Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/curl@7.80.0-r6?arch=armv7&distroversion=v3.15&reponame=main
Typeapk
Namespacealpine
Namecurl
Version7.80.0-r6
Qualifiers
arch armv7
distroversion v3.15
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version8.0.1-r0
Latest_non_vulnerable_version8.5.0-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-287k-bzqy-n7ag
vulnerability_id VCID-287k-bzqy-n7ag
summary A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23914.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23914.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23914
reference_id
reference_type
scores
0
value 0.00111
scoring_system epss
scoring_elements 0.29098
published_at 2026-06-04T12:55:00Z
1
value 0.00111
scoring_system epss
scoring_elements 0.29101
published_at 2026-06-07T12:55:00Z
2
value 0.00111
scoring_system epss
scoring_elements 0.29168
published_at 2026-06-05T12:55:00Z
3
value 0.00111
scoring_system epss
scoring_elements 0.29135
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23914
2
reference_url https://curl.se/docs/CVE-2023-23914.html
reference_id
reference_type
scores
0
value Low
scoring_system cvssv3.1
scoring_elements
url https://curl.se/docs/CVE-2023-23914.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23914
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23914
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/1813864
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-12T18:51:37Z/
url https://hackerone.com/reports/1813864
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371
reference_id 1031371
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2167797
reference_id 2167797
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2167797
8
reference_url https://security.gentoo.org/glsa/202310-12
reference_id GLSA-202310-12
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-12T18:51:37Z/
url https://security.gentoo.org/glsa/202310-12
9
reference_url https://security.netapp.com/advisory/ntap-20230309-0006/
reference_id ntap-20230309-0006
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-12T18:51:37Z/
url https://security.netapp.com/advisory/ntap-20230309-0006/
10
reference_url https://access.redhat.com/errata/RHSA-2023:3354
reference_id RHSA-2023:3354
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3354
11
reference_url https://access.redhat.com/errata/RHSA-2023:3355
reference_id RHSA-2023:3355
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3355
12
reference_url https://usn.ubuntu.com/5891-1/
reference_id USN-5891-1
reference_type
scores
url https://usn.ubuntu.com/5891-1/
fixed_packages
0
url pkg:apk/alpine/curl@7.80.0-r6?arch=armv7&distroversion=v3.15&reponame=main
purl pkg:apk/alpine/curl@7.80.0-r6?arch=armv7&distroversion=v3.15&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@7.80.0-r6%3Farch=armv7&distroversion=v3.15&reponame=main
aliases CVE-2023-23914
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-287k-bzqy-n7ag
1
url VCID-nwvb-d466-4uaa
vulnerability_id VCID-nwvb-d466-4uaa
summary A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then *not* get upgraded properly to HSTS.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23915.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23915.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23915
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.11875
published_at 2026-06-04T12:55:00Z
1
value 0.00039
scoring_system epss
scoring_elements 0.11918
published_at 2026-06-07T12:55:00Z
2
value 0.00039
scoring_system epss
scoring_elements 0.11961
published_at 2026-06-05T12:55:00Z
3
value 0.00039
scoring_system epss
scoring_elements 0.11956
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23915
2
reference_url https://curl.se/docs/CVE-2023-23915.html
reference_id
reference_type
scores
0
value Low
scoring_system cvssv3.1
scoring_elements
url https://curl.se/docs/CVE-2023-23915.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23915
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23915
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/1814333
reference_id
reference_type
scores
url https://hackerone.com/reports/1814333
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371
reference_id 1031371
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2167813
reference_id 2167813
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2167813
8
reference_url https://security.gentoo.org/glsa/202310-12
reference_id GLSA-202310-12
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:46:29Z/
url https://security.gentoo.org/glsa/202310-12
9
reference_url https://security.netapp.com/advisory/ntap-20230309-0006/
reference_id ntap-20230309-0006
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:46:29Z/
url https://security.netapp.com/advisory/ntap-20230309-0006/
10
reference_url https://access.redhat.com/errata/RHSA-2023:3354
reference_id RHSA-2023:3354
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3354
11
reference_url https://access.redhat.com/errata/RHSA-2023:3355
reference_id RHSA-2023:3355
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3355
12
reference_url https://usn.ubuntu.com/5891-1/
reference_id USN-5891-1
reference_type
scores
url https://usn.ubuntu.com/5891-1/
fixed_packages
0
url pkg:apk/alpine/curl@7.80.0-r6?arch=armv7&distroversion=v3.15&reponame=main
purl pkg:apk/alpine/curl@7.80.0-r6?arch=armv7&distroversion=v3.15&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@7.80.0-r6%3Farch=armv7&distroversion=v3.15&reponame=main
aliases CVE-2023-23915
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nwvb-d466-4uaa
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@7.80.0-r6%3Farch=armv7&distroversion=v3.15&reponame=main