Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-uk6q-31q8-qqf9
SummaryThere exists use-after-free vulnerabilities in lighttpd <= 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not from other requests.
Aliases
0
alias CVE-2018-25103
Fixed_packages
0
url pkg:deb/debian/lighttpd@1.4.52-1?distro=trixie
purl pkg:deb/debian/lighttpd@1.4.52-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.52-1%3Fdistro=trixie
1
url pkg:deb/debian/lighttpd@1.4.53-4%2Bdeb10u2
purl pkg:deb/debian/lighttpd@1.4.53-4%2Bdeb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8sn2-9v3z-5qd8
1
vulnerability VCID-dj2j-yr1r-myej
2
vulnerability VCID-ma83-g8ra-47bd
3
vulnerability VCID-nabb-9r87-mbhw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.53-4%252Bdeb10u2
2
url pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.59-1%252Bdeb11u2%3Fdistro=trixie
3
url pkg:deb/debian/lighttpd@1.4.69-1?distro=trixie
purl pkg:deb/debian/lighttpd@1.4.69-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.69-1%3Fdistro=trixie
4
url pkg:deb/debian/lighttpd@1.4.79-2?distro=trixie
purl pkg:deb/debian/lighttpd@1.4.79-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.79-2%3Fdistro=trixie
5
url pkg:deb/debian/lighttpd@1.4.82-2?distro=trixie
purl pkg:deb/debian/lighttpd@1.4.82-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.82-2%3Fdistro=trixie
Affected_packages
0
url pkg:deb/debian/lighttpd@1.4.13-4
purl pkg:deb/debian/lighttpd@1.4.13-4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17xt-wfmb-6ba3
1
vulnerability VCID-2ym1-hzpb-67bp
2
vulnerability VCID-392a-57u1-mqcx
3
vulnerability VCID-3mv4-zscp-uke6
4
vulnerability VCID-4252-bxgf-pqgq
5
vulnerability VCID-483h-5atk-dfgs
6
vulnerability VCID-4mqa-bkha-kbaj
7
vulnerability VCID-7t19-jqkx-83du
8
vulnerability VCID-8sn2-9v3z-5qd8
9
vulnerability VCID-a11f-ydyr-6bcd
10
vulnerability VCID-bzf1-xw3k-qud7
11
vulnerability VCID-d983-1g2v-h7e9
12
vulnerability VCID-dj2j-yr1r-myej
13
vulnerability VCID-dnxd-x42g-2qcu
14
vulnerability VCID-e1yx-dxa6-1bba
15
vulnerability VCID-ebx8-yzbr-57ew
16
vulnerability VCID-eetd-2zwu-fud5
17
vulnerability VCID-ewrp-7up7-9qf3
18
vulnerability VCID-gt7s-kr68-5fer
19
vulnerability VCID-h1bj-mx6t-6kav
20
vulnerability VCID-hc9c-1c4k-wqh1
21
vulnerability VCID-j8ey-bqzd-hqce
22
vulnerability VCID-jau7-gfz8-dkfa
23
vulnerability VCID-ma83-g8ra-47bd
24
vulnerability VCID-mmey-1ydv-nfha
25
vulnerability VCID-muqu-fzs6-jqbd
26
vulnerability VCID-nabb-9r87-mbhw
27
vulnerability VCID-ntx6-vp4b-nbdk
28
vulnerability VCID-r76c-k624-v7fe
29
vulnerability VCID-rjf6-heyy-5kce
30
vulnerability VCID-rjpt-cjmu-43fu
31
vulnerability VCID-rz5g-r2e9-9kgw
32
vulnerability VCID-uk6q-31q8-qqf9
33
vulnerability VCID-wfbv-rpt2-9bcs
34
vulnerability VCID-xap5-djda-2uem
35
vulnerability VCID-xejg-te5s-wfax
36
vulnerability VCID-z3wv-cgxn-cyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.13-4
1
url pkg:deb/debian/lighttpd@1.4.13-4etch12
purl pkg:deb/debian/lighttpd@1.4.13-4etch12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17xt-wfmb-6ba3
1
vulnerability VCID-2ym1-hzpb-67bp
2
vulnerability VCID-392a-57u1-mqcx
3
