Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/nss@3.39-r0?arch=x86&distroversion=v3.16&reponame=community

Type apk

Namespace alpine

Name nss

Version 3.39-r0

Qualifiers

arch	x86
distroversion	v3.16
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.41-r0

Latest_non_vulnerable_version 3.76.1-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-6t2d-6uw6-fuhy

vulnerability_id VCID-6t2d-6uw6-fuhy

summary When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12384.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12384.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12384

reference_id

reference_type

scores

value	0.00622
scoring_system	epss
scoring_elements	0.7048
published_at	2026-06-04T12:55:00Z

value	0.00622
scoring_system	epss
scoring_elements	0.70521
published_at	2026-06-05T12:55:00Z

value	0.00622
scoring_system	epss
scoring_elements	0.7053
published_at	2026-06-06T12:55:00Z

value	0.00622
scoring_system	epss
scoring_elements	0.70513
published_at	2026-06-07T12:55:00Z

value	0.00622
scoring_system	epss
scoring_elements	0.70501
published_at	2026-06-08T12:55:00Z

value	0.00622
scoring_system	epss
scoring_elements	0.70524
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12384

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1622089
reference_id	1622089
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1622089

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908332
reference_id	908332
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908332

reference_url	https://access.redhat.com/errata/RHSA-2018:2768
reference_id	RHSA-2018:2768
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2768

reference_url	https://access.redhat.com/errata/RHSA-2018:2898
reference_id	RHSA-2018:2898
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2898

reference_url	https://usn.ubuntu.com/3850-1/
reference_id	USN-3850-1
reference_type
scores
url	https://usn.ubuntu.com/3850-1/

reference_url	https://usn.ubuntu.com/3850-2/
reference_id	USN-3850-2
reference_type
scores
url	https://usn.ubuntu.com/3850-2/

fixed_packages

url	pkg:apk/alpine/nss@3.39-r0?arch=x86&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/nss@3.39-r0?arch=x86&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nss@3.39-r0%3Farch=x86&distroversion=v3.16&reponame=community

aliases CVE-2018-12384

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6t2d-6uw6-fuhy

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nss@3.39-r0%3Farch=x86&distroversion=v3.16&reponame=community

Package Instance