Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/nodejs@12.18.4-r0?arch=x86&distroversion=edge&reponame=main
Typeapk
Namespacealpine
Namenodejs
Version12.18.4-r0
Qualifiers
arch x86
distroversion edge
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version14.15.1-r0
Latest_non_vulnerable_version24.14.1-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-7f2s-gt2y-uqfh
vulnerability_id VCID-7f2s-gt2y-uqfh
summary Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8201.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8201.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8201
reference_id
reference_type
scores
0
value 0.00632
scoring_system epss
scoring_elements 0.70722
published_at 2026-06-04T12:55:00Z
1
value 0.00632
scoring_system epss
scoring_elements 0.70765
published_at 2026-06-05T12:55:00Z
2
value 0.00632
scoring_system epss
scoring_elements 0.70742
published_at 2026-06-08T12:55:00Z
3
value 0.00632
scoring_system epss
scoring_elements 0.70772
published_at 2026-06-06T12:55:00Z
4
value 0.00632
scoring_system epss
scoring_elements 0.70755
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8201
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8201
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8201
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1879311
reference_id 1879311
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1879311
5
reference_url https://access.redhat.com/errata/RHSA-2020:4272
reference_id RHSA-2020:4272
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4272
6
reference_url https://access.redhat.com/errata/RHSA-2020:4903
reference_id RHSA-2020:4903
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4903
7
reference_url https://access.redhat.com/errata/RHSA-2020:5086
reference_id RHSA-2020:5086
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5086
fixed_packages
0
url pkg:apk/alpine/nodejs@12.18.4-r0?arch=x86&distroversion=edge&reponame=main
purl pkg:apk/alpine/nodejs@12.18.4-r0?arch=x86&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@12.18.4-r0%3Farch=x86&distroversion=edge&reponame=main
aliases CVE-2020-8201
risk_score 3.4
exploitability 0.5
weighted_severity 6.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7f2s-gt2y-uqfh
1
url VCID-dvgd-qdhh-wffm
vulnerability_id VCID-dvgd-qdhh-wffm
summary The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8252.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8252.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8252
reference_id
reference_type
scores
0
value 0.00181
scoring_system epss
scoring_elements 0.39444
published_at 2026-06-04T12:55:00Z
1
value 0.00181
scoring_system epss
scoring_elements 0.39531
published_at 2026-06-05T12:55:00Z
2
value 0.00181
scoring_system epss
scoring_elements 0.39477
published_at 2026-06-08T12:55:00Z
3
value 0.00181
scoring_system epss
scoring_elements 0.39535
published_at 2026-06-06T12:55:00Z
4
value 0.00181
scoring_system epss
scoring_elements 0.39507
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8252
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8252
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8252
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1879315
reference_id 1879315
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1879315
5
reference_url https://security.gentoo.org/glsa/202009-15
reference_id GLSA-202009-15
reference_type
scores
url https://security.gentoo.org/glsa/202009-15
6
reference_url https://access.redhat.com/errata/RHSA-2020:4272
reference_id RHSA-2020:4272
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4272
7
reference_url https://access.redhat.com/errata/RHSA-2020:4903
reference_id RHSA-2020:4903
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4903
8
reference_url https://access.redhat.com/errata/RHSA-2020:5086
reference_id RHSA-2020:5086
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5086
9
reference_url https://access.redhat.com/errata/RHSA-2021:0521
reference_id RHSA-2021:0521
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0521
10
reference_url https://access.redhat.com/errata/RHSA-2021:0548
reference_id RHSA-2021:0548
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0548
11
reference_url https://usn.ubuntu.com/4548-1/
reference_id USN-4548-1
reference_type
scores
url https://usn.ubuntu.com/4548-1/
fixed_packages
0
url pkg:apk/alpine/nodejs@12.18.4-r0?arch=x86&distroversion=edge&reponame=main
purl pkg:apk/alpine/nodejs@12.18.4-r0?arch=x86&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@12.18.4-r0%3Farch=x86&distroversion=edge&reponame=main
aliases CVE-2020-8252
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dvgd-qdhh-wffm
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@12.18.4-r0%3Farch=x86&distroversion=edge&reponame=main