Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-uyag-gzdr-kbf9
Summary
etcd's WAL `ReadAll`  method vulnerable to an entry with large index causing panic
### Vulnerability type
Data Validation

### Detail
In the ReadAll method in wal/wal.go, it is possible to have an entry index greater then the number of entries. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.

### References
Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf)

### For more information
If you have any questions or comments about this advisory:
* Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md)
Aliases
0
alias CVE-2020-15112
1
alias GHSA-m332-53r6-2w93
Fixed_packages
0
url pkg:deb/debian/etcd@3.3.25%2Bdfsg-5?distro=trixie
purl pkg:deb/debian/etcd@3.3.25%2Bdfsg-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-5%3Fdistro=trixie
1
url pkg:deb/debian/etcd@3.3.25%2Bdfsg-6
purl pkg:deb/debian/etcd@3.3.25%2Bdfsg-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7565-6bvk-mqgx
1
vulnerability VCID-my73-sc8s-3faj
2
vulnerability VCID-pb9m-ts3k-uban
3
vulnerability VCID-ud4m-y2s3-nban
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-6
2
url pkg:deb/debian/etcd@3.3.25%2Bdfsg-6?distro=trixie
purl pkg:deb/debian/etcd@3.3.25%2Bdfsg-6?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7565-6bvk-mqgx
1
vulnerability VCID-my73-sc8s-3faj
2
vulnerability VCID-pb9m-ts3k-uban
3
vulnerability VCID-ud4m-y2s3-nban
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-6%3Fdistro=trixie
3
url pkg:deb/debian/etcd@3.4.23-4?distro=trixie
purl pkg:deb/debian/etcd@3.4.23-4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-my73-sc8s-3faj
1
vulnerability VCID-pb9m-ts3k-uban
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.4.23-4%3Fdistro=trixie
4
url pkg:deb/debian/etcd@3.5.16-4?distro=trixie
purl pkg:deb/debian/etcd@3.5.16-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-4%3Fdistro=trixie
5
url pkg:deb/debian/etcd@3.5.16-10?distro=trixie
purl pkg:deb/debian/etcd@3.5.16-10?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-10%3Fdistro=trixie
6
url pkg:golang/go.etcd.io/etcd/v3@3.3.23
purl pkg:golang/go.etcd.io/etcd/v3@3.3.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/go.etcd.io/etcd/v3@3.3.23
7
url pkg:golang/go.etcd.io/etcd/v3@3.4.10
purl pkg:golang/go.etcd.io/etcd/v3@3.4.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/go.etcd.io/etcd/v3@3.4.10
Affected_packages
0
url pkg:deb/debian/etcd@3.2.26%2Bdfsg-3
purl pkg:deb/debian/etcd@3.2.26%2Bdfsg-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15ma-yxfn-xbeu
1
vulnerability VCID-3533-gs1j-8yby
2
vulnerability VCID-7ebn-2p3p-bfg9
3
vulnerability VCID-e63c-7p3h-f3gj
4
vulnerability VCID-uyag-gzdr-kbf9
5
vulnerability VCID-vj2t-6kre-53h6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.2.26%252Bdfsg-3
1
url pkg:rpm/redhat/etcd@3.2.32-1?arch=el7_9
purl pkg:rpm/redhat/etcd@3.2.32-1?arch=el7_9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e63c-7p3h-f3gj
1
vulnerability VCID-uyag-gzdr-kbf9
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/etcd@3.2.32-1%3Farch=el7_9
2
url pkg:rpm/redhat/etcd@3.3.23-1?arch=el8ost
purl pkg:rpm/redhat/etcd@3.3.23-1?arch=el8ost
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15ma-yxfn-xbeu
1
vulnerability VCID-3533-gs1j-8yby
2
vulnerability VCID-7ebn-2p3p-bfg9
3
vulnerability VCID-e63c-7p3h-f3gj
4
vulnerability VCID-uyag-gzdr-kbf9
5
vulnerability VCID-vj2t-6kre-53h6
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/etcd@3.3.23-1%3Farch=el8ost
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15112.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15112.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15112
reference_id
reference_type
scores
0
value 0.00113
scoring_system epss
scoring_elements 0.29862
published_at 2026-04-12T12:55:00Z
1
value 0.00113
scoring_system epss
scoring_elements 0.29764
published_at 2026-04-21T12:55:00Z
2
value 0.00113
scoring_system epss
scoring_elements 0.29811
published_at 2026-04-18T12:55:00Z
3
value 0.00113
scoring_system epss
scoring_elements 0.29831
published_at 2026-04-16T12:55:00Z
4
value 0.00113
scoring_system epss
scoring_elements 0.29813
published_at 2026-04-13T12:55:00Z
5
value 0.00113
scoring_system epss
scoring_elements 0.299
published_at 2026-04-01T12:55:00Z
6
value 0.00113
scoring_system epss
scoring_elements 0.29943
published_at 2026-04-02T12:55:00Z
7
value 0.00113
scoring_system epss
scoring_elements 0.29992
published_at 2026-04-04T12:55:00Z
8
value 0.00113
scoring_system epss
scoring_elements 0.29804
published_at 2026-04-07T12:55:00Z
9
value 0.00113
scoring_system epss
scoring_elements 0.29866
published_at 2026-04-08T12:55:00Z
10
value 0.00113
scoring_system epss
scoring_elements 0.29902
published_at 2026-04-09T12:55:00Z
11
value 0.00113
scoring_system epss
scoring_elements 0.29908
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15112
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15112
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15112
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/etcd-io/etcd
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd
5
reference_url https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf
6
reference_url https://github.com/etcd-io/etcd/commit/7d1cf640497cbcdfb932e619b13624112c7e3865
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd/commit/7d1cf640497cbcdfb932e619b13624112c7e3865
7
reference_url https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07
8
reference_url https://github.com/etcd-io/etcd/pull/11793
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd/pull/11793
9
reference_url https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15112
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15112
12
reference_url https://pkg.go.dev/vuln/GO-2020-0005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2020-0005
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1868872
reference_id 1868872
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1868872
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740
reference_id 968740
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740
15
reference_url https://access.redhat.com/errata/RHSA-2021:0916
reference_id RHSA-2021:0916
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0916
16
reference_url https://access.redhat.com/errata/RHSA-2021:1407
reference_id RHSA-2021:1407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1407
17
reference_url https://access.redhat.com/errata/RHSA-2021:2438
reference_id RHSA-2021:2438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2438
18
reference_url https://usn.ubuntu.com/5628-1/
reference_id USN-5628-1
reference_type
scores
url https://usn.ubuntu.com/5628-1/
19
reference_url https://usn.ubuntu.com/USN-5628-2/
reference_id USN-USN-5628-2
reference_type
scores
url https://usn.ubuntu.com/USN-5628-2/
Weaknesses
0
cwe_id 129
name Improper Validation of Array Index
description The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
1
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
2
cwe_id 400
name Uncontrolled Resource Consumption
description The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-uyag-gzdr-kbf9