Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/apache2@2.4.56-r0?arch=aarch64&distroversion=v3.21&reponame=main
Typeapk
Namespacealpine
Nameapache2
Version2.4.56-r0
Qualifiers
arch aarch64
distroversion v3.21
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.4.58-r0
Latest_non_vulnerable_version2.4.66-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-4c3m-m6ku-kbhq
vulnerability_id VCID-4c3m-m6ku-kbhq
summary 
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.

Special characters in the origin response header can truncate/split the response forwarded to the client.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27522.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27522.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27522
reference_id
reference_type
scores
0
value 0.00781
scoring_system epss
scoring_elements 0.7369
published_at 2026-04-13T12:55:00Z
1
value 0.00781
scoring_system epss
scoring_elements 0.73675
published_at 2026-04-04T12:55:00Z
2
value 0.00781
scoring_system epss
scoring_elements 0.73699
published_at 2026-04-12T12:55:00Z
3
value 0.00781
scoring_system epss
scoring_elements 0.73717
published_at 2026-04-11T12:55:00Z
4
value 0.00781
scoring_system epss
scoring_elements 0.73696
published_at 2026-04-09T12:55:00Z
5
value 0.00781
scoring_system epss
scoring_elements 0.73683
published_at 2026-04-08T12:55:00Z
6
value 0.00781
scoring_system epss
scoring_elements 0.73651
published_at 2026-04-02T12:55:00Z
7
value 0.00781
scoring_system epss
scoring_elements 0.73647
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27522
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/apache/httpd/commit/d753ea76b5972a85349b68c31b59d04c60014f2d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/httpd/commit/d753ea76b5972a85349b68c31b59d04c60014f2d
9
reference_url https://github.com/unbit/uwsgi
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/unbit/uwsgi
10
reference_url https://github.com/unbit/uwsgi/commit/58ee1df31fa9e9af106aaeabb82374c36b433822
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/unbit/uwsgi/commit/58ee1df31fa9e9af106aaeabb82374c36b433822
11
reference_url https://github.com/unbit/uwsgi/commit/acb03530aaaeaa810f28a5b64da619525940f569
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/unbit/uwsgi/commit/acb03530aaaeaa810f28a5b64da619525940f569
12
reference_url https://httpd.apache.org/security/vulnerabilities_24.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:41:55Z/
url https://httpd.apache.org/security/vulnerabilities_24.html
13
reference_url https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:41:55Z/
url https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html
14
reference_url https://security.gentoo.org/glsa/202309-01
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:41:55Z/
url https://security.gentoo.org/glsa/202309-01
15
reference_url https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.22.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.22.html
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476
reference_id 1032476
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2176211
reference_id 2176211
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2176211
18
reference_url https://httpd.apache.org/security/json/CVE-2023-27522.json
reference_id CVE-2023-27522
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2023-27522.json
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27522
reference_id CVE-2023-27522
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27522
20
reference_url https://github.com/advisories/GHSA-vcph-37mh-fqrh
reference_id GHSA-vcph-37mh-fqrh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vcph-37mh-fqrh
21
reference_url https://access.redhat.com/errata/RHSA-2023:4628
reference_id RHSA-2023:4628
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4628
22
reference_url https://access.redhat.com/errata/RHSA-2023:4629
reference_id RHSA-2023:4629
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4629
23
reference_url https://access.redhat.com/errata/RHSA-2023:5049
reference_id RHSA-2023:5049
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5049
24
reference_url https://access.redhat.com/errata/RHSA-2023:5050
reference_id RHSA-2023:5050
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5050
25
reference_url https://access.redhat.com/errata/RHSA-2023:6403
reference_id RHSA-2023:6403
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6403
26
reference_url https://access.redhat.com/errata/RHSA-2024:4504
reference_id RHSA-2024:4504
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4504
27
reference_url https://usn.ubuntu.com/5942-1/
reference_id USN-5942-1
reference_type
scores
url https://usn.ubuntu.com/5942-1/
fixed_packages
0
url pkg:apk/alpine/apache2@2.4.56-r0?arch=aarch64&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/apache2@2.4.56-r0?arch=aarch64&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apache2@2.4.56-r0%3Farch=aarch64&distroversion=v3.21&reponame=main
aliases CVE-2023-27522, GHSA-vcph-37mh-fqrh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4c3m-m6ku-kbhq
1
url VCID-edvy-cern-6kcu
vulnerability_id VCID-edvy-cern-6kcu
summary 
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.




