Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/git@2.39.1-r0?arch=armv7&distroversion=v3.19&reponame=main
Typeapk
Namespacealpine
Namegit
Version2.39.1-r0
Qualifiers
arch armv7
distroversion v3.19
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.39.2-r0
Latest_non_vulnerable_version2.43.7-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-e7hx-a51c-mqe7
vulnerability_id VCID-e7hx-a51c-mqe7
summary Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23521.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23521.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23521
reference_id
reference_type
scores
0
value 0.09438
scoring_system epss
scoring_elements 0.92959
published_at 2026-06-08T12:55:00Z
1
value 0.09438
scoring_system epss
scoring_elements 0.92962
published_at 2026-06-07T12:55:00Z
2
value 0.09438
scoring_system epss
scoring_elements 0.9297
published_at 2026-06-09T12:55:00Z
3
value 0.09438
scoring_system epss
scoring_elements 0.92966
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23521
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23521
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23521
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29187
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29187
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39253
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39253
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39260
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39260
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41903
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41903
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029114
reference_id 1029114
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029114
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2162055
reference_id 2162055
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2162055
11
reference_url https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76
reference_id 508386c6c5857b4faa2c3e491f422c98cc69ae76
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:25Z/
url https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76
12
reference_url https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89
reference_id GHSA-c738-c5qq-xg89
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:25Z/
url https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89
13
reference_url https://security.gentoo.org/glsa/202312-15
reference_id GLSA-202312-15
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:25Z/
url https://security.gentoo.org/glsa/202312-15
14
reference_url https://access.redhat.com/errata/RHSA-2023:0596
reference_id RHSA-2023:0596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0596
15
reference_url https://access.redhat.com/errata/RHSA-2023:0597
reference_id RHSA-2023:0597
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0597
16
reference_url https://access.redhat.com/errata/RHSA-2023:0599
reference_id RHSA-2023:0599
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0599
17
reference_url https://access.redhat.com/errata/RHSA-2023:0609
reference_id RHSA-2023:0609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0609
18
reference_url https://access.redhat.com/errata/RHSA-2023:0610
reference_id RHSA-2023:0610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0610
19
reference_url https://access.redhat.com/errata/RHSA-2023:0611
reference_id RHSA-2023:0611
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0611
20
reference_url https://access.redhat.com/errata/RHSA-2023:0627
reference_id RHSA-2023:0627
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0627
21
reference_url https://access.redhat.com/errata/RHSA-2023:0628
reference_id RHSA-2023:0628
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0628
22
reference_url https://access.redhat.com/errata/RHSA-2023:0978
reference_id RHSA-2023:0978
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0978
23
reference_url https://access.redhat.com/errata/RHSA-2023:1677
reference_id RHSA-2023:1677
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1677
24
reference_url https://usn.ubuntu.com/5810-1/
reference_id USN-5810-1
reference_type
scores
url https://usn.ubuntu.com/5810-1/
25
reference_url https://usn.ubuntu.com/5810-3/
reference_id USN-5810-3
reference_type
scores
url https://usn.ubuntu.com/5810-3/
26
reference_url https://usn.ubuntu.com/5810-4/
reference_id USN-5810-4
reference_type
scores
url https://usn.ubuntu.com/5810-4/
fixed_packages
0
url pkg:apk/alpine/git@2.39.1-r0?arch=armv7&distroversion=v3.19&reponame=main
purl pkg:apk/alpine/git@2.39.1-r0?arch=armv7&distroversion=v3.19&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/git@2.39.1-r0%3Farch=armv7&distroversion=v3.19&reponame=main
aliases CVE-2022-23521
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e7hx-a51c-mqe7
1
url VCID-mef4-vsrh-nkb9
vulnerability_id VCID-mef4-vsrh-nkb9
summary Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41903.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41903.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41903
reference_id
reference_type
scores
0
value 0.17802
scoring_system epss
