Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/asyncpg@0.20.0
Typepypi
Namespace
Nameasyncpg
Version0.20.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.21.0
Latest_non_vulnerable_version0.21.0
Affected_by_vulnerabilities
0
url VCID-g6js-msaz-7fbu
vulnerability_id VCID-g6js-msaz-7fbu
summary asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17446
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17446
1
reference_url https://github.com/advisories/GHSA-2xpj-f5g2-8p7m
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-2xpj-f5g2-8p7m
2
reference_url https://github.com/MagicStack/asyncpg/releases/tag/v0.21.0
reference_id
reference_type
scores
url https://github.com/MagicStack/asyncpg/releases/tag/v0.21.0
3
reference_url https://lists.debian.org/debian-lts-announce/2020/09/msg00002.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/09/msg00002.html
fixed_packages
0
url pkg:pypi/asyncpg@0.21.0
purl pkg:pypi/asyncpg@0.21.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/asyncpg@0.21.0
aliases CVE-2020-17446, GHSA-2xpj-f5g2-8p7m, PYSEC-2020-24
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g6js-msaz-7fbu
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/asyncpg@0.20.0