Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/pdns-recursor@4.3.1-r0?arch=armv7&distroversion=v3.14&reponame=community

Type apk

Namespace alpine

Name pdns-recursor

Version 4.3.1-r0

Qualifiers

arch	armv7
distroversion	v3.14
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version 4.3.2-r0

Latest_non_vulnerable_version 4.3.5-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-8tet-nec6-zkfw

vulnerability_id VCID-8tet-nec6-zkfw

summary PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. This is triggered by random subdomains in the NSDNAME in NS records. PowerDNS Recursor 4.1.16, 4.2.2 and 4.3.1 contain a mitigation to limit the impact of this DNS protocol issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10995

reference_id

reference_type

scores

value	0.00126
scoring_system	epss
scoring_elements	0.31395
published_at	2026-06-04T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31464
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10995

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244

reference_url	https://security.archlinux.org/ASA-202005-10
reference_id	ASA-202005-10
reference_type
scores
url	https://security.archlinux.org/ASA-202005-10

reference_url

https://security.archlinux.org/AVG-1163

reference_id

AVG-1163

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1163

fixed_packages

url	pkg:apk/alpine/pdns-recursor@4.3.1-r0?arch=armv7&distroversion=v3.14&reponame=community
purl	pkg:apk/alpine/pdns-recursor@4.3.1-r0?arch=armv7&distroversion=v3.14&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pdns-recursor@4.3.1-r0%3Farch=armv7&distroversion=v3.14&reponame=community

aliases CVE-2020-10995

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8tet-nec6-zkfw

url VCID-ped2-apf8-8ygw

vulnerability_id VCID-ped2-apf8-8ygw

summary An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-12244

reference_id

reference_type

scores

value	0.00061
scoring_system	epss
scoring_elements	0.1935
published_at	2026-06-04T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19425
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-12244

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244

reference_url	https://security.archlinux.org/ASA-202005-10
reference_id	ASA-202005-10
reference_type
scores
url	https://security.archlinux.org/ASA-202005-10

reference_url

https://security.archlinux.org/AVG-1163

reference_id

AVG-1163

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1163

fixed_packages

url	pkg:apk/alpine/pdns-recursor@4.3.1-r0?arch=armv7&distroversion=v3.14&reponame=community
purl	pkg:apk/alpine/pdns-recursor@4.3.1-r0?arch=armv7&distroversion=v3.14&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pdns-recursor@4.3.1-r0%3Farch=armv7&distroversion=v3.14&reponame=community

aliases CVE-2020-12244

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ped2-apf8-8ygw

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pdns-recursor@4.3.1-r0%3Farch=armv7&distroversion=v3.14&reponame=community

Package Instance