Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-esea-tj2b-h7ey
Summary
github.com/ulikunitz/xz fixes readUvarint Denial of Service (DoS)
### Impact

xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input.

### Patches

The problem has been fixed in release v0.5.8.

### Workarounds

Limit the size of the compressed file input to a reasonable size for your use case.

### References

The standard library had recently the same issue and got the [CVE-2020-16845](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16845) allocated.

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [xz](https://github.com/ulikunitz/xz/issues).
Aliases
0
alias CVE-2021-29482
1
alias GHSA-25xm-hr59-7c27
Fixed_packages
0
url pkg:deb/debian/golang-github-ulikunitz-xz@0.5.6-2?distro=trixie
purl pkg:deb/debian/golang-github-ulikunitz-xz@0.5.6-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-aag6-jhbk-qqd6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-ulikunitz-xz@0.5.6-2%3Fdistro=trixie
1
url pkg:deb/debian/golang-github-ulikunitz-xz@0.5.15-1?distro=trixie
purl pkg:deb/debian/golang-github-ulikunitz-xz@0.5.15-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-ulikunitz-xz@0.5.15-1%3Fdistro=trixie
2
url pkg:golang/github.com/ulikunitz/xz@0.5.8
purl pkg:golang/github.com/ulikunitz/xz@0.5.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/ulikunitz/xz@0.5.8
Affected_packages
0
url pkg:rpm/redhat/servicemesh@2.0.9-3?arch=el8
purl pkg:rpm/redhat/servicemesh@2.0.9-3?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63v8-dt23-9ue7
1
vulnerability VCID-ad5y-3exv-y7bq
2
vulnerability VCID-esea-tj2b-h7ey
3
vulnerability VCID-hvfd-h9rm-jkbw
4
vulnerability VCID-qn4v-xah4-fya7
5
vulnerability VCID-r52s-2crw-tfbx
6
vulnerability VCID-xref-9byg-nkdw
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/servicemesh@2.0.9-3%3Farch=el8
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29482.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29482.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29482
reference_id
reference_type
scores
0
value 0.00433
scoring_system epss
scoring_elements 0.62758
published_at 2026-04-21T12:55:00Z
1
value 0.00433
scoring_system epss
scoring_elements 0.62621
published_at 2026-04-01T12:55:00Z
2
value 0.00433
scoring_system epss
scoring_elements 0.62679
published_at 2026-04-02T12:55:00Z
3
value 0.00433
scoring_system epss
scoring_elements 0.62712
published_at 2026-04-04T12:55:00Z
4
value 0.00433
scoring_system epss
scoring_elements 0.62676
published_at 2026-04-07T12:55:00Z
5
value 0.00433
scoring_system epss
scoring_elements 0.62728
published_at 2026-04-13T12:55:00Z
6
value 0.00433
scoring_system epss
scoring_elements 0.62744
published_at 2026-04-09T12:55:00Z
7
value 0.00433
scoring_system epss
scoring_elements 0.62762
published_at 2026-04-11T12:55:00Z
8
value 0.00433
scoring_system epss
scoring_elements 0.62752
published_at 2026-04-12T12:55:00Z
9
value 0.00433
scoring_system epss
scoring_elements 0.62769
published_at 2026-04-16T12:55:00Z
10
value 0.00433
scoring_system epss
scoring_elements 0.62777
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29482
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29482
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29482
3
reference_url https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b
4
reference_url https://github.com/ulikunitz/xz/issues/35
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ulikunitz/xz/issues/35
5
reference_url https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29482
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29482
7
reference_url https://pkg.go.dev/vuln/GO-2020-0016
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2020-0016
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1954368
reference_id 1954368
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1954368
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988243
reference_id 988243
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988243
10
reference_url https://access.redhat.com/errata/RHSA-2021:2920
reference_id RHSA-2021:2920
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2920
11
reference_url https://access.redhat.com/errata/RHSA-2022:0687
reference_id RHSA-2022:0687
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0687
12
reference_url https://access.redhat.com/errata/RHSA-2022:1276
reference_id RHSA-2022:1276
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1276
13
reference_url https://access.redhat.com/errata/RHSA-2022:2183
reference_id RHSA-2022:2183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2183
Weaknesses
0
cwe_id 835
name Loop with Unreachable Exit Condition ('Infinite Loop')
description The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-esea-tj2b-h7ey