Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-xva8-adbf-87h3

Summary Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.

Aliases

alias	CVE-2024-22017

Fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

url	pkg:ebuild/net-libs/nodejs@18.20.4
purl	pkg:ebuild/net-libs/nodejs@18.20.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/nodejs@18.20.4

url	pkg:ebuild/net-libs/nodejs@20.15.1
purl	pkg:ebuild/net-libs/nodejs@20.15.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/nodejs@20.15.1

url	pkg:ebuild/net-libs/nodejs@22.4.1
purl	pkg:ebuild/net-libs/nodejs@22.4.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/nodejs@22.4.1

Affected_packages

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22017.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22017.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-22017

reference_id

reference_type

scores

value	0.00637
scoring_system	epss
scoring_elements	0.70418
published_at	2026-04-02T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70435
published_at	2026-04-04T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75311
published_at	2026-04-09T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75299
published_at	2026-04-13T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.7531
published_at	2026-04-12T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75332
published_at	2026-04-11T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75257
published_at	2026-04-07T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.753
published_at	2026-04-08T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75338
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-22017

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/2170226

reference_id

2170226

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-07T04:00:22Z/

url

https://hackerone.com/reports/2170226

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2265727
reference_id	2265727
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2265727

reference_url	https://security.gentoo.org/glsa/202505-11
reference_id	GLSA-202505-11
reference_type
scores
url	https://security.gentoo.org/glsa/202505-11

reference_url

https://security.netapp.com/advisory/ntap-20240517-0007/

reference_id

ntap-20240517-0007

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-07T04:00:22Z/

url

https://security.netapp.com/advisory/ntap-20240517-0007/

reference_url	https://access.redhat.com/errata/RHSA-2024:1687
reference_id	RHSA-2024:1687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1687

reference_url	https://access.redhat.com/errata/RHSA-2024:1688
reference_id	RHSA-2024:1688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1688

Weaknesses

cwe_id	269
name	Improper Privilege Management
description	The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Exploits

Severity_range_score 7.3 - 8.4

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xva8-adbf-87h3

Vulnerability Instance