vulnerability VCID-3mv4-zscp-uke6
4
vulnerability VCID-4252-bxgf-pqgq
5
vulnerability VCID-483h-5atk-dfgs
6
vulnerability VCID-4mqa-bkha-kbaj
7
vulnerability VCID-7t19-jqkx-83du
8
vulnerability VCID-8sn2-9v3z-5qd8
9
vulnerability VCID-a11f-ydyr-6bcd
10
vulnerability VCID-bzf1-xw3k-qud7
11
vulnerability VCID-d983-1g2v-h7e9
12
vulnerability VCID-dj2j-yr1r-myej
13
vulnerability VCID-dnxd-x42g-2qcu
14
vulnerability VCID-e1yx-dxa6-1bba
15
vulnerability VCID-ebx8-yzbr-57ew
16
vulnerability VCID-eetd-2zwu-fud5
17
vulnerability VCID-ewrp-7up7-9qf3
18
vulnerability VCID-gt7s-kr68-5fer
19
vulnerability VCID-h1bj-mx6t-6kav
20
vulnerability VCID-hc9c-1c4k-wqh1
21
vulnerability VCID-j8ey-bqzd-hqce
22
vulnerability VCID-jau7-gfz8-dkfa
23
vulnerability VCID-ma83-g8ra-47bd
24
vulnerability VCID-mmey-1ydv-nfha
25
vulnerability VCID-muqu-fzs6-jqbd
26
vulnerability VCID-nabb-9r87-mbhw
27
vulnerability VCID-ntx6-vp4b-nbdk
28
vulnerability VCID-r76c-k624-v7fe
29
vulnerability VCID-rjf6-heyy-5kce
30
vulnerability VCID-rjpt-cjmu-43fu
31
vulnerability VCID-rz5g-r2e9-9kgw
32
vulnerability VCID-uk6q-31q8-qqf9
33
vulnerability VCID-wfbv-rpt2-9bcs
34
vulnerability VCID-xap5-djda-2uem
35
vulnerability VCID-xejg-te5s-wfax
36
vulnerability VCID-z3wv-cgxn-cyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.13-4etch12
2
url pkg:deb/debian/lighttpd@1.4.19-5%2Blenny3
purl pkg:deb/debian/lighttpd@1.4.19-5%2Blenny3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-392a-57u1-mqcx
1
vulnerability VCID-3mv4-zscp-uke6
2
vulnerability VCID-4252-bxgf-pqgq
3
vulnerability VCID-4mqa-bkha-kbaj
4
vulnerability VCID-7t19-jqkx-83du
5
vulnerability VCID-8sn2-9v3z-5qd8
6
vulnerability VCID-dj2j-yr1r-myej
7
vulnerability VCID-dnxd-x42g-2qcu
8
vulnerability VCID-e1yx-dxa6-1bba
9
vulnerability VCID-ebx8-yzbr-57ew
10
vulnerability VCID-eetd-2zwu-fud5
11
vulnerability VCID-ewrp-7up7-9qf3
12
vulnerability VCID-gt7s-kr68-5fer
13
vulnerability VCID-jau7-gfz8-dkfa
14
vulnerability VCID-ma83-g8ra-47bd
15
vulnerability VCID-muqu-fzs6-jqbd
16
vulnerability VCID-nabb-9r87-mbhw
17
vulnerability VCID-r76c-k624-v7fe
18
vulnerability VCID-rz5g-r2e9-9kgw
19
vulnerability VCID-uk6q-31q8-qqf9
20
vulnerability VCID-wfbv-rpt2-9bcs
21
vulnerability VCID-xap5-djda-2uem
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.19-5%252Blenny3
3
url pkg:deb/debian/lighttpd@1.4.28-2%2Bsqueeze1.6
purl pkg:deb/debian/lighttpd@1.4.28-2%2Bsqueeze1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-392a-57u1-mqcx
1
vulnerability VCID-3mv4-zscp-uke6
2
vulnerability VCID-4mqa-bkha-kbaj
3
vulnerability VCID-7t19-jqkx-83du
4
vulnerability VCID-8sn2-9v3z-5qd8
5
vulnerability VCID-dj2j-yr1r-myej
6
vulnerability VCID-dnxd-x42g-2qcu
7
vulnerability VCID-e1yx-dxa6-1bba
8
vulnerability VCID-ebx8-yzbr-57ew
9
vulnerability VCID-eetd-2zwu-fud5
10
vulnerability VCID-ewrp-7up7-9qf3
11
vulnerability VCID-gt7s-kr68-5fer
12
vulnerability VCID-jau7-gfz8-dkfa
13
vulnerability VCID-ma83-g8ra-47bd
14
vulnerability VCID-muqu-fzs6-jqbd
15
vulnerability VCID-nabb-9r87-mbhw
16
vulnerability VCID-r76c-k624-v7fe
17
vulnerability VCID-rz5g-r2e9-9kgw
18
