Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-je6z-v5qw-ufew

Summary During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.

Aliases

alias	CVE-2025-61730

Fixed_packages

url	pkg:apk/alpine/go@1.24.12-r0?arch=s390x&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/go@1.24.12-r0?arch=s390x&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.12-r0%3Farch=s390x&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/go@1.24.12-r0?arch=aarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/go@1.24.12-r0?arch=aarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.12-r0%3Farch=aarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/go@1.24.12-r0?arch=loongarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/go@1.24.12-r0?arch=loongarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.12-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/go@1.24.12-r0?arch=x86&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/go@1.24.12-r0?arch=x86&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.12-r0%3Farch=x86&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/go@1.24.12-r0?arch=x86_64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/go@1.24.12-r0?arch=x86_64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.12-r0%3Farch=x86_64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/go@1.24.12-r0?arch=ppc64le&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/go@1.24.12-r0?arch=ppc64le&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.12-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/go@1.24.12-r0?arch=riscv64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/go@1.24.12-r0?arch=riscv64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.12-r0%3Farch=riscv64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/go@1.24.12-r0?arch=armhf&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/go@1.24.12-r0?arch=armhf&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.12-r0%3Farch=armhf&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/go@1.24.12-r0?arch=armv7&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/go@1.24.12-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.12-r0%3Farch=armv7&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/go@1.25.6-r0?arch=x86_64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/go@1.25.6-r0?arch=x86_64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.25.6-r0%3Farch=x86_64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/go@1.25.6-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/go@1.25.6-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.25.6-r0%3Farch=aarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/go@1.25.6-r0?arch=s390x&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/go@1.25.6-r0?arch=s390x&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.25.6-r0%3Farch=s390x&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/go@1.25.6-r0?arch=aarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/go@1.25.6-r0?arch=aarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.25.6-r0%3Farch=aarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/go@1.25.6-r0?arch=armhf&distroversion=edge&reponame=community
purl	pkg:apk/alpine/go@1.25.6-r0?arch=armhf&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.25.6-r0%3Farch=armhf&distroversion=edge&reponame=community

url	pkg:apk/alpine/go@1.25.6-r0?arch=x86&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/go@1.25.6-r0?arch=x86&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.25.6-r0%3Farch=x86&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/go@1.25.6-r0?arch=ppc64le&distroversion=edge&reponame=community
purl	pkg:apk/alpine/go@1.25.6-r0?arch=ppc64le&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.25.6-r0%3Farch=ppc64le&distroversion=edge&reponame=community

url	pkg:apk/alpine/go@1.25.6-r0?arch=x86_64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/go@1.25.6-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.25.6-r0%3Farch=x86_64&distroversion=edge&reponame=community

url	pkg:apk/alpine/go@1.25.6-r0?arch=armv7&distroversion=edge&reponame=community
purl	pkg:apk/alpine/go@1.25.6-r0?arch=armv7&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.25.6-r0%3Farch=armv7&distroversion=edge&reponame=community

url	pkg:apk/alpine/go@1.25.6-r0?arch=loongarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/go@1.25.6-r0?arch=loongarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.25.6-r0%3Farch=loongarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/go@1.25.6-r0?arch=riscv64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/go@1.25.6-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.25.6-r0%3Farch=riscv64&distroversion=edge&reponame=community

url	pkg:apk/alpine/go@1.25.6-r0?arch=s390x&distroversion=edge&reponame=community
purl	pkg:apk/alpine/go@1.25.6-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.25.6-r0%3Farch=s390x&distroversion=edge&reponame=community

url	pkg:apk/alpine/go@1.25.6-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/go@1.25.6-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.25.6-r0%3Farch=x86&distroversion=edge&reponame=community

url	pkg:apk/alpine/go@1.25.6-r0?arch=armhf&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/go@1.25.6-r0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.25.6-r0%3Farch=armhf&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/go@1.25.6-r0?arch=armv7&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/go@1.25.6-r0?arch=armv7&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.25.6-r0%3Farch=armv7&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/go@1.25.6-r0?arch=loongarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/go@1.25.6-r0?arch=loongarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.25.6-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/go@1.25.6-r0?arch=ppc64le&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/go@1.25.6-r0?arch=ppc64le&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.25.6-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/go@1.25.6-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/go@1.25.6-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.25.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community

url	pkg:deb/debian/golang-1.24@1.24.9-1
purl	pkg:deb/debian/golang-1.24@1.24.9-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.24@1.24.9-1

url	pkg:deb/debian/golang-1.24@1.24.12-1?distro=trixie
purl	pkg:deb/debian/golang-1.24@1.24.12-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.24@1.24.12-1%3Fdistro=trixie

url	pkg:deb/debian/golang-1.24@1.24.13-2?distro=trixie
purl	pkg:deb/debian/golang-1.24@1.24.13-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.24@1.24.13-2%3Fdistro=trixie

url	pkg:deb/debian/golang-1.25@1.25.6-1?distro=sid
purl	pkg:deb/debian/golang-1.25@1.25.6-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.25@1.25.6-1%3Fdistro=sid

url pkg:deb/debian/golang-1.25@1.25.8-1?distro=sid

purl pkg:deb/debian/golang-1.25@1.25.8-1?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-245f-jhkn-w3ck

vulnerability	VCID-91yp-p6st-8ucd

vulnerability	VCID-ju53-xpej-3qca

vulnerability	VCID-s176-xcrb-e3ea

vulnerability	VCID-svbs-h3y5-wfbn

vulnerability	VCID-t19m-gs1u-rbfp

vulnerability	VCID-tf52-aa91-4kf3

vulnerability	VCID-tmb1-tq9e-puhd

vulnerability	VCID-vw1r-8zev-ykf4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.25@1.25.8-1%3Fdistro=sid

url	pkg:deb/debian/golang-1.25@1.25.9-1?distro=sid
purl	pkg:deb/debian/golang-1.25@1.25.9-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.25@1.25.9-1%3Fdistro=sid

