Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/asterisk@18.24.3-r0?arch=armv7&distroversion=v3.18&reponame=main
Typeapk
Namespacealpine
Nameasterisk
Version18.24.3-r0
Qualifiers
arch armv7
distroversion v3.18
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version18.24.3-r1
Latest_non_vulnerable_version18.24.3-r1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1t3u-22gq-qucr
vulnerability_id VCID-1t3u-22gq-qucr
summary Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-35190
reference_id
reference_type
scores
0
value 0.00332
scoring_system epss
scoring_elements 0.5608
published_at 2026-04-13T12:55:00Z
1
value 0.00332
scoring_system epss
scoring_elements 0.56054
published_at 2026-04-02T12:55:00Z
2
value 0.00332
scoring_system epss
scoring_elements 0.56074
published_at 2026-04-04T12:55:00Z
3
value 0.00332
scoring_system epss
scoring_elements 0.56053
published_at 2026-04-07T12:55:00Z
4
value 0.00332
scoring_system epss
scoring_elements 0.56104
published_at 2026-04-08T12:55:00Z
5
value 0.00332
scoring_system epss
scoring_elements 0.56109
published_at 2026-04-09T12:55:00Z
6
value 0.00332
scoring_system epss
scoring_elements 0.5612
published_at 2026-04-11T12:55:00Z
7
value 0.00332
scoring_system epss
scoring_elements 0.56097
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-35190
1
reference_url https://github.com/asterisk/asterisk/pull/600
reference_id 600
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-17T19:33:53Z/
url https://github.com/asterisk/asterisk/pull/600
2
reference_url https://github.com/asterisk/asterisk/pull/602
reference_id 602
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-17T19:33:53Z/
url https://github.com/asterisk/asterisk/pull/602
3
reference_url https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d
reference_id 85241bd22936cc15760fd1f65d16c98be7aeaf6d
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-17T19:33:53Z/
url https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d
4
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9
reference_id GHSA-qqxj-v78h-hrf9
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-17T19:33:53Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9
fixed_packages
0
url pkg:apk/alpine/asterisk@18.24.3-r0?arch=armv7&distroversion=v3.18&reponame=main
purl pkg:apk/alpine/asterisk@18.24.3-r0?arch=armv7&distroversion=v3.18&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/asterisk@18.24.3-r0%3Farch=armv7&distroversion=v3.18&reponame=main
aliases CVE-2024-35190
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1t3u-22gq-qucr
1
url VCID-9u4p-wdky-a3h1
vulnerability_id VCID-9u4p-wdky-a3h1
summary Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42365
reference_id
reference_type
scores
0
value 0.3195
scoring_system epss
scoring_elements 0.96809
published_at 2026-04-08T12:55:00Z
1
value 0.3195
scoring_system epss
scoring_elements 0.96812
published_at 2026-04-13T12:55:00Z
2
value 0.3195
scoring_system epss
scoring_elements 0.9681
published_at 2026-04-09T12:55:00Z
3
value 0.3195
scoring_system epss
scoring_elements 0.96795
published_at 2026-04-02T12:55:00Z
4
value 0.3195
scoring_system epss
scoring_elements 0.96796
published_at 2026-04-04T12:55:00Z
5
value 0.3195
scoring_system epss
scoring_elements 0.96801
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42365
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42365
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42365
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078574
reference_id 1078574
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078574
3
reference_url https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4
reference_id 42a2f4ccfa2c7062a15063e765916b3332e34cc4
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/
url https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4
4
reference_url https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8
reference_id 7a0090325bfa9d778a39ae5f7d0a98109e4651c8
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/
url https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8
5
reference_url https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71
reference_id b4063bf756272254b160b6d1bd6e9a3f8e16cc71
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/
url https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71
6
reference_url https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993
reference_id bbe68db10ab8a80c29db383e4dfe14f6eafaf993
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/
url https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993
7
reference_url https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2
reference_id faddd99f2b9408b524e5eb8a01589fe1fa282df2
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/
url https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2
8
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44
reference_id GHSA-c4cg-9275-6w44
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44
9
reference_url https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426
reference_id manager.c#L6426
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/
url https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426
10
reference_url https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426
reference_id manager.c#L6426
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/
url https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426
fixed_packages
0
url pkg:apk/alpine/asterisk@18.24.3-r0?arch=armv7&distroversion=v3.18&reponame=main
purl pkg:apk/alpine/asterisk@18.24.3-r0?arch=armv7&distroversion=v3.18&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/asterisk@18.24.3-r0%3Farch=armv7&distroversion=v3.18&reponame=main
aliases CVE-2024-42365
risk_score 10.0
exploitability 2.0
weighted_severity 6.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9u4p-wdky-a3h1
2
url VCID-qcqe-63ev-f7gv
vulnerability_id VCID-qcqe-63ev-f7gv
summary Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are available. Disable res_resolver_unbound by setting `noload = res_resolver_unbound.so` in modules.conf, or set `rewrite_contact = yes` on all PJSIP endpoints. NOTE: This may not be appropriate for all Asterisk configurations.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42491
reference_id
reference_type
scores
0
value 0.00963
scoring_system epss
scoring_elements 0.76496
published_at 2026-04-07T12:55:00Z
1
value 0.00963
scoring_system epss
scoring_elements 0.76545
published_at 2026-04-12T12:55:00Z
2
value 0.00963
scoring_system epss
scoring_elements 0.76565
published_at 2026-04-11T12:55:00Z
3
value 0.00963
scoring_system epss
scoring_elements 0.76539
published_at 2026-04-13T12:55:00Z
4
value 0.00963
scoring_system epss
scoring_elements 0.76528
published_at 2026-04-08T12:55:00Z
5
value 0.00963
scoring_system epss
scoring_elements 0.76484
published_at 2026-04-02T12:55:00Z
6
value 0.00963
scoring_system epss
scoring_elements 0.76513
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42491
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42491
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42491
2
reference_url https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4
reference_id 42a2f4ccfa2c7062a15063e765916b3332e34cc4
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/
url https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4
3
reference_url https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742
reference_id 4f01669c7c41c9184f3cce9a3cf1b2ebf6201742
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/
url https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742
4
reference_url https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2
reference_id 50bf8d4d3064930d28ecf1ce3397b14574d514d2
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/
url https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2
5
reference_url https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8
reference_id 7a0090325bfa9d778a39ae5f7d0a98109e4651c8
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/
url https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8
6
reference_url https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0
reference_id a15050650abf09c10a3c135fab148220cd41d3a0
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/
url https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0
7
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9
reference_id GHSA-v428-g3cw-7hv9
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9
fixed_packages
0
url pkg:apk/alpine/asterisk@18.24.3-r0?arch=armv7&distroversion=v3.18&reponame=main
purl pkg:apk/alpine/asterisk@18.24.3-r0?arch=armv7&distroversion=v3.18&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/asterisk@18.24.3-r0%3Farch=armv7&distroversion=v3.18&reponame=main
aliases CVE-2024-42491
risk_score 2.5
exploitability 0.5
weighted_severity 5.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qcqe-63ev-f7gv
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/asterisk@18.24.3-r0%3Farch=armv7&distroversion=v3.18&reponame=main