Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/curl@8.1.0-r0?arch=riscv64&distroversion=v3.23&reponame=main
Typeapk
Namespacealpine
Namecurl
Version8.1.0-r0
Qualifiers
arch riscv64
distroversion v3.23
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version8.3.0-r0
Latest_non_vulnerable_version8.19.0-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-g4n9-kg3s-pfcr
vulnerability_id VCID-g4n9-kg3s-pfcr
summary An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28321.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28321.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28321
reference_id
reference_type
scores
0
value 0.00297
scoring_system epss
scoring_elements 0.5335
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28321
2
reference_url https://curl.se/docs/CVE-2023-28321.html
reference_id
reference_type
scores
0
value Low
scoring_system cvssv3.1
scoring_elements
url https://curl.se/docs/CVE-2023-28321.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28321
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28321
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/1950627
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/
url https://hackerone.com/reports/1950627
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239
reference_id 1036239
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2196786
reference_id 2196786
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2196786
8
reference_url http://seclists.org/fulldisclosure/2023/Jul/47
reference_id 47
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/
url http://seclists.org/fulldisclosure/2023/Jul/47
9
reference_url http://seclists.org/fulldisclosure/2023/Jul/48
reference_id 48
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/
url http://seclists.org/fulldisclosure/2023/Jul/48
10
reference_url http://seclists.org/fulldisclosure/2023/Jul/52
reference_id 52
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/
url http://seclists.org/fulldisclosure/2023/Jul/52
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/
reference_id F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/
12
reference_url https://security.gentoo.org/glsa/202310-12
reference_id GLSA-202310-12
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/
url https://security.gentoo.org/glsa/202310-12
13
reference_url https://support.apple.com/kb/HT213843
reference_id HT213843
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/
url https://support.apple.com/kb/HT213843
14
reference_url https://support.apple.com/kb/HT213844
reference_id HT213844
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/
url https://support.apple.com/kb/HT213844
15
reference_url https://support.apple.com/kb/HT213845
reference_id HT213845
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/
url https://support.apple.com/kb/HT213845
16
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html
reference_id msg00016.html
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/
url https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html
17
reference_url https://security.netapp.com/advisory/ntap-20230609-0009/
reference_id ntap-20230609-0009
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/
url https://security.netapp.com/advisory/ntap-20230609-0009/
18
reference_url https://access.redhat.com/errata/RHSA-2023:4354
reference_id RHSA-2023:4354
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4354
19
reference_url https://access.redhat.com/errata/RHSA-2023:4523
reference_id RHSA-2023:4523
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4523
20
reference_url https://access.redhat.com/errata/RHSA-2023:4628
reference_id RHSA-2023:4628
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4628
21
reference_url https://access.redhat.com/errata/RHSA-2023:4629
reference_id RHSA-2023:4629
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4629
22
reference_url https://access.redhat.com/errata/RHSA-2023:5598
reference_id RHSA-2023:5598
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5598
23
reference_url https://access.redhat.com/errata/RHSA-2023:6292
reference_id RHSA-2023:6292
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6292
24
reference_url https://usn.ubuntu.com/6237-1/
reference_id USN-6237-1
reference_type
scores
url https://usn.ubuntu.com/6237-1/
25
reference_url https://usn.ubuntu.com/6237-3/
reference_id USN-6237-3
reference_type
scores
url https://usn.ubuntu.com/6237-3/
26
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/
reference_id Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/
fixed_packages
0
url pkg:apk/alpine/curl@8.1.0-r0?arch=riscv64&distroversion=v3.23&reponame=main
purl pkg:apk/alpine/curl@8.1.0-r0?arch=riscv64&distroversion=v3.23&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.1.0-r0%3Farch=riscv64&distroversion=v3.23&reponame=main
aliases CVE-2023-28321
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g4n9-kg3s-pfcr
1
url VCID-sutv-qt2x-2yc7
vulnerability_id VCID-sutv-qt2x-2yc7
