Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/go@0?arch=riscv64&distroversion=v3.24&reponame=community
Typeapk
Namespacealpine
Namego
Version0
Qualifiers
arch riscv64
distroversion v3.24
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.9.4-r0
Latest_non_vulnerable_version1.26.3-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-cguy-8zgm-c7by
vulnerability_id VCID-cguy-8zgm-c7by
summary On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS("C:/tmp").Open("COM1") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS("") has changed. Previously, an empty root was treated equivalently to "/", so os.DirFS("").Open("tmp") would open the path "/tmp". This now returns an error.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41720.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41720.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41720
reference_id
reference_type
scores
0
value 0.00035
scoring_system epss
scoring_elements 0.10722
published_at 2026-06-14T12:55:00Z
1
value 0.00035
scoring_system epss
scoring_elements 0.10693
published_at 2026-06-11T12:55:00Z
2
value 0.00035
scoring_system epss
scoring_elements 0.10753
published_at 2026-06-13T12:55:00Z
3
value 0.00035
scoring_system epss
scoring_elements 0.10752
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41720
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41720
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41720
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2161271
reference_id 2161271
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2161271
4
reference_url https://go.dev/cl/455716
reference_id 455716
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:41:16Z/
url https://go.dev/cl/455716
5
reference_url https://go.dev/issue/56694
reference_id 56694
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:41:16Z/
url https://go.dev/issue/56694
6
reference_url https://pkg.go.dev/vuln/GO-2022-1143
reference_id GO-2022-1143
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:41:16Z/
url https://pkg.go.dev/vuln/GO-2022-1143
7
reference_url https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ
reference_id yZDrXjIiBQAJ
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:41:16Z/
url https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ
fixed_packages
0
url pkg:apk/alpine/go@0?arch=riscv64&distroversion=v3.24&reponame=community
purl pkg:apk/alpine/go@0?arch=riscv64&distroversion=v3.24&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@0%3Farch=riscv64&distroversion=v3.24&reponame=community
aliases CVE-2022-41720
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cguy-8zgm-c7by
1
url VCID-nykz-vf4s-3bh9
vulnerability_id VCID-nykz-vf4s-3bh9
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-24787
reference_id
reference_type
scores
0
value 0.03204
scoring_system epss
scoring_elements 0.87294
published_at 2026-06-11T12:55:00Z
1
value 0.03204
scoring_system epss
scoring_elements 0.87343
published_at 2026-06-14T12:55:00Z
2
value 0.03204
scoring_system epss
scoring_elements 0.87345
published_at 2026-06-13T12:55:00Z
3
value 0.03204
scoring_system epss
scoring_elements 0.87339
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-24787
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url http://www.openwall.com/lists/oss-security/2024/05/08/3
reference_id 3
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T14:49:29Z/
url http://www.openwall.com/lists/oss-security/2024/05/08/3
3
reference_url https://go.dev/cl/583815
reference_id 583815
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T14:49:29Z/
url https://go.dev/cl/583815
4
reference_url https://go.dev/issue/67119
reference_id 67119
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T14:49:29Z/
url https://go.dev/issue/67119
5
reference_url https://pkg.go.dev/vuln/GO-2024-2825
reference_id GO-2024-2825
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T14:49:29Z/
url https://pkg.go.dev/vuln/GO-2024-2825
6
reference_url https://security.netapp.com/advisory/ntap-20240531-0006/
reference_id ntap-20240531-0006
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T14:49:29Z/
url https://security.netapp.com/advisory/ntap-20240531-0006/
7
reference_url https://groups.google.com/g/golang-announce/c/wkkO4P9stm0
reference_id wkkO4P9stm0
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T14:49:29Z/
url https://groups.google.com/g/golang-announce/c/wkkO4P9stm0
fixed_packages
0
url pkg:apk/alpine/go@0?arch=riscv64&distroversion=v3.24&reponame=community
purl pkg:apk/alpine/go@0?arch=riscv64&distroversion=v3.24&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@0%3Farch=riscv64&distroversion=v3.24&reponame=community
aliases CVE-2024-24787
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nykz-vf4s-3bh9
2
url VCID-u2wh-enjt-yfc6
vulnerability_id VCID-u2wh-enjt-yfc6
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41716
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02335
published_at 2026-06-14T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02328
published_at 2026-06-13T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02333
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41716
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41716
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41716
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://go.dev/cl/446916
reference_id 446916
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:02:04Z/
url https://go.dev/cl/446916
4
reference_url https://go.dev/issue/56284
reference_id 56284
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:02:04Z/
url https://go.dev/issue/56284
5
reference_url https://pkg.go.dev/vuln/GO-2022-1095
reference_id GO-2022-1095
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:02:04Z/
url https://pkg.go.dev/vuln/GO-2022-1095
6
reference_url https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ
reference_id hSpmRzk-AgAJ
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:02:04Z/
url https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ
fixed_packages
0
url pkg:apk/alpine/go@0?arch=riscv64&distroversion=v3.24&reponame=community
purl pkg:apk/alpine/go@0?arch=riscv64&distroversion=v3.24&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@0%3Farch=riscv64&distroversion=v3.24&reponame=community
aliases CVE-2022-41716
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u2wh-enjt-yfc6
3
url VCID-wc4t-utvr-ubbh
vulnerability_id VCID-wc4t-utvr-ubbh
summary A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41722.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41722.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41722
reference_id
reference_type
scores
0
value 0.00452
scoring_system epss
scoring_elements 0.64288
published_at 2026-06-14T12:55:00Z
1
value 0.00452
scoring_system epss
scoring_elements 0.64176
published_at 2026-06-11T12:55:00Z
2
value 0.00452
scoring_system epss
scoring_elements 0.64279
published_at 2026-06-12T12:55:00Z
3
value 0.00452
scoring_system epss
scoring_elements 0.64292
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41722
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41722
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41722
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2203008
reference_id 2203008
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2203008
4
reference_url https://go.dev/cl/468123
reference_id 468123
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T17:58:38Z/
url https://go.dev/cl/468123
5
reference_url https://go.dev/issue/57274
reference_id 57274
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T17:58:38Z/
url https://go.dev/issue/57274
6
reference_url https://pkg.go.dev/vuln/GO-2023-1568
reference_id GO-2023-1568
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T17:58:38Z/
url https://pkg.go.dev/vuln/GO-2023-1568
7
reference_url https://access.redhat.com/errata/RHSA-2023:1325
reference_id RHSA-2023:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1325
8
reference_url https://access.redhat.com/errata/RHSA-2023:3304
reference_id RHSA-2023:3304
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3304
9
reference_url https://access.redhat.com/errata/RHSA-2023:3366
reference_id RHSA-2023:3366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3366
10
reference_url https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
reference_id V0aBFqaFs_E
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T17:58:38Z/
url https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
fixed_packages
0
url pkg:apk/alpine/go@0?arch=riscv64&distroversion=v3.24&reponame=community
purl pkg:apk/alpine/go@0?arch=riscv64&distroversion=v3.24&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@0%3Farch=riscv64&distroversion=v3.24&reponame=community
aliases CVE-2022-41722
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wc4t-utvr-ubbh
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@0%3Farch=riscv64&distroversion=v3.24&reponame=community