Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/nodejs@8.11.3-r0?arch=armv7&distroversion=v3.18&reponame=main
Typeapk
Namespacealpine
Namenodejs
Version8.11.3-r0
Qualifiers
arch armv7
distroversion v3.18
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version8.11.4-r0
Latest_non_vulnerable_version18.20.1-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-2aeu-y8yu-ukfu
vulnerability_id VCID-2aeu-y8yu-ukfu
summary Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS "Boron"), 8.x (LTS "Carbon"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7167.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7167.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7167
reference_id
reference_type
scores
0
value 0.00756
scoring_system epss
scoring_elements 0.73623
published_at 2026-06-04T12:55:00Z
1
value 0.00756
scoring_system epss
scoring_elements 0.73659
published_at 2026-06-05T12:55:00Z
2
value 0.00756
scoring_system epss
scoring_elements 0.73664
published_at 2026-06-06T12:55:00Z
3
value 0.00756
scoring_system epss
scoring_elements 0.7365
published_at 2026-06-07T12:55:00Z
4
value 0.00756
scoring_system epss
scoring_elements 0.73636
published_at 2026-06-08T12:55:00Z
5
value 0.00756
scoring_system epss
scoring_elements 0.73662
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7167
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7167
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1591006
reference_id 1591006
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1591006
5
reference_url https://access.redhat.com/errata/RHSA-2018:2949
reference_id RHSA-2018:2949
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2949
6
reference_url https://usn.ubuntu.com/USN-4796-1/
reference_id USN-USN-4796-1
reference_type
scores
url https://usn.ubuntu.com/USN-4796-1/
fixed_packages
0
url pkg:apk/alpine/nodejs@8.11.3-r0?arch=armv7&distroversion=v3.18&reponame=main
purl pkg:apk/alpine/nodejs@8.11.3-r0?arch=armv7&distroversion=v3.18&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@8.11.3-r0%3Farch=armv7&distroversion=v3.18&reponame=main
aliases CVE-2018-7167
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2aeu-y8yu-ukfu
1
url VCID-9nbn-wceh-rfd9
vulnerability_id VCID-9nbn-wceh-rfd9
summary nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000168.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000168.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000168
reference_id
reference_type
scores
0
value 0.03388
scoring_system epss
scoring_elements 0.87647
published_at 2026-06-09T12:55:00Z
1
value 0.03388
scoring_system epss
scoring_elements 0.87614
published_at 2026-06-04T12:55:00Z
2
value 0.03388
scoring_system epss
scoring_elements 0.87635
published_at 2026-06-07T12:55:00Z
3
value 0.03388
scoring_system epss
scoring_elements 0.87636
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000168
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000168
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000168
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url http://www.securityfocus.com/bid/103952
reference_id 103952
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:47:48Z/
url http://www.securityfocus.com/bid/103952
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1565035
reference_id 1565035
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1565035
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895566
reference_id 895566
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895566
7
reference_url https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/
reference_id june-2018-security-releases
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:47:48Z/
url https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/
8
reference_url https://lists.debian.org/debian-lts-announce/2021/10/msg00011.html
reference_id msg00011.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:47:48Z/
url https://lists.debian.org/debian-lts-announce/2021/10/msg00011.html
9
reference_url https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/
reference_id nghttp2-v1-31-1
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:47:48Z/
url https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/
10
reference_url https://access.redhat.com/errata/RHSA-2019:0366
reference_id RHSA-2019:0366
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:47:48Z/
url https://access.redhat.com/errata/RHSA-2019:0366
11
reference_url https://access.redhat.com/errata/RHSA-2019:0367
reference_id RHSA-2019:0367
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:47:48Z/
url https://access.redhat.com/errata/RHSA-2019:0367
fixed_packages
0
url pkg:apk/alpine/nodejs@8.11.3-r0?arch=armv7&distroversion=v3.18&reponame=main
purl pkg:apk/alpine/nodejs@8.11.3-r0?arch=armv7&distroversion=v3.18&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@8.11.3-r0%3Farch=armv7&distroversion=v3.18&reponame=main
aliases CVE-2018-1000168
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9nbn-wceh-rfd9
2
url VCID-e7ed-fwvb-p7fe
vulnerability_id VCID-e7ed-fwvb-p7fe
summary All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7161.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7161.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7161
reference_id
reference_type
scores
0
value 0.01023
scoring_system epss
scoring_elements 0.77597
published_at 2026-06-04T12:55:00Z
1
value 0.01023
scoring_system epss
scoring_elements 0.77625
published_at 2026-06-05T12:55:00Z
2
value 0.01023
scoring_system epss
scoring_elements 0.77633
published_at 2026-06-06T12:55:00Z
3
value 0.01023
scoring_system epss
scoring_elements 0.77623
published_at 2026-06-07T12:55:00Z
4
value 0.01023
scoring_system epss
scoring_elements 0.77612
published_at 2026-06-08T12:55:00Z
5
value 0.01023
scoring_system epss
scoring_elements 0.77631
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7161
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7161
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7161
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1591013
reference_id 1591013
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1591013
5
reference_url https://access.redhat.com/errata/RHSA-2018:2949
reference_id RHSA-2018:2949
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2949
fixed_packages
0
url pkg:apk/alpine/nodejs@8.11.3-r0?arch=armv7&distroversion=v3.18&reponame=main
purl pkg:apk/alpine/nodejs@8.11.3-r0?arch=armv7&distroversion=v3.18&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@8.11.3-r0%3Farch=armv7&distroversion=v3.18&reponame=main
aliases CVE-2018-7161
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e7ed-fwvb-p7fe
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@8.11.3-r0%3Farch=armv7&distroversion=v3.18&reponame=main