Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/acm-siteconfig@container-v2.13?arch=4-9

Type rpm

Namespace redhat

Name acm-siteconfig

Version container-v2.13

Qualifiers

arch	4-9

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-a423-mjeb-ufbe

vulnerability_id

VCID-a423-mjeb-ufbe

summary

form-data uses unsafe random function in form-data for choosing boundary
form-data uses `Math.random()` to select a boundary value for multipart form-encoded data. This can lead to a security issue if an attacker:
1. can observe other values produced by Math.random in the target application, and
2. can control one field of a request made using form-data

Because the values of Math.random() are pseudo-random and predictable (see: https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f), an attacker who can observe a few sequential values can determine the state of the PRNG and predict future values, includes those used to generate form-data's boundary value. The allows the attacker to craft a value that contains a boundary value, allowing them to inject additional parameters into the request.

This is largely the same vulnerability as was [recently found in `undici`](https://hackerone.com/reports/2913312) by [`parrot409`](https://hackerone.com/parrot409?type=user) -- I'm not affiliated with that researcher but want to give credit where credit is due! My PoC is largely based on their work.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7783.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7783.json

reference_url

https://github.com/form-data/form-data

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/form-data/form-data

reference_url

https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0

reference_url

https://lists.debian.org/debian-lts-announce/2025/07/msg00023.html

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/07/msg00023.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109551
reference_id	1109551
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109551

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2381959
reference_id	2381959
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2381959

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-7783

reference_id

CVE-2025-7783

reference_type

scores

value	9.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-7783

reference_url

https://github.com/benweissmann/CVE-2025-7783-poc

reference_id

CVE-2025-7783-POC

reference_type

scores

value	9.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/benweissmann/CVE-2025-7783-poc

reference_url	https://github.com/advisories/GHSA-fjxv-7rqg-78g4
reference_id	GHSA-fjxv-7rqg-78g4
reference_type
scores
url	https://github.com/advisories/GHSA-fjxv-7rqg-78g4

reference_url

https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4

reference_id

GHSA-fjxv-7rqg-78g4

reference_type

scores

value	9.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4

reference_url	https://access.redhat.com/errata/RHSA-2025:14886
reference_id	RHSA-2025:14886
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14886

reference_url	https://access.redhat.com/errata/RHSA-2025:14919
reference_id	RHSA-2025:14919
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14919

reference_url	https://access.redhat.com/errata/RHSA-2025:15771
reference_id	RHSA-2025:15771
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15771

reference_url	https://access.redhat.com/errata/RHSA-2025:16101
reference_id	RHSA-2025:16101
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16101

reference_url	https://access.redhat.com/errata/RHSA-2025:16113
reference_id	RHSA-2025:16113
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16113

reference_url	https://access.redhat.com/errata/RHSA-2025:16918
reference_id	RHSA-2025:16918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16918

reference_url	https://access.redhat.com/errata/RHSA-2025:17501
reference_id	RHSA-2025:17501
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:17501

reference_url	https://access.redhat.com/errata/RHSA-2025:18278
reference_id	RHSA-2025:18278
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18278

reference_url	https://access.redhat.com/errata/RHSA-2025:18744
reference_id	RHSA-2025:18744
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18744

reference_url	https://access.redhat.com/errata/RHSA-2025:19332
reference_id	RHSA-2025:19332
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19332

reference_url	https://access.redhat.com/errata/RHSA-2025:19335
reference_id	RHSA-2025:19335
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19335

reference_url	https://access.redhat.com/errata/RHSA-2025:20047
reference_id	RHSA-2025:20047
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:20047

reference_url	https://access.redhat.com/errata/RHSA-2025:21146
reference_id	RHSA-2025:21146
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:21146

reference_url	https://access.redhat.com/errata/RHSA-2025:21704
reference_id	RHSA-2025:21704
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:21704

reference_url	https://access.redhat.com/errata/RHSA-2025:23528
reference_id	RHSA-2025:23528
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23528

reference_url	https://access.redhat.com/errata/RHSA-2025:23529
reference_id	RHSA-2025:23529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23529

reference_url	https://access.redhat.com/errata/RHSA-2026:2737
reference_id	RHSA-2026:2737
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2737

reference_url	https://access.redhat.com/errata/RHSA-2026:2800
reference_id	RHSA-2026:2800
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2800

reference_url	https://access.redhat.com/errata/RHSA-2026:3406
reference_id	RHSA-2026:3406
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3406

fixed_packages

aliases

CVE-2025-7783, GHSA-fjxv-7rqg-78g4

risk_score

4.5

exploitability

0.5

weighted_severity

9.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-a423-mjeb-ufbe

url

VCID-fd9k-deju-tycx

vulnerability_id

VCID-fd9k-deju-tycx

summary

Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22866.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22866.json