summary An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28322.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28322.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28322
reference_id
reference_type
scores
0
value 0.00631
scoring_system epss
scoring_elements 0.70725
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28322
2
reference_url https://curl.se/docs/CVE-2023-28322.html
reference_id
reference_type
scores
0
value Low
scoring_system cvssv3.1
scoring_elements
url https://curl.se/docs/CVE-2023-28322.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28322
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28322
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/1954658
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/
url https://hackerone.com/reports/1954658
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239
reference_id 1036239
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2196793
reference_id 2196793
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2196793
8
reference_url http://seclists.org/fulldisclosure/2023/Jul/47
reference_id 47
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/
url http://seclists.org/fulldisclosure/2023/Jul/47
9
reference_url http://seclists.org/fulldisclosure/2023/Jul/48
reference_id 48
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/
url http://seclists.org/fulldisclosure/2023/Jul/48
10
reference_url http://seclists.org/fulldisclosure/2023/Jul/52
reference_id 52
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/
url http://seclists.org/fulldisclosure/2023/Jul/52
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/
reference_id F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/
12
reference_url https://security.gentoo.org/glsa/202310-12
reference_id GLSA-202310-12
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/
url https://security.gentoo.org/glsa/202310-12
13
reference_url https://support.apple.com/kb/HT213843
reference_id HT213843
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/
url https://support.apple.com/kb/HT213843
14
reference_url https://support.apple.com/kb/HT213844
reference_id HT213844
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/
url https://support.apple.com/kb/HT213844
15
reference_url https://support.apple.com/kb/HT213845
reference_id HT213845
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/
url https://support.apple.com/kb/HT213845
16
reference_url https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html
reference_id msg00015.html
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/
url https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html
17
reference_url https://security.netapp.com/advisory/ntap-20230609-0009/
reference_id ntap-20230609-0009
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/
url https://security.netapp.com/advisory/ntap-20230609-0009/
18
reference_url https://access.redhat.com/errata/RHSA-2023:4354
reference_id RHSA-2023:4354
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4354
19
reference_url https://access.redhat.com/errata/RHSA-2023:4628
reference_id RHSA-2023:4628
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4628
20
reference_url https://access.redhat.com/errata/RHSA-2023:4629
reference_id RHSA-2023:4629
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4629
21
reference_url https://access.redhat.com/errata/RHSA-2023:5598
reference_id RHSA-2023:5598
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5598
22
reference_url https://access.redhat.com/errata/RHSA-2024:0428
reference_id RHSA-2024:0428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0428
23
reference_url https://access.redhat.com/errata/RHSA-2024:0585
reference_id RHSA-2024:0585
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0585
24
reference_url https://access.redhat.com/errata/RHSA-2024:1601
reference_id RHSA-2024:1601
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1601
25
reference_url https://access.redhat.com/errata/RHSA-2024:2092
reference_id RHSA-2024:2092
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2092
26
reference_url https://access.redhat.com/errata/RHSA-2024:2093
reference_id RHSA-2024:2093
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2093
27
reference_url https://usn.ubuntu.com/6237-1/
reference_id USN-6237-1
reference_type
scores
url https://usn.ubuntu.com/6237-1/
28
reference_url https://usn.ubuntu.com/6237-3/
reference_id USN-6237-3
reference_type
scores
url https://usn.ubuntu.com/6237-3/
29
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/
reference_id Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/
fixed_packages
0
url pkg:apk/alpine/curl@8.1.0-r0?arch=riscv64&distroversion=v3.23&reponame=main
purl pkg:apk/alpine/curl@8.1.0-r0?arch=riscv64&distroversion=v3.23&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.1.0-r0%3Farch=riscv64&distroversion=v3.23&reponame=main
aliases CVE-2023-28322
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sutv-qt2x-2yc7
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.1.0-r0%3Farch=riscv64&distroversion=v3.23&reponame=main