Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-9pmf-w3x7-5ugr

Summary An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed.

Aliases

alias	CVE-2021-36369

Fixed_packages

url	pkg:deb/debian/dropbear@2020.81-3%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/dropbear@2020.81-3%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2020.81-3%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/dropbear@2020.81-3%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/dropbear@2020.81-3%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2020.81-3%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/dropbear@2020.81-3%2Bdeb11u2

purl pkg:deb/debian/dropbear@2020.81-3%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9vje-sxgj-9udj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2020.81-3%252Bdeb11u2

url	pkg:deb/debian/dropbear@2022.82-1?distro=trixie
purl	pkg:deb/debian/dropbear@2022.82-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2022.82-1%3Fdistro=trixie

url	pkg:deb/debian/dropbear@2022.83-1%2Bdeb12u3?distro=trixie
purl	pkg:deb/debian/dropbear@2022.83-1%2Bdeb12u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2022.83-1%252Bdeb12u3%3Fdistro=trixie

url	pkg:deb/debian/dropbear@2025.89-1~deb13u1?distro=trixie
purl	pkg:deb/debian/dropbear@2025.89-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2025.89-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/dropbear@2025.89-1?distro=trixie
purl	pkg:deb/debian/dropbear@2025.89-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2025.89-1%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/dropbear@0.45-2sarge0

purl pkg:deb/debian/dropbear@0.45-2sarge0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5kyz-5rns-2qfy

vulnerability	VCID-6ucx-wdc2-tuad

vulnerability	VCID-8apc-5c8s-k3ar

vulnerability	VCID-9pmf-w3x7-5ugr

vulnerability	VCID-9vje-sxgj-9udj

vulnerability	VCID-a8c1-84ye-73en

vulnerability	VCID-adtn-2cnz-wfb9

vulnerability	VCID-d17n-u3cw-cudj

vulnerability	VCID-d3s7-uqk1-47bq

vulnerability	VCID-fkyw-zr2t-y7dm

vulnerability	VCID-gdx4-w6cw-2kek

vulnerability	VCID-guvt-ddvk-dbdk

vulnerability	VCID-hmcm-aqkc-zfdm

vulnerability	VCID-jd36-dxz7-dfdy

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-qftg-znh3-5kep

vulnerability	VCID-rwzw-vrhk-sqfw

vulnerability	VCID-s1dw-5sgq-j3bm

vulnerability	VCID-uz94-gzud-euhk

vulnerability	VCID-w5xg-8n7z-zqcs

vulnerability	VCID-xqe7-wtdn-hugk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@0.45-2sarge0

url pkg:deb/debian/dropbear@0.48.1-2

purl pkg:deb/debian/dropbear@0.48.1-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6ucx-wdc2-tuad

vulnerability	VCID-8apc-5c8s-k3ar

vulnerability	VCID-9pmf-w3x7-5ugr

vulnerability	VCID-9vje-sxgj-9udj

vulnerability	VCID-a8c1-84ye-73en

vulnerability	VCID-adtn-2cnz-wfb9

vulnerability	VCID-d17n-u3cw-cudj

vulnerability	VCID-d3s7-uqk1-47bq

vulnerability	VCID-fkyw-zr2t-y7dm

vulnerability	VCID-gdx4-w6cw-2kek

vulnerability	VCID-guvt-ddvk-dbdk

vulnerability	VCID-hmcm-aqkc-zfdm

vulnerability	VCID-jd36-dxz7-dfdy

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-qftg-znh3-5kep

vulnerability	VCID-s1dw-5sgq-j3bm

vulnerability	VCID-w5xg-8n7z-zqcs

vulnerability	VCID-xqe7-wtdn-hugk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@0.48.1-2

url pkg:deb/debian/dropbear@0.51-1

purl pkg:deb/debian/dropbear@0.51-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6ucx-wdc2-tuad

vulnerability	VCID-8apc-5c8s-k3ar

vulnerability	VCID-9pmf-w3x7-5ugr

vulnerability	VCID-9vje-sxgj-9udj

vulnerability	VCID-a8c1-84ye-73en

vulnerability	VCID-adtn-2cnz-wfb9

vulnerability	VCID-d17n-u3cw-cudj

vulnerability	VCID-d3s7-uqk1-47bq

vulnerability	VCID-fkyw-zr2t-y7dm

vulnerability	VCID-gdx4-w6cw-2kek

vulnerability	VCID-hmcm-aqkc-zfdm

vulnerability	VCID-jd36-dxz7-dfdy

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-qftg-znh3-5kep

vulnerability	VCID-s1dw-5sgq-j3bm

vulnerability	VCID-w5xg-8n7z-zqcs

vulnerability	VCID-xqe7-wtdn-hugk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@0.51-1

url pkg:deb/debian/dropbear@0.52-5%2Bsqueeze1

purl pkg:deb/debian/dropbear@0.52-5%2Bsqueeze1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6ucx-wdc2-tuad

vulnerability	VCID-8apc-5c8s-k3ar

vulnerability	VCID-9pmf-w3x7-5ugr

vulnerability	VCID-9vje-sxgj-9udj

vulnerability	VCID-a8c1-84ye-73en

vulnerability	VCID-adtn-2cnz-wfb9

vulnerability	VCID-d17n-u3cw-cudj

vulnerability	VCID-d3s7-uqk1-47bq

vulnerability	VCID-fkyw-zr2t-y7dm

vulnerability	VCID-gdx4-w6cw-2kek

vulnerability	VCID-hmcm-aqkc-zfdm

vulnerability	VCID-jd36-dxz7-dfdy

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-qftg-znh3-5kep

vulnerability	VCID-s1dw-5sgq-j3bm

vulnerability	VCID-w5xg-8n7z-zqcs

vulnerability	VCID-xqe7-wtdn-hugk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@0.52-5%252Bsqueeze1

