Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-r52s-2crw-tfbx

Summary golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension

Aliases

alias	CVE-2020-28851

Fixed_packages

url pkg:deb/debian/golang-golang-x-text@0.3.6-1?distro=trixie

purl pkg:deb/debian/golang-golang-x-text@0.3.6-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dh6-y93r-2ucc

vulnerability	VCID-6rzu-td8d-1ycn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-text@0.3.6-1%3Fdistro=trixie

url	pkg:deb/debian/golang-golang-x-text@0.7.0-1?distro=trixie
purl	pkg:deb/debian/golang-golang-x-text@0.7.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-text@0.7.0-1%3Fdistro=trixie

url	pkg:deb/debian/golang-golang-x-text@0.22.0-1?distro=trixie
purl	pkg:deb/debian/golang-golang-x-text@0.22.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-text@0.22.0-1%3Fdistro=trixie

url	pkg:deb/debian/golang-golang-x-text@0.35.0-1?distro=trixie
purl	pkg:deb/debian/golang-golang-x-text@0.35.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-text@0.35.0-1%3Fdistro=trixie

url	pkg:deb/debian/golang-golang-x-text@0.36.0-1?distro=trixie
purl	pkg:deb/debian/golang-golang-x-text@0.36.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-text@0.36.0-1%3Fdistro=trixie

Affected_packages

url pkg:rpm/redhat/git-lfs@2.13.3-3?arch=el8_6

purl pkg:rpm/redhat/git-lfs@2.13.3-3?arch=el8_6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-498g-zap2-vqag

vulnerability	VCID-6189-d1tw-bfcp

vulnerability	VCID-65mk-w8rx-zucs

vulnerability	VCID-81aw-mk9s-eydd

vulnerability	VCID-azr4-u36f-pbew

vulnerability	VCID-g8y7-jdy7-afdh

vulnerability	VCID-hvfd-h9rm-jkbw

vulnerability	VCID-ps89-8u5a-kfc8

vulnerability	VCID-r52s-2crw-tfbx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/git-lfs@2.13.3-3%3Farch=el8_6

url pkg:rpm/redhat/podman@2:4.2.0-3?arch=el9

purl pkg:rpm/redhat/podman@2:4.2.0-3?arch=el9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1n1h-e2p4-9yhs

vulnerability	VCID-83z3-5q22-wycr

vulnerability	VCID-ayxa-s9j4-k7hd

vulnerability	VCID-hvfd-h9rm-jkbw

vulnerability	VCID-mzjw-b6mh-nugs

vulnerability	VCID-pqs8-s3dm-7ff2

vulnerability	VCID-r52s-2crw-tfbx

vulnerability	VCID-z1ct-cecz-mqer

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/podman@2:4.2.0-3%3Farch=el9

url pkg:rpm/redhat/servicemesh@2.0.9-3?arch=el8

purl pkg:rpm/redhat/servicemesh@2.0.9-3?arch=el8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-63v8-dt23-9ue7

vulnerability	VCID-ad5y-3exv-y7bq

vulnerability	VCID-esea-tj2b-h7ey

vulnerability	VCID-hvfd-h9rm-jkbw

vulnerability	VCID-qn4v-xah4-fya7

vulnerability	VCID-r52s-2crw-tfbx

vulnerability	VCID-xref-9byg-nkdw

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/servicemesh@2.0.9-3%3Farch=el8

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28851.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28851.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-28851

reference_id

reference_type

scores

value	0.00138
scoring_system	epss
scoring_elements	0.3356
published_at	2026-04-01T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33894
published_at	2026-04-02T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33926
published_at	2026-04-04T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33779
published_at	2026-04-21T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33822
published_at	2026-04-08T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33855
published_at	2026-04-09T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33853
published_at	2026-04-11T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33811
published_at	2026-04-18T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33787
published_at	2026-04-13T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33825
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-28851

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1913333
reference_id	1913333
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1913333

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980001
reference_id	980001
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980001

reference_url	https://access.redhat.com/errata/RHSA-2022:0577
reference_id	RHSA-2022:0577
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0577

reference_url	https://access.redhat.com/errata/RHSA-2022:1276
reference_id	RHSA-2022:1276
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1276

reference_url	https://access.redhat.com/errata/RHSA-2022:1762
reference_id	RHSA-2022:1762
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1762

reference_url	https://access.redhat.com/errata/RHSA-2022:7129
reference_id	RHSA-2022:7129
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7129

reference_url	https://access.redhat.com/errata/RHSA-2022:7954
reference_id	RHSA-2022:7954
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7954

reference_url	https://usn.ubuntu.com/5873-1/
reference_id	USN-5873-1
reference_type
scores
url	https://usn.ubuntu.com/5873-1/

Weaknesses

cwe_id	129
name	Improper Validation of Array Index
description	The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

Exploits

Severity_range_score 5.3 - 7.5

Exploitability 0.5

Weighted_severity 6.8

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r52s-2crw-tfbx

Vulnerability Instance