Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/redis@6.2.0-r0?arch=armhf&distroversion=v3.22&reponame=community
Typeapk
Namespacealpine
Nameredis
Version6.2.0-r0
Qualifiers
arch armhf
distroversion v3.22
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version6.2.4-r0
Latest_non_vulnerable_version8.0.4-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-brcs-e18h-73em
vulnerability_id VCID-brcs-e18h-73em
summary A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3470.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3470.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3470
reference_id
reference_type
scores
0
value 0.00423
scoring_system epss
scoring_elements 0.62445
published_at 2026-06-04T12:55:00Z
1
value 0.00423
scoring_system epss
scoring_elements 0.62491
published_at 2026-06-07T12:55:00Z
2
value 0.00423
scoring_system epss
scoring_elements 0.625
published_at 2026-06-06T12:55:00Z
3
value 0.00423
scoring_system epss
scoring_elements 0.62476
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3470
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3470
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3470
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1943623
reference_id 1943623
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1943623
fixed_packages
0
url pkg:apk/alpine/redis@6.2.0-r0?arch=armhf&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/redis@6.2.0-r0?arch=armhf&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/redis@6.2.0-r0%3Farch=armhf&distroversion=v3.22&reponame=community
aliases CVE-2021-3470
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-brcs-e18h-73em
1
url VCID-rvwe-sgcd-gydc
vulnerability_id VCID-rvwe-sgcd-gydc
summary Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. We believe this could in certain conditions be exploited for remote code execution. By default, authenticated Redis users have access to all configuration parameters and can therefore use the “CONFIG SET proto-max-bulk-len” to change the safe default, making the system vulnerable. **This problem only affects 32-bit Redis (on a 32-bit system, or as a 32-bit executable running on a 64-bit system).** The problem is fixed in version 6.2, and the fix is back ported to 6.0.11 and 5.0.11. Make sure you use one of these versions if you are running 32-bit Redis. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent clients from directly executing `CONFIG SET`: Using Redis 6.0 or newer, ACL configuration can be used to block the command. Using older versions, the `rename-command` configuration directive can be used to rename the command to a random string unknown to users, rendering it inaccessible. Please note that this workaround may have an additional impact on users or operational systems that expect `CONFIG SET` to behave in certain ways.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21309.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21309.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21309
reference_id
reference_type
scores
0
value 0.01501
scoring_system epss
scoring_elements 0.8147
published_at 2026-06-04T12:55:00Z
1
value 0.01501
scoring_system epss
scoring_elements 0.81498
published_at 2026-06-07T12:55:00Z
2
value 0.01501
scoring_system epss
scoring_elements 0.815
published_at 2026-06-06T12:55:00Z
3
value 0.01501
scoring_system epss
scoring_elements 0.81493
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21309
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21309
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21309
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1932634
reference_id 1932634
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1932634
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983446
reference_id 983446
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983446
6
reference_url https://security.gentoo.org/glsa/202103-02
reference_id GLSA-202103-02
reference_type
scores
url https://security.gentoo.org/glsa/202103-02
7
reference_url https://usn.ubuntu.com/USN-5221-1/
reference_id USN-USN-5221-1
reference_type
scores
url https://usn.ubuntu.com/USN-5221-1/
fixed_packages
0
url pkg:apk/alpine/redis@6.2.0-r0?arch=armhf&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/redis@6.2.0-r0?arch=armhf&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/redis@6.2.0-r0%3Farch=armhf&distroversion=v3.22&reponame=community
aliases CVE-2021-21309
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rvwe-sgcd-gydc
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/redis@6.2.0-r0%3Farch=armhf&distroversion=v3.22&reponame=community