Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/mbedtls@3.6.1-r0?arch=armv7&distroversion=edge&reponame=main
Typeapk
Namespacealpine
Namembedtls
Version3.6.1-r0
Qualifiers
arch armv7
distroversion edge
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.6.2-r0
Latest_non_vulnerable_version3.6.6-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-2enr-rkuz-1uev
vulnerability_id VCID-2enr-rkuz-1uev
summary An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtls_ssl_get_verify_result() would incorrectly have the MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits clear. As a result, an attacker that had a certificate valid for uses other than TLS client authentication would nonetheless be able to use it for TLS client authentication. Only TLS 1.3 servers were affected, and only with optional authentication (with required authentication, the handshake would be aborted with a fatal alert).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45159
reference_id
reference_type
scores
0
value 0.00575
scoring_system epss
scoring_elements 0.69245
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45159
1
reference_url https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-3/
reference_id mbedtls-security-advisory-2024-08-3
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:17:13Z/
url https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-3/
2
reference_url https://github.com/Mbed-TLS/mbedtls/releases/
reference_id releases
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:17:13Z/
url https://github.com/Mbed-TLS/mbedtls/releases/
3
reference_url https://mbed-tls.readthedocs.io/en/latest/security-advisories/
reference_id security-advisories
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:17:13Z/
url https://mbed-tls.readthedocs.io/en/latest/security-advisories/
fixed_packages
0
url pkg:apk/alpine/mbedtls@3.6.1-r0?arch=armv7&distroversion=edge&reponame=main
purl pkg:apk/alpine/mbedtls@3.6.1-r0?arch=armv7&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.1-r0%3Farch=armv7&distroversion=edge&reponame=main
aliases CVE-2024-45159
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2enr-rkuz-1uev
1
url VCID-8zk5-2j61-vfhk
vulnerability_id VCID-8zk5-2j61-vfhk
summary An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45157
reference_id
reference_type
scores
0
value 0.00125
scoring_system epss
scoring_elements 0.31249
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45157
1
reference_url https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-1/
reference_id mbedtls-security-advisory-2024-08-1
reference_type
scores
0
value 5.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:29:47Z/
url https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-1/
2
reference_url https://github.com/Mbed-TLS/mbedtls/releases/
reference_id releases
reference_type
scores
0
value 5.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:29:47Z/
url https://github.com/Mbed-TLS/mbedtls/releases/
3
reference_url https://mbed-tls.readthedocs.io/en/latest/security-advisories/
reference_id security-advisories
reference_type
scores
0
value 5.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:29:47Z/
url https://mbed-tls.readthedocs.io/en/latest/security-advisories/
fixed_packages
0
url pkg:apk/alpine/mbedtls@3.6.1-r0?arch=armv7&distroversion=edge&reponame=main
purl pkg:apk/alpine/mbedtls@3.6.1-r0?arch=armv7&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.1-r0%3Farch=armv7&distroversion=edge&reponame=main
aliases CVE-2024-45157
risk_score 2.3
exploitability 0.5
weighted_severity 4.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8zk5-2j61-vfhk
2
url VCID-psve-1pzv-ubaj
vulnerability_id VCID-psve-1pzv-ubaj
summary An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45158
reference_id
reference_type
scores
0
value 0.00681
scoring_system epss
scoring_elements 0.72098
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45158
1
reference_url https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/
reference_id mbedtls-security-advisory-2024-08-2
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-06T18:15:25Z/
url https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/
2
reference_url https://github.com/Mbed-TLS/mbedtls/releases/
reference_id releases
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-06T18:15:25Z/
url https://github.com/Mbed-TLS/mbedtls/releases/
3
reference_url https://mbed-tls.readthedocs.io/en/latest/security-advisories/
reference_id security-advisories
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-06T18:15:25Z/
url https://mbed-tls.readthedocs.io/en/latest/security-advisories/
fixed_packages
0
url pkg:apk/alpine/mbedtls@3.6.1-r0?arch=armv7&distroversion=edge&reponame=main
purl pkg:apk/alpine/mbedtls@3.6.1-r0?arch=armv7&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.1-r0%3Farch=armv7&distroversion=edge&reponame=main
aliases CVE-2024-45158
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-psve-1pzv-ubaj
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.1-r0%3Farch=armv7&distroversion=edge&reponame=main