Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/go@0?arch=armhf&distroversion=v3.23&reponame=community
Typeapk
Namespacealpine
Namego
Version0
Qualifiers
arch armhf
distroversion v3.23
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.9.4-r0
Latest_non_vulnerable_version1.25.10-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-7r24-w1n2-1keq
vulnerability_id VCID-7r24-w1n2-1keq
summary On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS("C:/tmp").Open("COM1") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS("") has changed. Previously, an empty root was treated equivalently to "/", so os.DirFS("").Open("tmp") would open the path "/tmp". This now returns an error.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41720.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41720.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41720
reference_id
reference_type
scores
0
value 0.00035
scoring_system epss
scoring_elements 0.1065
published_at 2026-06-04T12:55:00Z
1
value 0.00035
scoring_system epss
scoring_elements 0.10617
published_at 2026-06-09T12:55:00Z
2
value 0.00035
scoring_system epss
scoring_elements 0.10693
published_at 2026-06-05T12:55:00Z
3
value 0.00035
scoring_system epss
scoring_elements 0.10718
published_at 2026-06-06T12:55:00Z
4
value 0.00035
scoring_system epss
scoring_elements 0.10681
published_at 2026-06-07T12:55:00Z
5
value 0.00035
scoring_system epss
scoring_elements 0.10597
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41720
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41720
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41720
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2161271
reference_id 2161271
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2161271
4
reference_url https://go.dev/cl/455716
reference_id 455716
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:41:16Z/
url https://go.dev/cl/455716
5
reference_url https://go.dev/issue/56694
reference_id 56694
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:41:16Z/
url https://go.dev/issue/56694
6
reference_url https://pkg.go.dev/vuln/GO-2022-1143
reference_id GO-2022-1143
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:41:16Z/
url https://pkg.go.dev/vuln/GO-2022-1143
fixed_packages
0
url pkg:apk/alpine/go@0?arch=armhf&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/go@0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@0%3Farch=armhf&distroversion=v3.23&reponame=community
aliases CVE-2022-41720
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7r24-w1n2-1keq
1
url VCID-7t1b-2sh5-syds
vulnerability_id VCID-7t1b-2sh5-syds
summary Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D".
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41716
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02415
published_at 2026-06-04T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02427
published_at 2026-06-05T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02423
published_at 2026-06-06T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02371
published_at 2026-06-07T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.02357
published_at 2026-06-08T12:55:00Z
5
value 0.00013
scoring_system epss
scoring_elements 0.02315
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41716
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41716
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41716
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://go.dev/cl/446916
reference_id 446916
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:02:04Z/
url https://go.dev/cl/446916
4
reference_url https://go.dev/issue/56284
reference_id 56284
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:02:04Z/
url https://go.dev/issue/56284
5
reference_url https://pkg.go.dev/vuln/GO-2022-1095
reference_id GO-2022-1095
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:02:04Z/
url https://pkg.go.dev/vuln/GO-2022-1095
6
reference_url https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ
reference_id hSpmRzk-AgAJ
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:02:04Z/
url https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ
fixed_packages
0
url pkg:apk/alpine/go@0?arch=armhf&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/go@0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@0%3Farch=armhf&distroversion=v3.23&reponame=community
aliases CVE-2022-41716
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7t1b-2sh5-syds
2
url VCID-czpa-dun8-hkfw
vulnerability_id VCID-czpa-dun8-hkfw
summary A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41722.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41722.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41722
reference_id
reference_type
scores
0
value 0.00333
scoring_system epss
scoring_elements 0.56449
published_at 2026-06-05T12:55:00Z
1
value 0.00333
scoring_system epss
scoring_elements 0.56394
published_at 2026-06-04T12:55:00Z
2
value 0.00333
scoring_system epss
scoring_elements 0.56443
published_at 2026-06-07T12:55:00Z
3
value 0.00333
scoring_system epss
scoring_elements 0.56454
published_at 2026-06-06T12:55:00Z
4
value 0.00452
scoring_system epss
scoring_elements 0.64115
published_at 2026-06-09T12:55:00Z
5
value 0.00452
scoring_system epss
scoring_elements 0.64095
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41722
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41722
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41722
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2203008
reference_id 2203008
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2203008
4
reference_url https://go.dev/cl/468123
reference_id 468123
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T17:58:38Z/
url https://go.dev/cl/468123
5
reference_url https://go.dev/issue/57274
reference_id 57274
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T17:58:38Z/
url https://go.dev/issue/57274
6
reference_url https://pkg.go.dev/vuln/GO-2023-1568
reference_id GO-2023-1568
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T17:58:38Z/
url https://pkg.go.dev/vuln/GO-2023-1568
7
reference_url https://access.redhat.com/errata/RHSA-2023:1325
reference_id RHSA-2023:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1325
8
reference_url https://access.redhat.com/errata/RHSA-2023:3304
reference_id RHSA-2023:3304
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3304
9
reference_url https://access.redhat.com/errata/RHSA-2023:3366
reference_id RHSA-2023:3366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3366
fixed_packages
0
url pkg:apk/alpine/go@0?arch=armhf&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/go@0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@0%3Farch=armhf&distroversion=v3.23&reponame=community
aliases CVE-2022-41722
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-czpa-dun8-hkfw
3
url VCID-nzay-a6zy-n3h6
vulnerability_id VCID-nzay-a6zy-n3h6
summary On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-24787
reference_id
reference_type
scores
0
value 0.03204
scoring_system epss
scoring_elements 0.87267
published_at 2026-06-05T12:55:00Z
1
value 0.03204
scoring_system epss
scoring_elements 0.87271
published_at 2026-06-09T12:55:00Z
2
value 0.03204
scoring_system epss
scoring_elements 0.87259
published_at 2026-06-08T12:55:00Z
3
value 0.03204
scoring_system epss
scoring_elements 0.87262
published_at 2026-06-07T12:55:00Z
4
value 0.03204
scoring_system epss
scoring_elements 0.87264
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-24787
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url http://www.openwall.com/lists/oss-security/2024/05/08/3
reference_id 3
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T14:49:29Z/
url http://www.openwall.com/lists/oss-security/2024/05/08/3
3
reference_url https://go.dev/cl/583815
reference_id 583815
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T14:49:29Z/
url https://go.dev/cl/583815
4
reference_url https://go.dev/issue/67119
reference_id 67119
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T14:49:29Z/
url https://go.dev/issue/67119
5
reference_url https://pkg.go.dev/vuln/GO-2024-2825
reference_id GO-2024-2825
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T14:49:29Z/
url https://pkg.go.dev/vuln/GO-2024-2825
6
reference_url https://security.netapp.com/advisory/ntap-20240531-0006/
reference_id ntap-20240531-0006
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T14:49:29Z/
url https://security.netapp.com/advisory/ntap-20240531-0006/
7
reference_url https://groups.google.com/g/golang-announce/c/wkkO4P9stm0
reference_id wkkO4P9stm0
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T14:49:29Z/
url https://groups.google.com/g/golang-announce/c/wkkO4P9stm0
fixed_packages
0
url pkg:apk/alpine/go@0?arch=armhf&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/go@0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@0%3Farch=armhf&distroversion=v3.23&reponame=community
aliases CVE-2024-24787
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nzay-a6zy-n3h6
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@0%3Farch=armhf&distroversion=v3.23&reponame=community