Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/git@2.40.4-r0?arch=x86&distroversion=v3.18&reponame=main
Typeapk
Namespacealpine
Namegit
Version2.40.4-r0
Qualifiers
arch x86
distroversion v3.18
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-7b54-2124-wudx
vulnerability_id VCID-7b54-2124-wudx
summary Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt (i.e. without using any credential helper), it prints out the host name for which the user is expected to provide a username and/or a password. At this stage, any URL-encoded parts have been decoded already, and are printed verbatim. This allows attackers to craft URLs that contain ANSI escape sequences that the terminal interpret to confuse users e.g. into providing passwords for trusted Git hosting sites when in fact they are then sent to untrusted sites that are under the attacker's control. This issue has been patch via commits `7725b81` and `c903985` which are included in release versions v2.48.1, v2.47.2, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50349.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50349.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-50349
reference_id
reference_type
scores
0
value 0.02784
scoring_system epss
scoring_elements 0.86363
published_at 2026-06-09T12:55:00Z
1
value 0.02784
scoring_system epss
scoring_elements 0.86364
published_at 2026-06-05T12:55:00Z
2
value 0.02784
scoring_system epss
scoring_elements 0.86366
published_at 2026-06-06T12:55:00Z
3
value 0.02784
scoring_system epss
scoring_elements 0.86362
published_at 2026-06-07T12:55:00Z
4
value 0.02784
scoring_system epss
scoring_elements 0.8635
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-50349
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50349
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50349
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093042
reference_id 1093042
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093042
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2337824
reference_id 2337824
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2337824
6
reference_url https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8
reference_id 7725b8100ffbbff2750ee4d61a0fcc1f53a086e8
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:22:40Z/
url https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8
7
reference_url https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577
reference_id c903985bf7e772e2d08275c1a95c8a55ab011577
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:22:40Z/
url https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577
8
reference_url https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr
reference_id GHSA-hmg8-h7qf-7cxr
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:22:40Z/
url https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr
9
reference_url https://access.redhat.com/errata/RHSA-2025:11462
reference_id RHSA-2025:11462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11462
10
reference_url https://access.redhat.com/errata/RHSA-2025:11533
reference_id RHSA-2025:11533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11533
11
reference_url https://access.redhat.com/errata/RHSA-2025:11534
reference_id RHSA-2025:11534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11534
12
reference_url https://access.redhat.com/errata/RHSA-2025:19601
reference_id RHSA-2025:19601
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19601
13
reference_url https://usn.ubuntu.com/7207-1/
reference_id USN-7207-1
reference_type
scores
url https://usn.ubuntu.com/7207-1/
14
reference_url https://usn.ubuntu.com/7207-2/
reference_id USN-7207-2
reference_type
scores
url https://usn.ubuntu.com/7207-2/
15
reference_url https://usn.ubuntu.com/7964-1/
reference_id USN-7964-1
reference_type
scores
url https://usn.ubuntu.com/7964-1/
fixed_packages
0
url pkg:apk/alpine/git@2.40.4-r0?arch=x86&distroversion=v3.18&reponame=main
purl pkg:apk/alpine/git@2.40.4-r0?arch=x86&distroversion=v3.18&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/git@2.40.4-r0%3Farch=x86&distroversion=v3.18&reponame=main
aliases CVE-2024-50349
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7b54-2124-wudx
1
url VCID-txbr-22uc-hybf
vulnerability_id VCID-txbr-22uc-hybf
summary Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems (most notably, .NET and node.js) interpret single Carriage Return characters as newlines, which renders the protections against CVE-2020-5260 incomplete for credential helpers that treat Carriage Returns in this way. This issue has been addressed in commit `b01b9b8` which is included in release versions v2.48.1, v2.47.2, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52006.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52006.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52006
reference_id
reference_type
scores
0
value 0.03365
scoring_system epss
scoring_elements 0.87603
published_at 2026-06-09T12:55:00Z
1
value 0.03365
scoring_system epss
scoring_elements 0.87593
published_at 2026-06-05T12:55:00Z
2
value 0.03365
scoring_system epss
scoring_elements 0.87592
published_at 2026-06-06T12:55:00Z
3
value 0.03365
scoring_system epss
scoring_elements 0.87591
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52006
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52006
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52006
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093042
reference_id 1093042
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093042
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2337956
reference_id 2337956
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2337956
6
reference_url https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060
reference_id b01b9b81d36759cdcd07305e78765199e1bc2060
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T18:52:03Z/
url https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060
7
reference_url https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g
reference_id GHSA-86c2-4x57-wc8g
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T18:52:03Z/
url https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g
8
reference_url https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q
reference_id GHSA-qm7j-c969-7j4q
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T18:52:03Z/
url https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q
9
reference_url https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp
reference_id GHSA-r5ph-xg7q-xfrp
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T18:52:03Z/
url https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp
10
reference_url https://access.redhat.com/errata/RHSA-2025:11462
reference_id RHSA-2025:11462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11462
11
reference_url https://access.redhat.com/errata/RHSA-2025:11533
reference_id RHSA-2025:11533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11533
12
reference_url https://access.redhat.com/errata/RHSA-2025:11534
reference_id RHSA-2025:11534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11534
13
reference_url https://usn.ubuntu.com/7207-1/
reference_id USN-7207-1
reference_type
scores
url https://usn.ubuntu.com/7207-1/
14
reference_url https://usn.ubuntu.com/7207-2/
reference_id USN-7207-2
reference_type
scores
url https://usn.ubuntu.com/7207-2/
15
reference_url https://usn.ubuntu.com/7964-1/
reference_id USN-7964-1
reference_type
scores
url https://usn.ubuntu.com/7964-1/
fixed_packages
0
url pkg:apk/alpine/git@2.40.4-r0?arch=x86&distroversion=v3.18&reponame=main
purl pkg:apk/alpine/git@2.40.4-r0?arch=x86&distroversion=v3.18&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/git@2.40.4-r0%3Farch=x86&distroversion=v3.18&reponame=main
aliases CVE-2024-52006
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-txbr-22uc-hybf
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/git@2.40.4-r0%3Farch=x86&distroversion=v3.18&reponame=main