Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/curl@7.61.1-30.el8_8?arch=9
Typerpm
Namespaceredhat
Namecurl
Version7.61.1-30.el8_8
Qualifiers
arch 9
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-sutv-qt2x-2yc7
vulnerability_id VCID-sutv-qt2x-2yc7
summary An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28322.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28322.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28322
reference_id
reference_type
scores
0
value 0.00631
scoring_system epss
scoring_elements 0.70733
published_at 2026-06-06T12:55:00Z
1
value 0.00631
scoring_system epss
scoring_elements 0.70725
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28322
2
reference_url https://curl.se/docs/CVE-2023-28322.html
reference_id
reference_type
scores
0
value Low
scoring_system cvssv3.1
scoring_elements
url https://curl.se/docs/CVE-2023-28322.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28322
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28322
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/1954658
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/
url https://hackerone.com/reports/1954658
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239
reference_id 1036239
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2196793
reference_id 2196793
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2196793
8
reference_url http://seclists.org/fulldisclosure/2023/Jul/47
reference_id 47
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/
url http://seclists.org/fulldisclosure/2023/Jul/47
9
reference_url http://seclists.org/fulldisclosure/2023/Jul/48
reference_id 48
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/
url http://seclists.org/fulldisclosure/2023/Jul/48
10
reference_url http://seclists.org/fulldisclosure/2023/Jul/52
reference_id 52
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/
url http://seclists.org/fulldisclosure/2023/Jul/52
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/
reference_id F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/
12
reference_url https://security.gentoo.org/glsa/202310-12
reference_id GLSA-202310-12
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/
url https://security.gentoo.org/glsa/202310-12
13
reference_url https://support.apple.com/kb/HT213843
reference_id HT213843
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/
url https://support.apple.com/kb/HT213843
14
reference_url https://support.apple.com/kb/HT213844
reference_id HT213844
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/
url https://support.apple.com/kb/HT213844
15
reference_url https://support.apple.com/kb/HT213845
reference_id HT213845
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/
url https://support.apple.com/kb/HT213845
16
reference_url https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html
reference_id msg00015.html
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/
url https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html
17
reference_url https://security.netapp.com/advisory/ntap-20230609-0009/
reference_id ntap-20230609-0009
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/
url https://security.netapp.com/advisory/ntap-20230609-0009/
18
reference_url https://access.redhat.com/errata/RHSA-2023:4354
reference_id RHSA-2023:4354
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4354
19
reference_url https://access.redhat.com/errata/RHSA-2023:4628
reference_id RHSA-2023:4628
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4628
20
reference_url https://access.redhat.com/errata/RHSA-2023:4629
reference_id RHSA-2023:4629
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4629
21
reference_url https://access.redhat.com/errata/RHSA-2023:5598
reference_id RHSA-2023:5598
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5598
22
reference_url https://access.redhat.com/errata/RHSA-2024:0428
reference_id RHSA-2024:0428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0428
23
reference_url https://access.redhat.com/errata/RHSA-2024:0585
reference_id RHSA-2024:0585
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0585
24
reference_url https://access.redhat.com/errata/RHSA-2024:1601
reference_id RHSA-2024:1601
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1601
25
reference_url https://access.redhat.com/errata/RHSA-2024:2092
reference_id RHSA-2024:2092
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2092
26
reference_url https://access.redhat.com/errata/RHSA-2024:2093
reference_id RHSA-2024:2093
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2093
27
reference_url https://usn.ubuntu.com/6237-1/
reference_id USN-6237-1
reference_type
scores
url https://usn.ubuntu.com/6237-1/
28
reference_url https://usn.ubuntu.com/6237-3/
reference_id USN-6237-3
reference_type
scores
url https://usn.ubuntu.com/6237-3/
29
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/
reference_id Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/
fixed_packages
aliases CVE-2023-28322
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sutv-qt2x-2yc7
1
url VCID-wmam-qmmg-6uay
vulnerability_id VCID-wmam-qmmg-6uay
summary This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46218.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46218.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46218
reference_id
reference_type
scores
0
value 0.00219
scoring_system epss
scoring_elements 0.44601
published_at 2026-06-06T12:55:00Z
1
value 0.00219
scoring_system epss
scoring_elements 0.44593
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46218
2
reference_url https://curl.se/docs/CVE-2023-46218.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Medium
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T16:38:08Z/
url https://curl.se/docs/CVE-2023-46218.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46218
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46218
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/2212193
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T16:38:08Z/
url https://hackerone.com/reports/2212193
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057646
reference_id 1057646
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057646
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2252030
reference_id 2252030
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2252030
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/
reference_id 3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T16:38:08Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/
9
reference_url https://www.debian.org/security/2023/dsa-5587
reference_id dsa-5587
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T16:38:08Z/
url https://www.debian.org/security/2023/dsa-5587
10
reference_url https://security.gentoo.org/glsa/202409-20
reference_id GLSA-202409-20
reference_type
scores
url https://security.gentoo.org/glsa/202409-20
11
reference_url https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html
reference_id msg00015.html
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T16:38:08Z/
url https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html
12
reference_url https://security.netapp.com/advisory/ntap-20240125-0007/
reference_id ntap-20240125-0007
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T16:38:08Z/
url https://security.netapp.com/advisory/ntap-20240125-0007/
13
reference_url https://access.redhat.com/errata/RHSA-2024:0428
reference_id RHSA-2024:0428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0428
14
reference_url https://access.redhat.com/errata/RHSA-2024:0434
reference_id RHSA-2024:0434
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0434
15
reference_url https://access.redhat.com/errata/RHSA-2024:0452
reference_id RHSA-2024:0452
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0452
16
reference_url https://access.redhat.com/errata/RHSA-2024:0585
reference_id RHSA-2024:0585
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0585
17
reference_url https://access.redhat.com/errata/RHSA-2024:1129
reference_id RHSA-2024:1129
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1129
18
reference_url https://access.redhat.com/errata/RHSA-2024:1316
reference_id RHSA-2024:1316
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1316
19
reference_url https://access.redhat.com/errata/RHSA-2024:1317
reference_id RHSA-2024:1317
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1317
20
reference_url https://access.redhat.com/errata/RHSA-2024:1383
reference_id RHSA-2024:1383
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1383
21
reference_url https://access.redhat.com/errata/RHSA-2024:1601
reference_id RHSA-2024:1601
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1601
22
reference_url https://access.redhat.com/errata/RHSA-2024:2092
reference_id RHSA-2024:2092
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2092
23
reference_url https://access.redhat.com/errata/RHSA-2024:2093
reference_id RHSA-2024:2093
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2093
24
reference_url https://access.redhat.com/errata/RHSA-2024:2094
reference_id RHSA-2024:2094
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2094
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/
reference_id UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T16:38:08Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/
26
reference_url https://usn.ubuntu.com/6535-1/
reference_id USN-6535-1
reference_type
scores
url https://usn.ubuntu.com/6535-1/
27
reference_url https://usn.ubuntu.com/6641-1/
reference_id USN-6641-1
reference_type
scores
url https://usn.ubuntu.com/6641-1/
fixed_packages
aliases CVE-2023-46218
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wmam-qmmg-6uay
Fixing_vulnerabilities
Risk_score3.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/curl@7.61.1-30.el8_8%3Farch=9