Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/curl@7.49.1-r1?arch=x86&distroversion=v3.3&reponame=main

Type apk

Namespace alpine

Name curl

Version 7.49.1-r1

Qualifiers

arch	x86
distroversion	v3.3
reponame	main

Subpath

Is_vulnerable false

Next_non_vulnerable_version 7.49.1-r3

Latest_non_vulnerable_version 7.55.0-r2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-6rk4-vb5u-bkg6

vulnerability_id VCID-6rk4-vb5u-bkg6

summary curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5420.json

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5420.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-5420

reference_id

reference_type

scores

value	0.01071
scoring_system	epss
scoring_elements	0.7808
published_at	2026-06-04T12:55:00Z

value	0.01071
scoring_system	epss
scoring_elements	0.78108
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-5420

reference_url

https://curl.se/docs/CVE-2016-5420.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2016-5420.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1362190
reference_id	1362190
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1362190

reference_url	https://security.gentoo.org/glsa/201701-47
reference_id	GLSA-201701-47
reference_type
scores
url	https://security.gentoo.org/glsa/201701-47

reference_url	https://access.redhat.com/errata/RHSA-2016:2575
reference_id	RHSA-2016:2575
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2575

reference_url	https://access.redhat.com/errata/RHSA-2016:2957
reference_id	RHSA-2016:2957
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2957

reference_url	https://usn.ubuntu.com/3048-1/
reference_id	USN-3048-1
reference_type
scores
url	https://usn.ubuntu.com/3048-1/

fixed_packages

url	pkg:apk/alpine/curl@7.49.1-r1?arch=x86&distroversion=v3.3&reponame=main
purl	pkg:apk/alpine/curl@7.49.1-r1?arch=x86&distroversion=v3.3&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@7.49.1-r1%3Farch=x86&distroversion=v3.3&reponame=main

aliases CVE-2016-5420

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6rk4-vb5u-bkg6

url VCID-dndt-tapy-23d2

vulnerability_id VCID-dndt-tapy-23d2

summary curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5419.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5419.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-5419

reference_id

reference_type

scores

value	0.01912
scoring_system	epss
scoring_elements	0.83631
published_at	2026-06-04T12:55:00Z

value	0.01912
scoring_system	epss
scoring_elements	0.83655
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-5419

reference_url

https://curl.se/docs/CVE-2016-5419.html

reference_id

reference_type

scores

value	High
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2016-5419.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1362183
reference_id	1362183
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1362183

reference_url	https://security.gentoo.org/glsa/201701-47
reference_id	GLSA-201701-47
reference_type
scores
url	https://security.gentoo.org/glsa/201701-47

reference_url	https://access.redhat.com/errata/RHSA-2016:2575
reference_id	RHSA-2016:2575
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2575

reference_url	https://access.redhat.com/errata/RHSA-2016:2957
reference_id	RHSA-2016:2957
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2957

reference_url	https://usn.ubuntu.com/3048-1/
reference_id	USN-3048-1
reference_type
scores
url	https://usn.ubuntu.com/3048-1/

fixed_packages

url	pkg:apk/alpine/curl@7.49.1-r1?arch=x86&distroversion=v3.3&reponame=main
purl	pkg:apk/alpine/curl@7.49.1-r1?arch=x86&distroversion=v3.3&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@7.49.1-r1%3Farch=x86&distroversion=v3.3&reponame=main

aliases CVE-2016-5419

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dndt-tapy-23d2

url VCID-mq44-5pmp-2qhh

vulnerability_id VCID-mq44-5pmp-2qhh

summary Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5421.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5421.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-5421

reference_id

reference_type

scores

value	0.01092
scoring_system	epss
scoring_elements	0.78294
published_at	2026-06-04T12:55:00Z

value	0.01092
scoring_system	epss
scoring_elements	0.7832
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-5421

reference_url

https://curl.se/docs/CVE-2016-5421.html

reference_id

reference_type

scores

value	High
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2016-5421.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1362199
reference_id	1362199
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1362199

reference_url	https://security.gentoo.org/glsa/201701-47
reference_id	GLSA-201701-47
reference_type
scores
url	https://security.gentoo.org/glsa/201701-47

reference_url	https://usn.ubuntu.com/3048-1/
reference_id	USN-3048-1
reference_type
scores
url	https://usn.ubuntu.com/3048-1/

fixed_packages

url	pkg:apk/alpine/curl@7.49.1-r1?arch=x86&distroversion=v3.3&reponame=main
purl	pkg:apk/alpine/curl@7.49.1-r1?arch=x86&distroversion=v3.3&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@7.49.1-r1%3Farch=x86&distroversion=v3.3&reponame=main

aliases CVE-2016-5421

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mq44-5pmp-2qhh

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@7.49.1-r1%3Farch=x86&distroversion=v3.3&reponame=main

Package Instance