Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/py3-jinja2@1.11.3-r0?arch=riscv64&distroversion=v3.21&reponame=main
Typeapk
Namespacealpine
Namepy3-jinja2
Version1.11.3-r0
Qualifiers
arch riscv64
distroversion v3.21
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.1.3-r0
Latest_non_vulnerable_version3.1.6-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-jpa1-g154-1ye8
vulnerability_id VCID-jpa1-g154-1ye8
summary This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28493.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28493.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28493
reference_id
reference_type
scores
0
value 0.00207
scoring_system epss
scoring_elements 0.4286
published_at 2026-04-29T12:55:00Z
1
value 0.00207
scoring_system epss
scoring_elements 0.42941
published_at 2026-04-26T12:55:00Z
2
value 0.00207
scoring_system epss
scoring_elements 0.4294
published_at 2026-04-24T12:55:00Z
3
value 0.00207
scoring_system epss
scoring_elements 0.43005
published_at 2026-04-21T12:55:00Z
4
value 0.00207
scoring_system epss
scoring_elements 0.4307
published_at 2026-04-18T12:55:00Z
5
value 0.00207
scoring_system epss
scoring_elements 0.43081
published_at 2026-04-16T12:55:00Z
6
value 0.00207
scoring_system epss
scoring_elements 0.43038
published_at 2026-04-12T12:55:00Z
7
value 0.00207
scoring_system epss
scoring_elements 0.43073
published_at 2026-04-11T12:55:00Z
8
value 0.00207
scoring_system epss
scoring_elements 0.43037
published_at 2026-04-08T12:55:00Z
9
value 0.00207
scoring_system epss
scoring_elements 0.42963
published_at 2026-04-01T12:55:00Z
10
value 0.00207
scoring_system epss
scoring_elements 0.42987
published_at 2026-04-07T12:55:00Z
11
value 0.00207
scoring_system epss
scoring_elements 0.4305
published_at 2026-04-09T12:55:00Z
12
value 0.00207
scoring_system epss
scoring_elements 0.43023
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28493
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28493
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28493
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-g3rq-g295-4j3m
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-g3rq-g295-4j3m
5
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
6
reference_url https://github.com/pallets/jinja/blob/ab81fd9c277900c85da0c322a2ff9d68a235b2e6/src/jinja2/utils.py%23L20
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja/blob/ab81fd9c277900c85da0c322a2ff9d68a235b2e6/src/jinja2/utils.py%23L20
7
reference_url https://github.com/pallets/jinja/commit/15ef8f09b659f9100610583938005a7a10472d4d
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja/commit/15ef8f09b659f9100610583938005a7a10472d4d
8
reference_url https://github.com/pallets/jinja/pull/1343
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja/pull/1343
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2021-66.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2021-66.yaml
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVAKCOO7VBVUBM3Q6CBBTPBFNP5NDXF4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVAKCOO7VBVUBM3Q6CBBTPBFNP5NDXF4
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVAKCOO7VBVUBM3Q6CBBTPBFNP5NDXF4/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVAKCOO7VBVUBM3Q6CBBTPBFNP5NDXF4/
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28493
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28493
13
reference_url https://security.gentoo.org/glsa/202107-19
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-19
14
reference_url https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1928707
reference_id 1928707
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1928707
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982736
reference_id 982736
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982736
17
reference_url https://security.archlinux.org/ASA-202102-19
reference_id ASA-202102-19
reference_type
scores
url https://security.archlinux.org/ASA-202102-19
18
reference_url https://security.archlinux.org/AVG-1523
reference_id AVG-1523
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1523
19
reference_url https://access.redhat.com/errata/RHSA-2021:3252
reference_id RHSA-2021:3252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3252
20
reference_url https://access.redhat.com/errata/RHSA-2021:4151
reference_id RHSA-2021:4151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4151
21
reference_url https://access.redhat.com/errata/RHSA-2021:4161
reference_id RHSA-2021:4161
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4161
22
reference_url https://access.redhat.com/errata/RHSA-2021:4162
reference_id RHSA-2021:4162
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4162
23
reference_url https://usn.ubuntu.com/5701-1/
reference_id USN-5701-1
reference_type
scores
url https://usn.ubuntu.com/5701-1/
24
reference_url https://usn.ubuntu.com/6599-1/
reference_id USN-6599-1
reference_type
scores
url https://usn.ubuntu.com/6599-1/
fixed_packages
0
url pkg:apk/alpine/py3-jinja2@1.11.3-r0?arch=riscv64&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/py3-jinja2@1.11.3-r0?arch=riscv64&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/py3-jinja2@1.11.3-r0%3Farch=riscv64&distroversion=v3.21&reponame=main
aliases CVE-2020-28493, GHSA-g3rq-g295-4j3m, PYSEC-2021-66, SNYK-PYTHON-JINJA2-1012994
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jpa1-g154-1ye8
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/py3-jinja2@1.11.3-r0%3Farch=riscv64&distroversion=v3.21&reponame=main