vulnerability VCID-uk6q-31q8-qqf9
19
vulnerability VCID-wfbv-rpt2-9bcs
20
vulnerability VCID-xap5-djda-2uem
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.28-2%252Bsqueeze1.6
4
url pkg:deb/debian/lighttpd@1.4.28-2%2Bsqueeze1.7
purl pkg:deb/debian/lighttpd@1.4.28-2%2Bsqueeze1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-392a-57u1-mqcx
1
vulnerability VCID-3mv4-zscp-uke6
2
vulnerability VCID-4mqa-bkha-kbaj
3
vulnerability VCID-7t19-jqkx-83du
4
vulnerability VCID-8sn2-9v3z-5qd8
5
vulnerability VCID-dj2j-yr1r-myej
6
vulnerability VCID-dnxd-x42g-2qcu
7
vulnerability VCID-e1yx-dxa6-1bba
8
vulnerability VCID-ebx8-yzbr-57ew
9
vulnerability VCID-eetd-2zwu-fud5
10
vulnerability VCID-ewrp-7up7-9qf3
11
vulnerability VCID-gt7s-kr68-5fer
12
vulnerability VCID-jau7-gfz8-dkfa
13
vulnerability VCID-ma83-g8ra-47bd
14
vulnerability VCID-muqu-fzs6-jqbd
15
vulnerability VCID-nabb-9r87-mbhw
16
vulnerability VCID-r76c-k624-v7fe
17
vulnerability VCID-rz5g-r2e9-9kgw
18
vulnerability VCID-uk6q-31q8-qqf9
19
vulnerability VCID-wfbv-rpt2-9bcs
20
vulnerability VCID-xap5-djda-2uem
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.28-2%252Bsqueeze1.7
5
url pkg:deb/debian/lighttpd@1.4.31-4%2Bdeb7u4
purl pkg:deb/debian/lighttpd@1.4.31-4%2Bdeb7u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-392a-57u1-mqcx
1
vulnerability VCID-3mv4-zscp-uke6
2
vulnerability VCID-7t19-jqkx-83du
3
vulnerability VCID-8sn2-9v3z-5qd8
4
vulnerability VCID-dj2j-yr1r-myej
5
vulnerability VCID-ebx8-yzbr-57ew
6
vulnerability VCID-ewrp-7up7-9qf3
7
vulnerability VCID-gt7s-kr68-5fer
8
vulnerability VCID-ma83-g8ra-47bd
9
vulnerability VCID-nabb-9r87-mbhw
10
vulnerability VCID-r76c-k624-v7fe
11
vulnerability VCID-rz5g-r2e9-9kgw
12
vulnerability VCID-uk6q-31q8-qqf9
13
vulnerability VCID-wfbv-rpt2-9bcs
14
vulnerability VCID-xap5-djda-2uem
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.31-4%252Bdeb7u4
6
url pkg:deb/debian/lighttpd@1.4.35-4
purl pkg:deb/debian/lighttpd@1.4.35-4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-392a-57u1-mqcx
1
vulnerability VCID-3mv4-zscp-uke6
2
vulnerability VCID-8sn2-9v3z-5qd8
3
vulnerability VCID-dj2j-yr1r-myej
4
vulnerability VCID-ma83-g8ra-47bd
5
vulnerability VCID-nabb-9r87-mbhw
6
vulnerability VCID-r76c-k624-v7fe
7
vulnerability VCID-uk6q-31q8-qqf9
8
vulnerability VCID-wfbv-rpt2-9bcs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.35-4
7
url pkg:deb/debian/lighttpd@1.4.35-4%2Bdeb8u1
purl pkg:deb/debian/lighttpd@1.4.35-4%2Bdeb8u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-392a-57u1-mqcx
1
vulnerability VCID-3mv4-zscp-uke6
2
vulnerability VCID-8sn2-9v3z-5qd8
3
vulnerability VCID-dj2j-yr1r-myej
4
vulnerability VCID-ma83-g8ra-47bd
5
vulnerability VCID-nabb-9r87-mbhw
6
vulnerability VCID-r76c-k624-v7fe
7
vulnerability VCID-uk6q-31q8-qqf9
8
vulnerability VCID-wfbv-rpt2-9bcs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.35-4%252Bdeb8u1
8
url pkg:deb/debian/lighttpd@1.4.45-1
purl pkg:deb/debian/lighttpd@1.4.45-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-392a-57u1-mqcx
1
vulnerability VCID-8sn2-9v3z-5qd8
2
vulnerability VCID-dj2j-yr1r-myej
3
