Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:cargo/wasmtime@36.0.6
Typecargo
Namespace
Namewasmtime
Version36.0.6
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version36.0.7
Latest_non_vulnerable_version43.0.2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-2m6r-ymr5-yydu
vulnerability_id VCID-2m6r-ymr5-yydu
summary Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of the `wasi:http/types.fields` resource is susceptible to panics when too many fields are added to the set of headers. Wasmtime's implementation in the `wasmtime-wasi-http` crate is backed by a data structure which panics when it reaches excessive capacity and this condition was not handled gracefully in Wasmtime. Panicking in a WASI implementation is a Denial of Service vector for embedders and is treated as a security vulnerability in Wasmtime. Wasmtime 24.0.6, 36.0.6, 40.0.4, 41.0.4, and 42.0.0 patch this vulnerability and return a trap to the guest instead of panicking. There are no known workarounds at this time. Embedders are encouraged to update to a patched version of Wasmtime.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27572.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27572.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27572
reference_id
reference_type
scores
0
value 0.00032
scoring_system epss
scoring_elements 0.09922
published_at 2026-06-14T12:55:00Z
1
value 0.00032
scoring_system epss
scoring_elements 0.09884
published_at 2026-06-11T12:55:00Z
2
value 0.00032
scoring_system epss
scoring_elements 0.09932
published_at 2026-06-12T12:55:00Z
3
value 0.00032
scoring_system epss
scoring_elements 0.09937
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27572
2
reference_url https://github.com/bytecodealliance/wasmtime
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bytecodealliance/wasmtime
3
reference_url https://rustsec.org/advisories/RUSTSEC-2026-0021.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2026-0021.html
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442485
reference_id 2442485
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442485
5
reference_url https://github.com/bytecodealliance/wasmtime/commit/301dc7162cca51def19131019af1187f45901c0a
reference_id 301dc7162cca51def19131019af1187f45901c0a
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:55:20Z/
url https://github.com/bytecodealliance/wasmtime/commit/301dc7162cca51def19131019af1187f45901c0a
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27572
reference_id CVE-2026-27572
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27572
7
reference_url https://github.com/advisories/GHSA-243v-98vx-264h
reference_id GHSA-243v-98vx-264h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-243v-98vx-264h
8
reference_url https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-243v-98vx-264h
reference_id GHSA-243v-98vx-264h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:55:20Z/
url https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-243v-98vx-264h
9
reference_url https://docs.rs/http/1.4.0/http/header/#limitations
reference_id #limitations
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:55:20Z/
url https://docs.rs/http/1.4.0/http/header/#limitations
10
reference_url https://github.com/bytecodealliance/wasmtime/releases/tag/v24.0.6
reference_id v24.0.6
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:55:20Z/
url https://github.com/bytecodealliance/wasmtime/releases/tag/v24.0.6
11
reference_url https://github.com/bytecodealliance/wasmtime/releases/tag/v36.0.6
reference_id v36.0.6
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:55:20Z/
url https://github.com/bytecodealliance/wasmtime/releases/tag/v36.0.6
12
reference_url https://github.com/bytecodealliance/wasmtime/releases/tag/v40.0.4
reference_id v40.0.4
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:55:20Z/
url https://github.com/bytecodealliance/wasmtime/releases/tag/v40.0.4
13
reference_url https://github.com/bytecodealliance/wasmtime/releases/tag/v41.0.4
reference_id v41.0.4
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:55:20Z/
url https://github.com/bytecodealliance/wasmtime/releases/tag/v41.0.4
fixed_packages
0
url pkg:cargo/wasmtime@24.0.6
purl pkg:cargo/wasmtime@24.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/wasmtime@24.0.6
1
url pkg:cargo/wasmtime@36.0.6
purl pkg:cargo/wasmtime@36.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/wasmtime@36.0.6
2
url pkg:cargo/wasmtime@40.0.4
purl pkg:cargo/wasmtime@40.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/wasmtime@40.0.4
aliases CVE-2026-27572, GHSA-243v-98vx-264h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2m6r-ymr5-yydu
1
url VCID-svnx-p11j-h7e7
vulnerability_id VCID-svnx-p11j-h7e7