Affected_packages

url pkg:deb/debian/golang-1.24@1.24.4-1?distro=trixie

purl pkg:deb/debian/golang-1.24@1.24.4-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1aty-87pz-5yb8

vulnerability	VCID-254d-pjst-c7hx

vulnerability	VCID-3nqb-6mna-jyb4

vulnerability	VCID-5n8q-zcds-gyen

vulnerability	VCID-5q9b-a7c4-1yht

vulnerability	VCID-7n3z-vwk2-3ydr

vulnerability	VCID-9ky3-s2vk-cuge

vulnerability	VCID-br2f-7ux9-hkhg

vulnerability	VCID-bv1f-bee8-cbek

vulnerability	VCID-csmt-e61b-tued

vulnerability	VCID-dp1t-v58b-43du

vulnerability	VCID-dtt9-gmqf-nbaf

vulnerability	VCID-eyev-qpgs-hfbx

vulnerability	VCID-hay4-q9m3-ekdj

vulnerability	VCID-je6z-v5qw-ufew

vulnerability	VCID-mvsr-c2yh-mbdq

vulnerability	VCID-q9yj-ze4x-qyfr

vulnerability	VCID-rvbr-nser-sfe7

vulnerability	VCID-sb3w-x3yv-ffft

vulnerability	VCID-t2dr-6dz3-7qgt

vulnerability	VCID-usyf-s559-pkgx

vulnerability	VCID-wchc-as62-1fae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.24@1.24.4-1%3Fdistro=trixie

url pkg:deb/debian/golang-1.24@1.24.4-1

purl pkg:deb/debian/golang-1.24@1.24.4-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1aty-87pz-5yb8

vulnerability	VCID-254d-pjst-c7hx

vulnerability	VCID-3nqb-6mna-jyb4

vulnerability	VCID-5n8q-zcds-gyen

vulnerability	VCID-5q9b-a7c4-1yht

vulnerability	VCID-7n3z-vwk2-3ydr

vulnerability	VCID-9ky3-s2vk-cuge

vulnerability	VCID-br2f-7ux9-hkhg

vulnerability	VCID-bv1f-bee8-cbek

vulnerability	VCID-csmt-e61b-tued

vulnerability	VCID-dp1t-v58b-43du

vulnerability	VCID-dtt9-gmqf-nbaf

vulnerability	VCID-eyev-qpgs-hfbx

vulnerability	VCID-hay4-q9m3-ekdj

vulnerability	VCID-je6z-v5qw-ufew

vulnerability	VCID-mvsr-c2yh-mbdq

vulnerability	VCID-q9yj-ze4x-qyfr

vulnerability	VCID-rvbr-nser-sfe7

vulnerability	VCID-sb3w-x3yv-ffft

vulnerability	VCID-t2dr-6dz3-7qgt

vulnerability	VCID-usyf-s559-pkgx

vulnerability	VCID-wchc-as62-1fae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.24@1.24.4-1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-61730

reference_id

reference_type

scores

value	8e-05
scoring_system	epss
scoring_elements	0.00783
published_at	2026-04-04T12:55:00Z

value	8e-05
scoring_system	epss
scoring_elements	0.00781
published_at	2026-04-02T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00819
published_at	2026-04-16T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.0082
published_at	2026-04-13T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00818
published_at	2026-04-12T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00824
published_at	2026-04-18T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00835
published_at	2026-04-09T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00839
published_at	2026-04-08T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00834
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-61730

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61730
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61730

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125916
reference_id	1125916
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125916

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125917
reference_id	1125917
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125917

reference_url

https://go.dev/cl/724120

reference_id

724120

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-02T17:28:46Z/

url

https://go.dev/cl/724120

reference_url

https://go.dev/issue/76443

reference_id

76443

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-02T17:28:46Z/

url

https://go.dev/issue/76443

reference_url

https://pkg.go.dev/vuln/GO-2026-4340

reference_id

GO-2026-4340

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-02T17:28:46Z/

url

https://pkg.go.dev/vuln/GO-2026-4340

reference_url

https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc

reference_id

Vd2tYVM8eUc

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-02T17:28:46Z/

url

https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc

Weaknesses

cwe_id	940
name	Improper Verification of Source of a Communication Channel
description	The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.

Exploits

Severity_range_score 3.7 - 5.3

Exploitability 0.5

Weighted_severity 4.2

Risk_score 2.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-je6z-v5qw-ufew

Vulnerability Instance