Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/openvpn@2.4.9-r0?arch=armv7&distroversion=v3.14&reponame=main
Typeapk
Namespacealpine
Nameopenvpn
Version2.4.9-r0
Qualifiers
arch armv7
distroversion v3.14
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.5.2-r0
Latest_non_vulnerable_version2.5.6-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-7qcm-j2sx-h3ak
vulnerability_id VCID-7qcm-j2sx-h3ak
summary An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-11810
reference_id
reference_type
scores
0
value 0.01696
scoring_system epss
scoring_elements 0.82648
published_at 2026-06-09T12:55:00Z
1
value 0.01696
scoring_system epss
scoring_elements 0.82618
published_at 2026-06-04T12:55:00Z
2
value 0.01696
scoring_system epss
scoring_elements 0.82642
published_at 2026-06-07T12:55:00Z
3
value 0.01696
scoring_system epss
scoring_elements 0.82635
published_at 2026-06-08T12:55:00Z
4
value 0.01696
scoring_system epss
scoring_elements 0.82645
published_at 2026-06-05T12:55:00Z
5
value 0.01696
scoring_system epss
scoring_elements 0.82644
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-11810
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11810
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11810
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://security.archlinux.org/ASA-202004-16
reference_id ASA-202004-16
reference_type
scores
url https://security.archlinux.org/ASA-202004-16
4
reference_url https://security.archlinux.org/AVG-1135
reference_id AVG-1135
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1135
5
reference_url https://usn.ubuntu.com/4933-1/
reference_id USN-4933-1
reference_type
scores
url https://usn.ubuntu.com/4933-1/
fixed_packages
0
url pkg:apk/alpine/openvpn@2.4.9-r0?arch=armv7&distroversion=v3.14&reponame=main
purl pkg:apk/alpine/openvpn@2.4.9-r0?arch=armv7&distroversion=v3.14&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openvpn@2.4.9-r0%3Farch=armv7&distroversion=v3.14&reponame=main
aliases CVE-2020-11810
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7qcm-j2sx-h3ak
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/openvpn@2.4.9-r0%3Farch=armv7&distroversion=v3.14&reponame=main