Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/nodejs-current@9.10.0-r0?arch=ppc64le&distroversion=v3.23&reponame=community
Typeapk
Namespacealpine
Namenodejs-current
Version9.10.0-r0
Qualifiers
arch ppc64le
distroversion v3.23
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version11.3.0-r0
Latest_non_vulnerable_version21.7.2-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-2fed-p2k1-vyc3
vulnerability_id VCID-2fed-p2k1-vyc3
summary The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7159.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7159.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7159
reference_id
reference_type
scores
0
value 0.00902
scoring_system epss
scoring_elements 0.7607
published_at 2026-06-04T12:55:00Z
1
value 0.00902
scoring_system epss
scoring_elements 0.76095
published_at 2026-06-06T12:55:00Z
2
value 0.00902
scoring_system epss
scoring_elements 0.76098
published_at 2026-06-09T12:55:00Z
3
value 0.00902
scoring_system epss
scoring_elements 0.76087
published_at 2026-06-07T12:55:00Z
4
value 0.00902
scoring_system epss
scoring_elements 0.76074
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7159
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7159
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7159
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1561981
reference_id 1561981
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1561981
5
reference_url https://access.redhat.com/errata/RHSA-2018:2949
reference_id RHSA-2018:2949
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2949
6
reference_url https://access.redhat.com/errata/RHSA-2019:2258
reference_id RHSA-2019:2258
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2258
fixed_packages
0
url pkg:apk/alpine/nodejs-current@9.10.0-r0?arch=ppc64le&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/nodejs-current@9.10.0-r0?arch=ppc64le&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs-current@9.10.0-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community
aliases CVE-2018-7159
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2fed-p2k1-vyc3
1
url VCID-h72y-m9f9-hkdj
vulnerability_id VCID-h72y-m9f9-hkdj
summary 
Authentication Bypass by Spoofing
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7160.json
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7160.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7160
reference_id
reference_type
scores
0
value 0.01501
scoring_system epss
scoring_elements 0.81507
published_at 2026-06-09T12:55:00Z
1
value 0.01501
scoring_system epss
scoring_elements 0.81499
published_at 2026-06-06T12:55:00Z
2
value 0.01501
scoring_system epss
scoring_elements 0.81491
published_at 2026-06-08T12:55:00Z
3
value 0.01501
scoring_system epss
scoring_elements 0.81496
published_at 2026-06-07T12:55:00Z
4
value 0.01501
scoring_system epss
scoring_elements 0.81469
published_at 2026-06-04T12:55:00Z
5
value 0.01501
scoring_system epss
scoring_elements 0.81497
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7160
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7160
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7160
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/nodejs/node/commit/e3950d1a402b80e4098a40aacddd6a104da0cfa9
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/node/commit/e3950d1a402b80e4098a40aacddd6a104da0cfa9
5
reference_url https://nodejs.org/en/blog/vulnerability/march-2018-security-releases
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nodejs.org/en/blog/vulnerability/march-2018-security-releases
6
reference_url https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/
reference_id
reference_type
scores
url https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/
7
reference_url https://support.f5.com/csp/article/K63025104?utm_source=f5support&utm_medium=RSS
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.f5.com/csp/article/K63025104?utm_source=f5support&utm_medium=RSS
8
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1561979
reference_id 1561979
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1561979
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-7160
reference_id CVE-2018-7160
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-7160
11
reference_url https://github.com/advisories/GHSA-wq4c-wm6x-jw44
reference_id GHSA-wq4c-wm6x-jw44
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wq4c-wm6x-jw44
12
reference_url https://access.redhat.com/errata/RHSA-2018:2949
reference_id RHSA-2018:2949
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2949
13
reference_url https://usn.ubuntu.com/USN-4796-1/
reference_id USN-USN-4796-1
reference_type
scores
url https://usn.ubuntu.com/USN-4796-1/
fixed_packages
0
url pkg:apk/alpine/nodejs-current@9.10.0-r0?arch=ppc64le&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/nodejs-current@9.10.0-r0?arch=ppc64le&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs-current@9.10.0-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community
aliases CVE-2018-7160, GHSA-wq4c-wm6x-jw44
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h72y-m9f9-hkdj
2
url VCID-h8h6-hhpf-ryaf
vulnerability_id VCID-h8h6-hhpf-ryaf
summary The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, `splitPathRe`, used within the `'path'` module for the various path parsing functions, including `path.dirname()`, `path.extname()` and `path.parse()` was structured in such a way as to allow an attacker to craft a string, that when passed through one of these functions, could take a significant amount of time to evaluate, potentially leading to a full denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7158.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7158.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7158
reference_id
reference_type
scores
0
value 0.01264
scoring_system epss
scoring_elements 0.79779
published_at 2026-06-04T12:55:00Z
1
value 0.01264
scoring_system epss
scoring_elements 0.79804
published_at 2026-06-05T12:55:00Z
2
value 0.01264
scoring_system epss
scoring_elements 0.7981
published_at 2026-06-06T12:55:00Z
3
value 0.01264
scoring_system epss
scoring_elements 0.79805
published_at 2026-06-07T12:55:00Z
4
value 0.01264
scoring_system epss
scoring_elements 0.79794
published_at 2026-06-08T12:55:00Z
5
value 0.01264
scoring_system epss
scoring_elements 0.79813
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7158
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7158
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7158
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1561980
reference_id 1561980
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1561980
fixed_packages
0
url pkg:apk/alpine/nodejs-current@9.10.0-r0?arch=ppc64le&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/nodejs-current@9.10.0-r0?arch=ppc64le&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs-current@9.10.0-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community
aliases CVE-2018-7158
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h8h6-hhpf-ryaf
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs-current@9.10.0-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community