Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/phpseclib/phpseclib@3.0.16
Typecomposer
Namespacephpseclib
Namephpseclib
Version3.0.16
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.0.52
Latest_non_vulnerable_version3.0.52
Affected_by_vulnerabilities
0
url VCID-1qj3-a1sx-kubr
vulnerability_id VCID-1qj3-a1sx-kubr
summary In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-52892
reference_id
reference_type
scores
0
value 0.00182
scoring_system epss
scoring_elements 0.3978
published_at 2026-06-11T12:55:00Z
1
value 0.00182
scoring_system epss
scoring_elements 0.39963
published_at 2026-06-14T12:55:00Z
2
value 0.00182
scoring_system epss
scoring_elements 0.39974
published_at 2026-06-13T12:55:00Z
3
value 0.00182
scoring_system epss
scoring_elements 0.39951
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-52892
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52892
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52892
2
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
3
reference_url https://github.com/phpseclib/phpseclib/issues/1943
reference_id 1943
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-21T19:54:11Z/
url https://github.com/phpseclib/phpseclib/issues/1943
4
reference_url https://github.com/phpseclib/phpseclib/releases/tag/3.0.33
reference_id 3.0.33
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-21T19:54:11Z/
url https://github.com/phpseclib/phpseclib/releases/tag/3.0.33
5
reference_url https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627
reference_id 6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-21T19:54:11Z/
url https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-52892
reference_id CVE-2023-52892
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-52892
7
reference_url https://github.com/advisories/GHSA-ff7q-6vwh-v9m4
reference_id GHSA-ff7q-6vwh-v9m4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ff7q-6vwh-v9m4
8
reference_url https://github.com/x509-name-testing/name_testing_artifacts
reference_id name_testing_artifacts
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-21T19:54:11Z/
url https://github.com/x509-name-testing/name_testing_artifacts
9
reference_url https://usn.ubuntu.com/7404-1/
reference_id USN-7404-1
reference_type
scores
url https://usn.ubuntu.com/7404-1/
fixed_packages
0
url pkg:composer/phpseclib/phpseclib@3.0.33
purl pkg:composer/phpseclib/phpseclib@3.0.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4x2v-6awj-t7ae
1
vulnerability VCID-96xr-m836-f7cq
2
vulnerability VCID-a1e2-pwtb-zqd1
3
vulnerability VCID-ejz5-zmbt-afbg
4
vulnerability VCID-hyua-p4yb-byh1
5
vulnerability VCID-j96y-epag-6kbd
6
vulnerability VCID-mc2v-gtgm-d3g5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@3.0.33
aliases CVE-2023-52892, GHSA-ff7q-6vwh-v9m4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1qj3-a1sx-kubr
1
url VCID-4x2v-6awj-t7ae
vulnerability_id VCID-4x2v-6awj-t7ae
summary In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49316
reference_id
reference_type
scores
0
value 0.00149
scoring_system epss
scoring_elements 0.35219
published_at 2026-06-11T12:55:00Z
1
value 0.00149
scoring_system epss
scoring_elements 0.35396
published_at 2026-06-12T12:55:00Z
2
value 0.00149
scoring_system epss
scoring_elements 0.3542
published_at 2026-06-13T12:55:00Z
3
value 0.00149
scoring_system epss
scoring_elements 0.35399
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49316
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2023-49316.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2023-49316.yaml
2
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
3
reference_url https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f
4
reference_url https://github.com/phpseclib/phpseclib/releases/tag/3.0.34
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/releases/tag/3.0.34
5
reference_url https://github.com/phpseclib/phpseclib/security/advisories/GHSA-2f25-pfq3-c7h8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/security/advisories/GHSA-2f25-pfq3-c7h8
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49316
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49316
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057008
reference_id 1057008
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057008
8
reference_url https://github.com/advisories/GHSA-2f25-pfq3-c7h8
reference_id GHSA-2f25-pfq3-c7h8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2f25-pfq3-c7h8
fixed_packages
0
url pkg:composer/phpseclib/phpseclib@3.0.34
purl pkg:composer/phpseclib/phpseclib@3.0.34
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-96xr-m836-f7cq
1
vulnerability VCID-a1e2-pwtb-zqd1
2
vulnerability VCID-ejz5-zmbt-afbg
3
vulnerability VCID-hyua-p4yb-byh1
4
vulnerability VCID-mc2v-gtgm-d3g5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@3.0.34
aliases CVE-2023-49316, GHSA-2f25-pfq3-c7h8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4x2v-6awj-t7ae
2
url VCID-96xr-m836-f7cq
vulnerability_id VCID-96xr-m836-f7cq
summary phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44167
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09177
published_at 2026-06-12T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.09121
published_at 2026-06-11T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.10052
published_at 2026-06-13T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.10037
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44167
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44167
2
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44167
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44167
4
reference_url https://github.com/phpseclib/phpseclib/commit/d53d2021bcb9f6a04d5d44ec99e6bbef219a71bc