url pkg:deb/debian/dropbear@2012.55-1.3

purl pkg:deb/debian/dropbear@2012.55-1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6ucx-wdc2-tuad

vulnerability	VCID-8apc-5c8s-k3ar

vulnerability	VCID-9pmf-w3x7-5ugr

vulnerability	VCID-9vje-sxgj-9udj

vulnerability	VCID-a8c1-84ye-73en

vulnerability	VCID-adtn-2cnz-wfb9

vulnerability	VCID-d17n-u3cw-cudj

vulnerability	VCID-d3s7-uqk1-47bq

vulnerability	VCID-fkyw-zr2t-y7dm

vulnerability	VCID-gdx4-w6cw-2kek

vulnerability	VCID-hmcm-aqkc-zfdm

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-qftg-znh3-5kep

vulnerability	VCID-s1dw-5sgq-j3bm

vulnerability	VCID-w5xg-8n7z-zqcs

vulnerability	VCID-xqe7-wtdn-hugk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2012.55-1.3

url pkg:deb/debian/dropbear@2014.65-1

purl pkg:deb/debian/dropbear@2014.65-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6ucx-wdc2-tuad

vulnerability	VCID-8apc-5c8s-k3ar

vulnerability	VCID-9pmf-w3x7-5ugr

vulnerability	VCID-9vje-sxgj-9udj

vulnerability	VCID-a8c1-84ye-73en

vulnerability	VCID-d3s7-uqk1-47bq

vulnerability	VCID-fkyw-zr2t-y7dm

vulnerability	VCID-gdx4-w6cw-2kek

vulnerability	VCID-hmcm-aqkc-zfdm

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-qftg-znh3-5kep

vulnerability	VCID-s1dw-5sgq-j3bm

vulnerability	VCID-xqe7-wtdn-hugk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2014.65-1

url pkg:deb/debian/dropbear@2014.65-1%2Bdeb8u2

purl pkg:deb/debian/dropbear@2014.65-1%2Bdeb8u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6ucx-wdc2-tuad

vulnerability	VCID-8apc-5c8s-k3ar

vulnerability	VCID-9pmf-w3x7-5ugr

vulnerability	VCID-9vje-sxgj-9udj

vulnerability	VCID-a8c1-84ye-73en

vulnerability	VCID-d3s7-uqk1-47bq

vulnerability	VCID-fkyw-zr2t-y7dm

vulnerability	VCID-gdx4-w6cw-2kek

vulnerability	VCID-hmcm-aqkc-zfdm

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-qftg-znh3-5kep

vulnerability	VCID-s1dw-5sgq-j3bm

vulnerability	VCID-xqe7-wtdn-hugk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2014.65-1%252Bdeb8u2

url pkg:deb/debian/dropbear@2016.74-5%2Bdeb9u1

purl pkg:deb/debian/dropbear@2016.74-5%2Bdeb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pmf-w3x7-5ugr

vulnerability	VCID-9vje-sxgj-9udj

vulnerability	VCID-fkyw-zr2t-y7dm

vulnerability	VCID-gdx4-w6cw-2kek

vulnerability	VCID-hmcm-aqkc-zfdm

vulnerability	VCID-jzn6-bzzf-nugp

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2016.74-5%252Bdeb9u1

url pkg:deb/debian/dropbear@2018.76-5%2Bdeb10u1

purl pkg:deb/debian/dropbear@2018.76-5%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pmf-w3x7-5ugr

vulnerability	VCID-9vje-sxgj-9udj

vulnerability	VCID-gdx4-w6cw-2kek

vulnerability	VCID-hmcm-aqkc-zfdm

vulnerability	VCID-jzn6-bzzf-nugp

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2018.76-5%252Bdeb10u1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-36369

reference_id

reference_type

scores

value	0.00141
scoring_system	epss
scoring_elements	0.34455
published_at	2026-04-04T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34427
published_at	2026-04-02T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34091
published_at	2026-04-01T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34839
published_at	2026-04-18T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34802
published_at	2026-04-07T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34846
published_at	2026-04-08T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34875
published_at	2026-04-09T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34879
published_at	2026-04-11T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34841
published_at	2026-04-12T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34817
published_at	2026-04-13T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34856
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-36369

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36369
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36369

reference_url

https://github.com/mkj/dropbear/pull/128

reference_id

128

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-15T18:45:18Z/

url

https://github.com/mkj/dropbear/pull/128

reference_url

https://github.com/mkj/dropbear/releases/tag/DROPBEAR_2022.82

reference_id

DROPBEAR_2022.82

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-15T18:45:18Z/

url

https://github.com/mkj/dropbear/releases/tag/DROPBEAR_2022.82

reference_url

https://lists.debian.org/debian-lts-announce/2022/11/msg00015.html

reference_id

msg00015.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-15T18:45:18Z/

url

https://lists.debian.org/debian-lts-announce/2022/11/msg00015.html

reference_url

https://github.com/mkj/dropbear/releases

reference_id

releases

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-15T18:45:18Z/

url

https://github.com/mkj/dropbear/releases

reference_url	https://usn.ubuntu.com/7292-1/
reference_id	USN-7292-1
reference_type
scores
url	https://usn.ubuntu.com/7292-1/

Weaknesses

Exploits

Severity_range_score 7.5 - 7.5

Exploitability 0.5

Weighted_severity 6.8

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9pmf-w3x7-5ugr

Vulnerability Instance