vulnerability VCID-ma83-g8ra-47bd
4
vulnerability VCID-nabb-9r87-mbhw
5
vulnerability VCID-uk6q-31q8-qqf9
6
vulnerability VCID-wfbv-rpt2-9bcs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.45-1
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-25103
reference_id
reference_type
scores
0
value 0.00342
scoring_system epss
scoring_elements 0.56909
published_at 2026-04-16T12:55:00Z
1
value 0.00342
scoring_system epss
scoring_elements 0.56862
published_at 2026-04-02T12:55:00Z
2
value 0.00342
scoring_system epss
scoring_elements 0.56883
published_at 2026-04-04T12:55:00Z
3
value 0.00342
scoring_system epss
scoring_elements 0.56859
published_at 2026-04-07T12:55:00Z
4
value 0.00342
scoring_system epss
scoring_elements 0.56911
published_at 2026-04-08T12:55:00Z
5
value 0.00342
scoring_system epss
scoring_elements 0.56914
published_at 2026-04-09T12:55:00Z
6
value 0.00342
scoring_system epss
scoring_elements 0.56923
published_at 2026-04-11T12:55:00Z
7
value 0.00342
scoring_system epss
scoring_elements 0.56903
published_at 2026-04-12T12:55:00Z
8
value 0.00342
scoring_system epss
scoring_elements 0.5688
published_at 2026-04-13T12:55:00Z
9
value 0.00342
scoring_system epss
scoring_elements 0.56767
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-25103
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25103
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25103
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://www.kb.cert.org/vuls/id/312260
reference_id 312260
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:05:27Z/
url https://www.kb.cert.org/vuls/id/312260
4
reference_url https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf
reference_id AMI-SA-2024002.pdf
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:05:27Z/
url https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf
5
reference_url https://github.com/lighttpd/lighttpd1.4/commit/d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8
reference_id d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:05:27Z/
url https://github.com/lighttpd/lighttpd1.4/commit/d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8
6
reference_url https://github.com/lighttpd/lighttpd1.4/commit/df8e4f95614e476276a55e34da2aa8b00b1148e9
reference_id df8e4f95614e476276a55e34da2aa8b00b1148e9
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:05:27Z/
url https://github.com/lighttpd/lighttpd1.4/commit/df8e4f95614e476276a55e34da2aa8b00b1148e9
7
reference_url https://www.runzero.com/blog/lighttpd/
reference_id lighttpd
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:05:27Z/
url https://www.runzero.com/blog/lighttpd/
8
reference_url https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736
reference_id #more-736
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:05:27Z/
url https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736
Weaknesses
0
cwe_id 416
name Use After Free
description Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Exploits
Severity_range_score5.3 - 8.2
Exploitability0.5
Weighted_severity4.8
Risk_score2.4
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-uk6q-31q8-qqf9