Configurations are affected when mod_proxy is enabled along with some form of RewriteRule
 or ProxyPassMatch in which a non-specific pattern matches
 some portion of the user-supplied request-target (URL) data and is then
 re-inserted into the proxied request-target using variable 
substitution. For example, something like:




RewriteEngine on
RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P]
ProxyPassReverse /here/ http://example.com:8080/


Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25690.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25690.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25690
reference_id
reference_type
scores
0
value 0.68183
scoring_system epss
scoring_elements 0.98587
published_at 2026-04-02T12:55:00Z
1
value 0.68183
scoring_system epss
scoring_elements 0.98591
published_at 2026-04-04T12:55:00Z
2
value 0.68183
scoring_system epss
scoring_elements 0.98592
published_at 2026-04-07T12:55:00Z
3
value 0.68183
scoring_system epss
scoring_elements 0.98595
published_at 2026-04-08T12:55:00Z
4
value 0.68183
scoring_system epss
scoring_elements 0.98596
published_at 2026-04-09T12:55:00Z
5
value 0.68183
scoring_system epss
scoring_elements 0.98598
published_at 2026-04-11T12:55:00Z
6
value 0.68183
scoring_system epss
scoring_elements 0.98599
published_at 2026-04-12T12:55:00Z
7
value 0.68183
scoring_system epss
scoring_elements 0.986
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25690
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476
reference_id 1032476
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2176209
reference_id 2176209
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2176209
10
reference_url http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html
reference_id Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-18T15:37:02Z/
url http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html
11
reference_url https://httpd.apache.org/security/json/CVE-2023-25690.json
reference_id CVE-2023-25690
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2023-25690.json
12
reference_url https://access.redhat.com/errata/RHSA-2023:1547
reference_id RHSA-2023:1547
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1547
13
reference_url https://access.redhat.com/errata/RHSA-2023:1593
reference_id RHSA-2023:1593
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1593
14
reference_url https://access.redhat.com/errata/RHSA-2023:1596
reference_id RHSA-2023:1596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1596
15
reference_url https://access.redhat.com/errata/RHSA-2023:1597
reference_id RHSA-2023:1597
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1597
16
reference_url https://access.redhat.com/errata/RHSA-2023:1670
reference_id RHSA-2023:1670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1670
17
reference_url https://access.redhat.com/errata/RHSA-2023:1672
reference_id RHSA-2023:1672
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1672
18
reference_url https://access.redhat.com/errata/RHSA-2023:1673
reference_id RHSA-2023:1673
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1673
19
reference_url https://access.redhat.com/errata/RHSA-2023:1916
reference_id RHSA-2023:1916
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1916
20
reference_url https://access.redhat.com/errata/RHSA-2023:3292
reference_id RHSA-2023:3292
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3292
21
reference_url https://access.redhat.com/errata/RHSA-2023:3354
reference_id RHSA-2023:3354
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3354
22
reference_url https://access.redhat.com/errata/RHSA-2023:3355
reference_id RHSA-2023:3355
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3355
23
reference_url https://usn.ubuntu.com/5942-1/
reference_id USN-5942-1
reference_type
scores
url https://usn.ubuntu.com/5942-1/
24
reference_url https://usn.ubuntu.com/5942-2/
reference_id USN-5942-2
reference_type
scores
url https://usn.ubuntu.com/5942-2/
fixed_packages
0
url pkg:apk/alpine/apache2@2.4.56-r0?arch=aarch64&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/apache2@2.4.56-r0?arch=aarch64&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apache2@2.4.56-r0%3Farch=aarch64&distroversion=v3.21&reponame=main
aliases CVE-2023-25690
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-edvy-cern-6kcu
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/apache2@2.4.56-r0%3Farch=aarch64&distroversion=v3.21&reponame=main