Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-7h9j-t7c8-9qfy

Summary golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.

Aliases

alias	CVE-2023-45287

Fixed_packages

Affected_packages

url pkg:rpm/redhat/buildah@1:1.29.1-20.2.rhaos4.15?arch=el8

purl pkg:rpm/redhat/buildah@1:1.29.1-20.2.rhaos4.15?arch=el8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5eck-adts-e3de

vulnerability	VCID-7h9j-t7c8-9qfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/buildah@1:1.29.1-20.2.rhaos4.15%3Farch=el8

url pkg:rpm/redhat/buildah@2:1.33.6-2?arch=el9

purl pkg:rpm/redhat/buildah@2:1.33.6-2?arch=el9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5eck-adts-e3de

vulnerability	VCID-7h9j-t7c8-9qfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/buildah@2:1.33.6-2%3Farch=el9

url pkg:rpm/redhat/butane@0.20.0-1.rhaos4.15?arch=el8

purl pkg:rpm/redhat/butane@0.20.0-1.rhaos4.15?arch=el8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5eck-adts-e3de

vulnerability	VCID-7h9j-t7c8-9qfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/butane@0.20.0-1.rhaos4.15%3Farch=el8

url pkg:rpm/redhat/collectd-sensubility@0.2.1-3?arch=el9ost

purl pkg:rpm/redhat/collectd-sensubility@0.2.1-3?arch=el9ost

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5eck-adts-e3de

vulnerability	VCID-6nrn-u58x-mben

vulnerability	VCID-7h9j-t7c8-9qfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/collectd-sensubility@0.2.1-3%3Farch=el9ost

url pkg:rpm/redhat/collectd-sensubility@0.2.1-3?arch=el8ost

purl pkg:rpm/redhat/collectd-sensubility@0.2.1-3?arch=el8ost

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5eck-adts-e3de

vulnerability	VCID-6nrn-u58x-mben

vulnerability	VCID-7h9j-t7c8-9qfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/collectd-sensubility@0.2.1-3%3Farch=el8ost

url pkg:rpm/redhat/containernetworking-plugins@1:1.2.0-3?arch=el9_2

purl pkg:rpm/redhat/containernetworking-plugins@1:1.2.0-3?arch=el9_2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7h9j-t7c8-9qfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/containernetworking-plugins@1:1.2.0-3%3Farch=el9_2

url pkg:rpm/redhat/containernetworking-plugins@1:1.4.0-1.1.rhaos4.15?arch=el8

purl pkg:rpm/redhat/containernetworking-plugins@1:1.4.0-1.1.rhaos4.15?arch=el8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5eck-adts-e3de

vulnerability	VCID-7h9j-t7c8-9qfy

vulnerability	VCID-h7qt-3g1f-5ffr

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/containernetworking-plugins@1:1.4.0-1.1.rhaos4.15%3Farch=el8

url pkg:rpm/redhat/containernetworking-plugins@1:1.4.0-2?arch=el9_4

purl pkg:rpm/redhat/containernetworking-plugins@1:1.4.0-2?arch=el9_4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5eck-adts-e3de

vulnerability	VCID-7h9j-t7c8-9qfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/containernetworking-plugins@1:1.4.0-2%3Farch=el9_4

url pkg:rpm/redhat/etcd@3.4.26-8?arch=el9ost

purl pkg:rpm/redhat/etcd@3.4.26-8?arch=el9ost

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5eck-adts-e3de

vulnerability	VCID-5tae-75u6-pugf

vulnerability	VCID-6nrn-u58x-mben

vulnerability	VCID-7h9j-t7c8-9qfy

vulnerability	VCID-aj2b-56uj-gkar

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/etcd@3.4.26-8%3Farch=el9ost

url pkg:rpm/redhat/microshift@4.15.0-202402260721.p0.g799289b.assembly.4.15.0?arch=el9

purl pkg:rpm/redhat/microshift@4.15.0-202402260721.p0.g799289b.assembly.4.15.0?arch=el9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5eck-adts-e3de

vulnerability	VCID-7h9j-t7c8-9qfy

vulnerability	VCID-h7qt-3g1f-5ffr

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/microshift@4.15.0-202402260721.p0.g799289b.assembly.4.15.0%3Farch=el9

url pkg:rpm/redhat/openshift@4.15.0-202402142009.p0.g6216ea1.assembly.stream?arch=el8

purl pkg:rpm/redhat/openshift@4.15.0-202402142009.p0.g6216ea1.assembly.stream?arch=el8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5eck-adts-e3de

vulnerability	VCID-7h9j-t7c8-9qfy

vulnerability	VCID-h7qt-3g1f-5ffr

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift@4.15.0-202402142009.p0.g6216ea1.assembly.stream%3Farch=el8

url pkg:rpm/redhat/openshift-clients@4.15.0-202402070507.p0.g48dcf59.assembly.stream?arch=el8

purl pkg:rpm/redhat/openshift-clients@4.15.0-202402070507.p0.g48dcf59.assembly.stream?arch=el8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5eck-adts-e3de

