Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/zstd@1.5.0.3
Typepypi
Namespace
Namezstd
Version1.5.0.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.5.4
Latest_non_vulnerable_version1.5.4.0
Affected_by_vulnerabilities
0
url VCID-2rvr-kwm3-kqdz
vulnerability_id VCID-2rvr-kwm3-kqdz
summary 
zstd vulnerable to buffer overrun
A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.
references
0
reference_url https://github.com/facebook/zstd
reference_id
reference_type
scores
url https://github.com/facebook/zstd
1
reference_url https://github.com/facebook/zstd/issues/3200
reference_id
reference_type
scores
url https://github.com/facebook/zstd/issues/3200
2
reference_url https://github.com/facebook/zstd/pull/3220
reference_id
reference_type
scores
url https://github.com/facebook/zstd/pull/3220
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/zstd/PYSEC-2023-121.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/zstd/PYSEC-2023-121.yaml
4
reference_url https://github.com/sergey-dryabzhinsky/python-zstd/commit/c8a619aebdbd6b838fbfef6e19325a70f631a4c6
reference_id
reference_type
scores
url https://github.com/sergey-dryabzhinsky/python-zstd/commit/c8a619aebdbd6b838fbfef6e19325a70f631a4c6
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN
8
reference_url https://security.netapp.com/advisory/ntap-20230725-0005
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20230725-0005
9
reference_url https://security.netapp.com/advisory/ntap-20230725-0005/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20230725-0005/
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-4899
reference_id CVE-2022-4899
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-4899
11
reference_url https://github.com/advisories/GHSA-5c9c-6x87-f9vm
reference_id GHSA-5c9c-6x87-f9vm
reference_type
scores
url https://github.com/advisories/GHSA-5c9c-6x87-f9vm
fixed_packages
0
url pkg:pypi/zstd@1.5.4
purl pkg:pypi/zstd@1.5.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zstd@1.5.4
1
url pkg:pypi/zstd@1.5.4.0
purl pkg:pypi/zstd@1.5.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zstd@1.5.4.0
aliases CVE-2022-4899, GHSA-5c9c-6x87-f9vm, PYSEC-2023-121
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2rvr-kwm3-kqdz
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/zstd@1.5.0.3