Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-hvfd-h9rm-jkbw

Summary golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag

Aliases

alias	CVE-2020-28852

Fixed_packages

url	pkg:deb/debian/golang-golang-x-text@0.3.5-1?distro=trixie
purl	pkg:deb/debian/golang-golang-x-text@0.3.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-text@0.3.5-1%3Fdistro=trixie

url pkg:deb/debian/golang-golang-x-text@0.3.6-1?distro=trixie

purl pkg:deb/debian/golang-golang-x-text@0.3.6-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dh6-y93r-2ucc

vulnerability	VCID-6rzu-td8d-1ycn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-text@0.3.6-1%3Fdistro=trixie

url	pkg:deb/debian/golang-golang-x-text@0.7.0-1?distro=trixie
purl	pkg:deb/debian/golang-golang-x-text@0.7.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-text@0.7.0-1%3Fdistro=trixie

url	pkg:deb/debian/golang-golang-x-text@0.22.0-1?distro=trixie
purl	pkg:deb/debian/golang-golang-x-text@0.22.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-text@0.22.0-1%3Fdistro=trixie

url	pkg:deb/debian/golang-golang-x-text@0.35.0-1?distro=trixie
purl	pkg:deb/debian/golang-golang-x-text@0.35.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-text@0.35.0-1%3Fdistro=trixie

url	pkg:deb/debian/golang-golang-x-text@0.36.0-1?distro=trixie
purl	pkg:deb/debian/golang-golang-x-text@0.36.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-golang-x-text@0.36.0-1%3Fdistro=trixie

Affected_packages

url pkg:rpm/redhat/git-lfs@2.13.3-3?arch=el8_6

purl pkg:rpm/redhat/git-lfs@2.13.3-3?arch=el8_6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-498g-zap2-vqag

vulnerability	VCID-6189-d1tw-bfcp

vulnerability	VCID-65mk-w8rx-zucs

vulnerability	VCID-81aw-mk9s-eydd

vulnerability	VCID-azr4-u36f-pbew

vulnerability	VCID-g8y7-jdy7-afdh

vulnerability	VCID-hvfd-h9rm-jkbw

vulnerability	VCID-ps89-8u5a-kfc8

vulnerability	VCID-r52s-2crw-tfbx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/git-lfs@2.13.3-3%3Farch=el8_6

url pkg:rpm/redhat/podman@2:4.2.0-3?arch=el9

purl pkg:rpm/redhat/podman@2:4.2.0-3?arch=el9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1n1h-e2p4-9yhs

vulnerability	VCID-83z3-5q22-wycr

vulnerability	VCID-ayxa-s9j4-k7hd

vulnerability	VCID-hvfd-h9rm-jkbw

vulnerability	VCID-mzjw-b6mh-nugs

vulnerability	VCID-pqs8-s3dm-7ff2

vulnerability	VCID-r52s-2crw-tfbx

vulnerability	VCID-z1ct-cecz-mqer

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/podman@2:4.2.0-3%3Farch=el9

url pkg:rpm/redhat/servicemesh@2.0.9-3?arch=el8

purl pkg:rpm/redhat/servicemesh@2.0.9-3?arch=el8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-63v8-dt23-9ue7

vulnerability	VCID-ad5y-3exv-y7bq

vulnerability	VCID-esea-tj2b-h7ey

vulnerability	VCID-hvfd-h9rm-jkbw

vulnerability	VCID-qn4v-xah4-fya7

vulnerability	VCID-r52s-2crw-tfbx

vulnerability	VCID-xref-9byg-nkdw

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/servicemesh@2.0.9-3%3Farch=el8

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28852.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28852.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-28852

reference_id

reference_type

scores

value	0.00107
scoring_system	epss
scoring_elements	0.28995
published_at	2026-04-01T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.29072
published_at	2026-04-02T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.29123
published_at	2026-04-04T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28934
published_at	2026-04-07T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28999
published_at	2026-04-08T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.29042
published_at	2026-04-09T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.29046
published_at	2026-04-11T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.29001
published_at	2026-04-12T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28952
published_at	2026-04-13T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28976
published_at	2026-04-16T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28954
published_at	2026-04-18T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28908
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-28852

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1913338
reference_id	1913338
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1913338

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980002
reference_id	980002
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980002

reference_url	https://access.redhat.com/errata/RHSA-2021:2438
reference_id	RHSA-2021:2438
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2438

reference_url	https://access.redhat.com/errata/RHSA-2022:0577
reference_id	RHSA-2022:0577
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0577

reference_url	https://access.redhat.com/errata/RHSA-2022:1276
reference_id	RHSA-2022:1276
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1276

reference_url	https://access.redhat.com/errata/RHSA-2022:7129
reference_id	RHSA-2022:7129
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7129

reference_url	https://access.redhat.com/errata/RHSA-2022:7954
reference_id	RHSA-2022:7954
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7954

reference_url	https://usn.ubuntu.com/5873-1/
reference_id	USN-5873-1
reference_type
scores
url	https://usn.ubuntu.com/5873-1/

Weaknesses

cwe_id	129
name	Improper Validation of Array Index
description	The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

Exploits

Severity_range_score 5.3 - 7.5

Exploitability 0.5

Weighted_severity 6.8

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hvfd-h9rm-jkbw

Vulnerability Instance