Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-vs6q-c4ug-xfer
SummaryAn issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing any TLS 1.3 connection, potentially resulting in a Denial of Service or forced version downgrade from TLS 1.3 to TLS 1.2.
Aliases
0
alias CVE-2024-28755
Fixed_packages
0
url pkg:deb/debian/mbedtls@3.6.0-3?distro=trixie
purl pkg:deb/debian/mbedtls@3.6.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.0-3%3Fdistro=trixie
1
url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie
purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sbv-dqyv-6baw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie
2
url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1
purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sbv-dqyv-6baw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1
3
url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie
purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sbv-dqyv-6baw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie
Affected_packages
0
url pkg:deb/debian/mbedtls@2.16.9-0.1
purl pkg:deb/debian/mbedtls@2.16.9-0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1teg-yvuy-4kga
1
vulnerability VCID-5bxk-rknm-zfhc
2
vulnerability VCID-5x2e-paq2-nyf9
3
vulnerability VCID-7ppw-f9jy-k7ae
4
vulnerability VCID-7v3a-5q44-cucz
5
vulnerability VCID-8vmc-tp28-wyae
6
vulnerability VCID-98cg-wuhp-qudq
7
vulnerability VCID-f1fz-b8b6-dfb8
8
vulnerability VCID-gvkn-6e2m-dyez
9
vulnerability VCID-k8w1-nrjy-wfbe
10
vulnerability VCID-kchn-2wez-bbb2
11
vulnerability VCID-pj6w-rufw-nqgd
12
vulnerability VCID-t2j5-4x1d-2kb1
13
vulnerability VCID-vp4q-81cq-33cw
14
vulnerability VCID-vs6q-c4ug-xfer
15
vulnerability VCID-wsvw-6tmk-3kdj
16
vulnerability VCID-x5we-9dmz-p7bh
17
vulnerability VCID-zpq1-dwvf-8ka2
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1
1
url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie
purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5bxk-rknm-zfhc
1
vulnerability VCID-f1fz-b8b6-dfb8
2
vulnerability VCID-gvkn-6e2m-dyez
3
vulnerability VCID-k8w1-nrjy-wfbe
4
vulnerability VCID-kchn-2wez-bbb2
5
vulnerability VCID-pj6w-rufw-nqgd
6
vulnerability VCID-vp4q-81cq-33cw
7
vulnerability VCID-vs6q-c4ug-xfer
8
vulnerability VCID-wsvw-6tmk-3kdj
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie
2
url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie
purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sbv-dqyv-6baw
1
vulnerability VCID-5bxk-rknm-zfhc
2
vulnerability VCID-7ppw-f9jy-k7ae
3
vulnerability VCID-7v3a-5q44-cucz
4
vulnerability VCID-98cg-wuhp-qudq
5
vulnerability VCID-f1fz-b8b6-dfb8
6
vulnerability VCID-gvkn-6e2m-dyez
7
vulnerability VCID-kchn-2wez-bbb2
8
vulnerability VCID-pj6w-rufw-nqgd
9
vulnerability VCID-vp4q-81cq-33cw
10
vulnerability VCID-vs6q-c4ug-xfer
11
vulnerability VCID-wsvw-6tmk-3kdj
12
vulnerability VCID-zpq1-dwvf-8ka2
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie
3
url pkg:deb/debian/mbedtls@2.28.3-1
purl pkg:deb/debian/mbedtls@2.28.3-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sbv-dqyv-6baw
1
vulnerability VCID-5bxk-rknm-zfhc
2
vulnerability VCID-7ppw-f9jy-k7ae
3
vulnerability VCID-7v3a-5q44-cucz
4
vulnerability VCID-98cg-wuhp-qudq
5
vulnerability VCID-f1fz-b8b6-dfb8
6
vulnerability VCID-gvkn-6e2m-dyez
7
vulnerability VCID-kchn-2wez-bbb2
8
vulnerability VCID-pj6w-rufw-nqgd
9
vulnerability VCID-vp4q-81cq-33cw
10
vulnerability VCID-vs6q-c4ug-xfer
11
vulnerability VCID-wsvw-6tmk-3kdj
12
vulnerability VCID-zpq1-dwvf-8ka2
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28755
reference_id
reference_type
scores
0
value 0.00127
scoring_system epss
scoring_elements 0.32036
published_at 2026-04-21T12:55:00Z
1
value 0.00127
scoring_system epss
scoring_elements 0.32037
published_at 2026-04-07T12:55:00Z
2
value 0.00127
scoring_system epss
scoring_elements 0.32088
published_at 2026-04-08T12:55:00Z
3
value 0.00127
scoring_system epss
scoring_elements 0.32117
published_at 2026-04-09T12:55:00Z
4
value 0.00127
scoring_system epss
scoring_elements 0.32121
published_at 2026-04-11T12:55:00Z
5
value 0.00127
scoring_system epss
scoring_elements 0.32083
published_at 2026-04-12T12:55:00Z
6
value 0.00127
scoring_system epss
scoring_elements 0.32052
published_at 2026-04-13T12:55:00Z
7
value 0.00127
scoring_system epss
scoring_elements 0.32086
published_at 2026-04-16T12:55:00Z
8
value 0.00127
scoring_system epss
scoring_elements 0.32064
published_at 2026-04-18T12:55:00Z
9
value 0.00127
scoring_system epss
scoring_elements 0.32176
published_at 2026-04-02T12:55:00Z
10
value 0.00127
scoring_system epss
scoring_elements 0.32214
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28755
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28755
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28755
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077686
reference_id 1077686
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077686
3
reference_url https://github.com/hey3e
reference_id hey3e
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:04:39Z/
url https://github.com/hey3e
4
reference_url https://hey3e.github.io
reference_id hey3e.github.io
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:04:39Z/
url https://hey3e.github.io
5
reference_url https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/
reference_id security-advisories
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:04:39Z/
url https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/
6
reference_url https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0
reference_id v3.6.0
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:04:39Z/
url https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0
Weaknesses
Exploits
Severity_range_score6.5 - 6.5
Exploitability0.5
Weighted_severity5.9
Risk_score3.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-vs6q-c4ug-xfer