Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/golang-github-nats-io-nkeys@0.4.10-1?distro=trixie

Type deb

Namespace debian

Name golang-github-nats-io-nkeys

Version 0.4.10-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 0.4.15-1

Latest_non_vulnerable_version 0.4.16-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-zd5j-3vyt-yqf3

vulnerability_id VCID-zd5j-3vyt-yqf3

summary

NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server 2.10 (Sep 2023) and newer for authentication callouts. In nkeys versions 0.4.0 through 0.4.5, corresponding with NATS server versions 2.10.0 through 2.10.3, the nkeys library's `xkeys` encryption handling logic mistakenly passed an array by value into an internal function, where the function mutated that buffer to populate the encryption key to use. As a result, all encryption was actually to an all-zeros key. This affects encryption only, not signing.  
FIXME: FILL IN IMPACT ON NATS-SERVER AUTH CALLOUT SECURITY. nkeys Go library 0.4.6, corresponding with NATS Server 2.10.4, has a patch for this issue. No known workarounds are available. For any application handling auth callouts in Go, if using the nkeys library, update the dependency, recompile and deploy that in lockstep.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46129.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46129.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-46129

reference_id

reference_type

scores

value	0.00149
scoring_system	epss
scoring_elements	0.35404
published_at	2026-06-14T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35424
published_at	2026-06-13T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35401
published_at	2026-06-12T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35224
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-46129

reference_url

https://github.com/nats-io/nkeys

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/nats-io/nkeys

reference_url

https://github.com/nats-io/nkeys/commit/58fb9d69f42ea73fffad1d14e5914dc666f3daa1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/nats-io/nkeys/commit/58fb9d69f42ea73fffad1d14e5914dc666f3daa1

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-46129

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-46129

reference_url

http://www.openwall.com/lists/oss-security/2023/10/31/1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:50:00Z/

url

http://www.openwall.com/lists/oss-security/2023/10/31/1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055010
reference_id	1055010
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055010

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055011
reference_id	1055011
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055011

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2246986
reference_id	2246986
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2246986

reference_url

https://github.com/nats-io/nkeys/security/advisories/GHSA-mr45-rx8q-wcm9

reference_id

GHSA-mr45-rx8q-wcm9

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:50:00Z/

url

https://github.com/nats-io/nkeys/security/advisories/GHSA-mr45-rx8q-wcm9

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/

reference_id

R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:50:00Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/

reference_url	https://access.redhat.com/errata/RHSA-2023:7663
reference_id	RHSA-2023:7663
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7663

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/

reference_id

ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:50:00Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/

fixed_packages

url	pkg:deb/debian/golang-github-nats-io-nkeys@0?distro=trixie
purl	pkg:deb/debian/golang-github-nats-io-nkeys@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-nats-io-nkeys@0%3Fdistro=trixie

url	pkg:deb/debian/golang-github-nats-io-nkeys@0.0~git20181103.f9a6cff-1.1?distro=trixie
purl	pkg:deb/debian/golang-github-nats-io-nkeys@0.0~git20181103.f9a6cff-1.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-nats-io-nkeys@0.0~git20181103.f9a6cff-1.1%3Fdistro=trixie

url	pkg:deb/debian/golang-github-nats-io-nkeys@0.3.0-2?distro=trixie
purl	pkg:deb/debian/golang-github-nats-io-nkeys@0.3.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-nats-io-nkeys@0.3.0-2%3Fdistro=trixie

url	pkg:deb/debian/golang-github-nats-io-nkeys@0.4.6-1?distro=trixie
purl	pkg:deb/debian/golang-github-nats-io-nkeys@0.4.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-nats-io-nkeys@0.4.6-1%3Fdistro=trixie

url	pkg:deb/debian/golang-github-nats-io-nkeys@0.4.10-1?distro=trixie
purl	pkg:deb/debian/golang-github-nats-io-nkeys@0.4.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-nats-io-nkeys@0.4.10-1%3Fdistro=trixie

url	pkg:deb/debian/golang-github-nats-io-nkeys@0.4.15-1?distro=trixie
purl	pkg:deb/debian/golang-github-nats-io-nkeys@0.4.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-nats-io-nkeys@0.4.15-1%3Fdistro=trixie

url	pkg:deb/debian/golang-github-nats-io-nkeys@0.4.16-1?distro=trixie
purl	pkg:deb/debian/golang-github-nats-io-nkeys@0.4.16-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-nats-io-nkeys@0.4.16-1%3Fdistro=trixie

aliases CVE-2023-46129, GHSA-mr45-rx8q-wcm9

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zd5j-3vyt-yqf3

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-nats-io-nkeys@0.4.10-1%3Fdistro=trixie

Package Instance