Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/redis@6.0.13-r0?arch=armv7&distroversion=v3.13&reponame=main
Typeapk
Namespacealpine
Nameredis
Version6.0.13-r0
Qualifiers
arch armv7
distroversion v3.13
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version6.0.14-r0
Latest_non_vulnerable_version6.0.16-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1a4j-pumf-g7hm
vulnerability_id VCID-1a4j-pumf-g7hm
summary Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32761.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32761.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32761
reference_id
reference_type
scores
0
value 0.00172
scoring_system epss
scoring_elements 0.38187
published_at 2026-06-04T12:55:00Z
1
value 0.00172
scoring_system epss
scoring_elements 0.38275
published_at 2026-06-05T12:55:00Z
2
value 0.00172
scoring_system epss
scoring_elements 0.38278
published_at 2026-06-06T12:55:00Z
3
value 0.00172
scoring_system epss
scoring_elements 0.3825
published_at 2026-06-07T12:55:00Z
4
value 0.00172
scoring_system epss
scoring_elements 0.38221
published_at 2026-06-08T12:55:00Z
5
value 0.00172
scoring_system epss
scoring_elements 0.38231
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32761
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32761
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32761
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1985476
reference_id 1985476
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1985476
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991375
reference_id 991375
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991375
6
reference_url https://usn.ubuntu.com/USN-5221-1/
reference_id USN-USN-5221-1
reference_type
scores
url https://usn.ubuntu.com/USN-5221-1/
fixed_packages
0
url pkg:apk/alpine/redis@6.0.13-r0?arch=armv7&distroversion=v3.13&reponame=main
purl pkg:apk/alpine/redis@6.0.13-r0?arch=armv7&distroversion=v3.13&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/redis@6.0.13-r0%3Farch=armv7&distroversion=v3.13&reponame=main
aliases CVE-2021-32761
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1a4j-pumf-g7hm
1
url VCID-rxqr-svws-8qhq
vulnerability_id VCID-rxqr-svws-8qhq
summary Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29477.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29477.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29477
reference_id
reference_type
scores
0
value 0.03301
scoring_system epss
scoring_elements 0.87487
published_at 2026-06-09T12:55:00Z
1
value 0.03301
scoring_system epss
scoring_elements 0.87477
published_at 2026-06-06T12:55:00Z
2
value 0.03301
scoring_system epss
scoring_elements 0.87476
published_at 2026-06-07T12:55:00Z
3
value 0.03301
scoring_system epss
scoring_elements 0.87475
published_at 2026-06-08T12:55:00Z
4
value 0.04319
scoring_system epss
scoring_elements 0.89102
published_at 2026-06-05T12:55:00Z
5
value 0.04319
scoring_system epss
scoring_elements 0.89085
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29477
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29477
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29477
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1957410
reference_id 1957410
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1957410
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988045
reference_id 988045
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988045
6
reference_url https://security.gentoo.org/glsa/202107-20
reference_id GLSA-202107-20
reference_type
scores
url https://security.gentoo.org/glsa/202107-20
7
reference_url https://access.redhat.com/errata/RHSA-2021:2034
reference_id RHSA-2021:2034
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2034
fixed_packages
0
url pkg:apk/alpine/redis@6.0.13-r0?arch=armv7&distroversion=v3.13&reponame=main
purl pkg:apk/alpine/redis@6.0.13-r0?arch=armv7&distroversion=v3.13&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/redis@6.0.13-r0%3Farch=armv7&distroversion=v3.13&reponame=main
aliases CVE-2021-29477
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rxqr-svws-8qhq
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/redis@6.0.13-r0%3Farch=armv7&distroversion=v3.13&reponame=main