summary Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of WASI host interfaces are susceptible to guest-controlled resource exhaustion on the host. Wasmtime did not appropriately place limits on resource allocations requested by the guests. This serves as a Denial of Service vector. Wasmtime 24.0.6, 36.0.6, 40.0.4, 41.0.4, and 42.0.0 have all been released with the fix for this issue. These versions do not prevent this issue in their default configuration to avoid breaking preexisting behaviors. All versions of Wasmtime have appropriate knobs to prevent this behavior, and Wasmtime 42.0.0-and-later will have these knobs tuned by default to prevent this issue from happening. There are no known workarounds for this issue without upgrading. Embedders are recommended to upgrade and configure their embeddings as necessary to prevent possibly-malicious guests from triggering this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27204.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27204.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27204
reference_id
reference_type
scores
0
value 0.00093
scoring_system epss
scoring_elements 0.2631
published_at 2026-06-14T12:55:00Z
1
value 0.00093
scoring_system epss
scoring_elements 0.26324
published_at 2026-06-13T12:55:00Z
2
value 0.00093
scoring_system epss
scoring_elements 0.26313
published_at 2026-06-12T12:55:00Z
3
value 0.00093
scoring_system epss
scoring_elements 0.26113
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27204
2
reference_url https://github.com/bytecodealliance/wasmtime
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bytecodealliance/wasmtime
3
reference_url https://rustsec.org/advisories/RUSTSEC-2026-0020.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2026-0020.html
4
reference_url https://github.com/bytecodealliance/wasmtime/issues/11552
reference_id 11552
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:54:41Z/
url https://github.com/bytecodealliance/wasmtime/issues/11552
5
reference_url https://github.com/bytecodealliance/wasmtime/pull/12599
reference_id 12599
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:54:41Z/
url https://github.com/bytecodealliance/wasmtime/pull/12599
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442480
reference_id 2442480
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442480
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27204
reference_id CVE-2026-27204
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27204
8
reference_url https://github.com/advisories/GHSA-852m-cvvp-9p4w
reference_id GHSA-852m-cvvp-9p4w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-852m-cvvp-9p4w
9
reference_url https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-852m-cvvp-9p4w
reference_id GHSA-852m-cvvp-9p4w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:54:41Z/
url https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-852m-cvvp-9p4w
10
reference_url https://docs.wasmtime.dev/security-what-is-considered-a-security-vulnerability.html
reference_id security-what-is-considered-a-security-vulnerability.html
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:54:41Z/
url https://docs.wasmtime.dev/security-what-is-considered-a-security-vulnerability.html
11
reference_url https://docs.rs/wasmtime/latest/wasmtime/component/struct.ResourceTable.html#method.set_max_capacity
reference_id struct.ResourceTable.html#method.set_max_capacity
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:54:41Z/
url https://docs.rs/wasmtime/latest/wasmtime/component/struct.ResourceTable.html#method.set_max_capacity
12
reference_url https://docs.rs/wasmtime/latest/wasmtime/struct.Store.html#method.set_hostcall_fuel
reference_id struct.Store.html#method.set_hostcall_fuel
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:54:41Z/
url https://docs.rs/wasmtime/latest/wasmtime/struct.Store.html#method.set_hostcall_fuel
13
reference_url https://docs.rs/wasmtime-wasi/latest/wasmtime_wasi/struct.WasiCtxBuilder.html#method.max_random_size
reference_id struct.WasiCtxBuilder.html#method.max_random_size
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:54:41Z/
url https://docs.rs/wasmtime-wasi/latest/wasmtime_wasi/struct.WasiCtxBuilder.html#method.max_random_size
fixed_packages
0
url pkg:cargo/wasmtime@24.0.6
purl pkg:cargo/wasmtime@24.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/wasmtime@24.0.6
1
url pkg:cargo/wasmtime@36.0.6
purl pkg:cargo/wasmtime@36.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/wasmtime@36.0.6
2
url pkg:cargo/wasmtime@40.0.4
purl pkg:cargo/wasmtime@40.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/wasmtime@40.0.4
aliases CVE-2026-27204, GHSA-852m-cvvp-9p4w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-svnx-p11j-h7e7
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:cargo/wasmtime@36.0.6