vulnerability	VCID-7h9j-t7c8-9qfy

vulnerability	VCID-h7qt-3g1f-5ffr

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-clients@4.15.0-202402070507.p0.g48dcf59.assembly.stream%3Farch=el8

url pkg:rpm/redhat/podman@2:4.9.4-0.1?arch=el9

purl pkg:rpm/redhat/podman@2:4.9.4-0.1?arch=el9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5eck-adts-e3de

vulnerability	VCID-7h9j-t7c8-9qfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/podman@2:4.9.4-0.1%3Farch=el9

url pkg:rpm/redhat/podman@3:4.4.1-21.rhaos4.15?arch=el8

purl pkg:rpm/redhat/podman@3:4.4.1-21.rhaos4.15?arch=el8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5eck-adts-e3de

vulnerability	VCID-7h9j-t7c8-9qfy

vulnerability	VCID-jzn6-bzzf-nugp

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/podman@3:4.4.1-21.rhaos4.15%3Farch=el8

url pkg:rpm/redhat/runc@4:1.1.12-1.rhaos4.15?arch=el8

purl pkg:rpm/redhat/runc@4:1.1.12-1.rhaos4.15?arch=el8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7h9j-t7c8-9qfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/runc@4:1.1.12-1.rhaos4.15%3Farch=el8

url pkg:rpm/redhat/runc@4:1.1.12-2?arch=el9

purl pkg:rpm/redhat/runc@4:1.1.12-2?arch=el9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6189-d1tw-bfcp

vulnerability	VCID-7h9j-t7c8-9qfy

vulnerability	VCID-g8y7-jdy7-afdh

vulnerability	VCID-vxks-1bkp-6bd5

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/runc@4:1.1.12-2%3Farch=el9

url pkg:rpm/redhat/skopeo@2:1.11.2-21.1.rhaos4.15?arch=el8

purl pkg:rpm/redhat/skopeo@2:1.11.2-21.1.rhaos4.15?arch=el8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5eck-adts-e3de

vulnerability	VCID-7h9j-t7c8-9qfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/skopeo@2:1.11.2-21.1.rhaos4.15%3Farch=el8

url pkg:rpm/redhat/skopeo@2:1.14.3-0.1?arch=el9

purl pkg:rpm/redhat/skopeo@2:1.14.3-0.1?arch=el9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7h9j-t7c8-9qfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/skopeo@2:1.14.3-0.1%3Farch=el9

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45287.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45287.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45287

reference_id

reference_type

scores

value	0.00185
scoring_system	epss
scoring_elements	0.4029
published_at	2026-04-02T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40315
published_at	2026-04-04T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40237
published_at	2026-04-07T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40289
published_at	2026-04-08T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40301
published_at	2026-04-09T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40313
published_at	2026-04-11T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40276
published_at	2026-04-12T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40256
published_at	2026-04-13T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40303
published_at	2026-04-16T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40272
published_at	2026-04-18T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40196
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45287

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2253193
reference_id	2253193
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2253193

reference_url	https://access.redhat.com/errata/RHSA-2023:7200
reference_id	RHSA-2023:7200
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7200

reference_url	https://access.redhat.com/errata/RHSA-2023:7201
reference_id	RHSA-2023:7201
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7201

reference_url	https://access.redhat.com/errata/RHSA-2024:0269
reference_id	RHSA-2024:0269
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0269

reference_url	https://access.redhat.com/errata/RHSA-2024:0281
reference_id	RHSA-2024:0281
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0281

reference_url	https://access.redhat.com/errata/RHSA-2024:0748
reference_id	RHSA-2024:0748
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0748

reference_url	https://access.redhat.com/errata/RHSA-2024:1078
reference_id	RHSA-2024:1078
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1078

reference_url	https://access.redhat.com/errata/RHSA-2024:1859
reference_id	RHSA-2024:1859
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1859

reference_url	https://access.redhat.com/errata/RHSA-2024:1901
reference_id	RHSA-2024:1901
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1901

reference_url	https://access.redhat.com/errata/RHSA-2024:2180
reference_id	RHSA-2024:2180
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2180

reference_url	https://access.redhat.com/errata/RHSA-2024:2193
reference_id	RHSA-2024:2193
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2193

reference_url	https://access.redhat.com/errata/RHSA-2024:2239
reference_id	RHSA-2024:2239
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2239

reference_url	https://access.redhat.com/errata/RHSA-2024:2245
reference_id	RHSA-2024:2245
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2245

reference_url	https://access.redhat.com/errata/RHSA-2024:2272
reference_id	RHSA-2024:2272
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2272

reference_url	https://access.redhat.com/errata/RHSA-2024:2988
reference_id	RHSA-2024:2988
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2988

reference_url	https://access.redhat.com/errata/RHSA-2024:3316
reference_id	RHSA-2024:3316
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3316

reference_url	https://access.redhat.com/errata/RHSA-2024:4429
reference_id	RHSA-2024:4429
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4429

Weaknesses

cwe_id	208
name	Observable Timing Discrepancy
description	Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Exploits

Severity_range_score 7.5 - 7.5

Exploitability 0.5

Weighted_severity 6.8

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7h9j-t7c8-9qfy

Vulnerability Instance