scoring_elements 0.95254
published_at 2026-06-04T12:55:00Z
1
value 0.17802
scoring_system epss
scoring_elements 0.95269
published_at 2026-06-09T12:55:00Z
2
value 0.17802
scoring_system epss
scoring_elements 0.95261
published_at 2026-06-05T12:55:00Z
3
value 0.17802
scoring_system epss
scoring_elements 0.95263
published_at 2026-06-06T12:55:00Z
4
value 0.17802
scoring_system epss
scoring_elements 0.95266
published_at 2026-06-07T12:55:00Z
5
value 0.17802
scoring_system epss
scoring_elements 0.95265
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41903
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23521
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23521
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29187
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29187
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39253
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39253
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39260
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39260
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41903
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41903
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029114
reference_id 1029114
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029114
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2162056
reference_id 2162056
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2162056
11
reference_url https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76
reference_id 508386c6c5857b4faa2c3e491f422c98cc69ae76
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-10T20:59:12Z/
url https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76
12
reference_url https://git-scm.com/book/en/v2/Customizing-Git-Git-Attributes#_export_subst
reference_id Customizing-Git-Git-Attributes#_export_subst
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-10T20:59:12Z/
url https://git-scm.com/book/en/v2/Customizing-Git-Git-Attributes#_export_subst
13
reference_url https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq
reference_id GHSA-475x-2q3q-hvwq
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-10T20:59:12Z/
url https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq
14
reference_url https://security.gentoo.org/glsa/202312-15
reference_id GLSA-202312-15
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-10T20:59:12Z/
url https://security.gentoo.org/glsa/202312-15
15
reference_url https://git-scm.com/docs/pretty-formats#Documentation/pretty-formats.txt-emltltNgttruncltruncmtruncem
reference_id pretty-formats.txt-emltltNgttruncltruncmtruncem
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-10T20:59:12Z/
url https://git-scm.com/docs/pretty-formats#Documentation/pretty-formats.txt-emltltNgttruncltruncmtruncem
16
reference_url https://access.redhat.com/errata/RHSA-2023:0596
reference_id RHSA-2023:0596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0596
17
reference_url https://access.redhat.com/errata/RHSA-2023:0597
reference_id RHSA-2023:0597
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0597
18
reference_url https://access.redhat.com/errata/RHSA-2023:0599
reference_id RHSA-2023:0599
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0599
19
reference_url https://access.redhat.com/errata/RHSA-2023:0609
reference_id RHSA-2023:0609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0609
20
reference_url https://access.redhat.com/errata/RHSA-2023:0610
reference_id RHSA-2023:0610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0610
21
reference_url https://access.redhat.com/errata/RHSA-2023:0611
reference_id RHSA-2023:0611
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0611
22
reference_url https://access.redhat.com/errata/RHSA-2023:0627
reference_id RHSA-2023:0627
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0627
23
reference_url https://access.redhat.com/errata/RHSA-2023:0628
reference_id RHSA-2023:0628
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0628
24
reference_url https://access.redhat.com/errata/RHSA-2023:0978
reference_id RHSA-2023:0978
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0978
25
reference_url https://access.redhat.com/errata/RHSA-2023:1677
reference_id RHSA-2023:1677
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1677
26
reference_url https://usn.ubuntu.com/5810-1/
reference_id USN-5810-1
reference_type
scores
url https://usn.ubuntu.com/5810-1/
27
reference_url https://usn.ubuntu.com/5810-3/
reference_id USN-5810-3
reference_type
scores
url https://usn.ubuntu.com/5810-3/
28
reference_url https://usn.ubuntu.com/5810-4/
reference_id USN-5810-4
reference_type
scores
url https://usn.ubuntu.com/5810-4/
fixed_packages
0
url pkg:apk/alpine/git@2.39.1-r0?arch=armv7&distroversion=v3.19&reponame=main
purl pkg:apk/alpine/git@2.39.1-r0?arch=armv7&distroversion=v3.19&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/git@2.39.1-r0%3Farch=armv7&distroversion=v3.19&reponame=main
aliases CVE-2022-41903
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mef4-vsrh-nkb9
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/git@2.39.1-r0%3Farch=armv7&distroversion=v3.19&reponame=main