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2344219
reference_id	2344219
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2344219

reference_url	https://access.redhat.com/errata/RHSA-2025:16113
reference_id	RHSA-2025:16113
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16113

reference_url	https://access.redhat.com/errata/RHSA-2025:2789
reference_id	RHSA-2025:2789
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2789

reference_url	https://access.redhat.com/errata/RHSA-2025:3773
reference_id	RHSA-2025:3773
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3773

reference_url	https://access.redhat.com/errata/RHSA-2025:3922
reference_id	RHSA-2025:3922
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3922

reference_url	https://access.redhat.com/errata/RHSA-2025:4666
reference_id	RHSA-2025:4666
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4666

reference_url	https://access.redhat.com/errata/RHSA-2025:4667
reference_id	RHSA-2025:4667
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4667

reference_url	https://access.redhat.com/errata/RHSA-2025:4810
reference_id	RHSA-2025:4810
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4810

reference_url	https://access.redhat.com/errata/RHSA-2025:7326
reference_id	RHSA-2025:7326
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7326

reference_url	https://access.redhat.com/errata/RHSA-2025:7466
reference_id	RHSA-2025:7466
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7466

reference_url	https://access.redhat.com/errata/RHSA-2025:8670
reference_id	RHSA-2025:8670
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8670

fixed_packages

aliases

CVE-2025-22866

risk_score

2.4

exploitability

0.5

weighted_severity

4.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-fd9k-deju-tycx

url

VCID-j7jb-8573-zbc5

vulnerability_id

VCID-j7jb-8573-zbc5

summary

helm.sh/helm/v3: Helm Chart Code Execution

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53547.json

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53547.json

reference_url

https://github.com/helm/helm

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/helm/helm

reference_url

https://github.com/helm/helm/commit/4b8e61093d8f579f1165cdc6bd4b43fa5455f571

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/helm/helm/commit/4b8e61093d8f579f1165cdc6bd4b43fa5455f571

reference_url

https://github.com/helm/helm/security/advisories/GHSA-557j-xg8c-q2mm

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/helm/helm/security/advisories/GHSA-557j-xg8c-q2mm

reference_url

https://news.ycombinator.com/item?id=44506696

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://news.ycombinator.com/item?id=44506696

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-53547

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-53547

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2378905
reference_id	2378905
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2378905

reference_url	https://access.redhat.com/errata/RHSA-2025:14821
reference_id	RHSA-2025:14821
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14821

reference_url	https://access.redhat.com/errata/RHSA-2025:15345
reference_id	RHSA-2025:15345
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15345

reference_url	https://access.redhat.com/errata/RHSA-2025:15681
reference_id	RHSA-2025:15681
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15681

reference_url	https://access.redhat.com/errata/RHSA-2025:16113
reference_id	RHSA-2025:16113
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16113

reference_url	https://access.redhat.com/errata/RHSA-2025:16161
reference_id	RHSA-2025:16161
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16161

reference_url	https://access.redhat.com/errata/RHSA-2025:16166
reference_id	RHSA-2025:16166
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16166

reference_url	https://access.redhat.com/errata/RHSA-2025:16526
reference_id	RHSA-2025:16526
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16526

reference_url	https://access.redhat.com/errata/RHSA-2025:16527
reference_id	RHSA-2025:16527
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16527

reference_url	https://access.redhat.com/errata/RHSA-2025:16529
reference_id	RHSA-2025:16529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16529

reference_url	https://access.redhat.com/errata/RHSA-2025:16530
reference_id	RHSA-2025:16530
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16530

reference_url	https://access.redhat.com/errata/RHSA-2025:16535
reference_id	RHSA-2025:16535
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16535

reference_url	https://access.redhat.com/errata/RHSA-2025:17672
reference_id	RHSA-2025:17672
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:17672

reference_url	https://access.redhat.com/errata/RHSA-2025:18242
reference_id	RHSA-2025:18242
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18242

reference_url	https://access.redhat.com/errata/RHSA-2025:18278
reference_id	RHSA-2025:18278
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18278

reference_url	https://access.redhat.com/errata/RHSA-2025:18744
reference_id	RHSA-2025:18744
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18744

reference_url	https://access.redhat.com/errata/RHSA-2025:19335
reference_id	RHSA-2025:19335
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19335

reference_url	https://access.redhat.com/errata/RHSA-2025:19961
reference_id	RHSA-2025:19961
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19961

reference_url	https://access.redhat.com/errata/RHSA-2025:22684
reference_id	RHSA-2025:22684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22684

reference_url	https://access.redhat.com/errata/RHSA-2025:9562
reference_id	RHSA-2025:9562
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9562

reference_url	https://access.redhat.com/errata/RHSA-2026:2572
reference_id	RHSA-2026:2572
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2572

fixed_packages

aliases

CVE-2025-53547, GHSA-557j-xg8c-q2mm

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-j7jb-8573-zbc5

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-siteconfig@container-v2.13%3Farch=4-9

Package Instance