Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/nats-server@2.10.4-r0?arch=armhf&distroversion=edge&reponame=community
Typeapk
Namespacealpine
Namenats-server
Version2.10.4-r0
Qualifiers
arch armhf
distroversion edge
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.10.27-r0
Latest_non_vulnerable_version2.12.6-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-xcae-jpg4-ruff
vulnerability_id VCID-xcae-jpg4-ruff
summary NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server 2.10 (Sep 2023) and newer for authentication callouts. In nkeys versions 0.4.0 through 0.4.5, corresponding with NATS server versions 2.10.0 through 2.10.3, the nkeys library's `xkeys` encryption handling logic mistakenly passed an array by value into an internal function, where the function mutated that buffer to populate the encryption key to use. As a result, all encryption was actually to an all-zeros key. This affects encryption only, not signing. FIXME: FILL IN IMPACT ON NATS-SERVER AUTH CALLOUT SECURITY. nkeys Go library 0.4.6, corresponding with NATS Server 2.10.4, has a patch for this issue. No known workarounds are available. For any application handling auth callouts in Go, if using the nkeys library, update the dependency, recompile and deploy that in lockstep.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46129.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46129.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46129
reference_id
reference_type
scores
0
value 0.00149
scoring_system epss
scoring_elements 0.35158
published_at 2026-06-08T12:55:00Z
1
value 0.00149
scoring_system epss
scoring_elements 0.35215
published_at 2026-06-05T12:55:00Z
2
value 0.00149
scoring_system epss
scoring_elements 0.35231
published_at 2026-06-06T12:55:00Z
3
value 0.00149
scoring_system epss
scoring_elements 0.35193
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46129
2
reference_url https://github.com/nats-io/nkeys
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nats-io/nkeys
3
reference_url https://github.com/nats-io/nkeys/commit/58fb9d69f42ea73fffad1d14e5914dc666f3daa1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nats-io/nkeys/commit/58fb9d69f42ea73fffad1d14e5914dc666f3daa1
4
reference_url https://github.com/nats-io/nkeys/security/advisories/GHSA-mr45-rx8q-wcm9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:50:00Z/
url https://github.com/nats-io/nkeys/security/advisories/GHSA-mr45-rx8q-wcm9
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46129
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46129
8
reference_url http://www.openwall.com/lists/oss-security/2023/10/31/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:50:00Z/
url http://www.openwall.com/lists/oss-security/2023/10/31/1
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055010
reference_id 1055010
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055010
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055011
reference_id 1055011
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055011
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2246986
reference_id 2246986
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2246986
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/
reference_id R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:50:00Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/
13
reference_url https://access.redhat.com/errata/RHSA-2023:7663
reference_id RHSA-2023:7663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7663
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/
reference_id ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:50:00Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/
fixed_packages
0
url pkg:apk/alpine/nats-server@2.10.4-r0?arch=armhf&distroversion=edge&reponame=community
purl pkg:apk/alpine/nats-server@2.10.4-r0?arch=armhf&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nats-server@2.10.4-r0%3Farch=armhf&distroversion=edge&reponame=community
aliases CVE-2023-46129, GHSA-mr45-rx8q-wcm9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xcae-jpg4-ruff
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/nats-server@2.10.4-r0%3Farch=armhf&distroversion=edge&reponame=community