reference_id d53d2021bcb9f6a04d5d44ec99e6bbef219a71bc
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-14T19:23:26Z/
url https://github.com/phpseclib/phpseclib/commit/d53d2021bcb9f6a04d5d44ec99e6bbef219a71bc
5
reference_url https://github.com/advisories/GHSA-3qpq-r242-jqj7
reference_id GHSA-3qpq-r242-jqj7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3qpq-r242-jqj7
6
reference_url https://github.com/phpseclib/phpseclib/security/advisories/GHSA-3qpq-r242-jqj7
reference_id GHSA-3qpq-r242-jqj7
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-14T19:23:26Z/
url https://github.com/phpseclib/phpseclib/security/advisories/GHSA-3qpq-r242-jqj7
fixed_packages
0
url pkg:composer/phpseclib/phpseclib@3.0.52
purl pkg:composer/phpseclib/phpseclib@3.0.52
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@3.0.52
aliases CVE-2026-44167, GHSA-3qpq-r242-jqj7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-96xr-m836-f7cq
3
url VCID-a1e2-pwtb-zqd1
vulnerability_id VCID-a1e2-pwtb-zqd1
summary An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27355
reference_id
reference_type
scores
0
value 0.00443
scoring_system epss
scoring_elements 0.63777
published_at 2026-06-11T12:55:00Z
1
value 0.00443
scoring_system epss
scoring_elements 0.63891
published_at 2026-06-14T12:55:00Z
2
value 0.00443
scoring_system epss
scoring_elements 0.63892
published_at 2026-06-13T12:55:00Z
3
value 0.00443
scoring_system epss
scoring_elements 0.63879
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27355
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27355
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27355
2
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
3
reference_url https://github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59
4
reference_url https://github.com/phpseclib/phpseclib/security/advisories/GHSA-f2qx-66wf-wvvx
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/security/advisories/GHSA-f2qx-66wf-wvvx
5
reference_url https://github.com/phpseclib/phpseclib/blob/978d081fe50ff92879c50ff143c62a143edb0117/phpseclib/File/ASN1.php#L1129
reference_id ASN1.php#L1129
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:10:07Z/
url https://github.com/phpseclib/phpseclib/blob/978d081fe50ff92879c50ff143c62a143edb0117/phpseclib/File/ASN1.php#L1129
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27355
reference_id CVE-2024-27355
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27355
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2024-27355.yaml
reference_id CVE-2024-27355.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2024-27355.yaml
8
reference_url https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b
reference_id ee72f3c2a00590812b2ea3c0c8890e0b
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:10:07Z/
url https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b
9
reference_url https://github.com/advisories/GHSA-f2qx-66wf-wvvx
reference_id GHSA-f2qx-66wf-wvvx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f2qx-66wf-wvvx
10
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html
reference_id msg00002.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:10:07Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html
11
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html
reference_id msg00003.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:10:07Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html
12
reference_url https://usn.ubuntu.com/7404-1/
reference_id USN-7404-1
reference_type
scores
url https://usn.ubuntu.com/7404-1/
fixed_packages
0
url pkg:composer/phpseclib/phpseclib@3.0.36
purl pkg:composer/phpseclib/phpseclib@3.0.36
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-96xr-m836-f7cq
1
vulnerability VCID-ejz5-zmbt-afbg
2
vulnerability VCID-hyua-p4yb-byh1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@3.0.36
aliases CVE-2024-27355, GHSA-f2qx-66wf-wvvx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a1e2-pwtb-zqd1
4
url VCID-ejz5-zmbt-afbg
vulnerability_id VCID-ejz5-zmbt-afbg
summary phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32935
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04409
published_at 2026-06-13T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.04407
published_at 2026-06-14T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.04423
published_at 2026-06-11T12:55:00Z
3
value 0.00017
scoring_system epss
scoring_elements 0.04424
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32935
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32935
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32935
2
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-32935
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-32935
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131482
reference_id 1131482
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131482
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131483
reference_id 1131483
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131483
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131484
reference_id 1131484
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131484
7
reference_url https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788
reference_id ccc21aef71eb170e9bf819b167e67d1fd9e6e788
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T16:31:59Z/
url https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788
8
reference_url https://github.com/advisories/GHSA-94g3-g5v7-q4jg
reference_id GHSA-94g3-g5v7-q4jg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-94g3-g5v7-q4jg
9
reference_url https://github.com/phpseclib/phpseclib/security/advisories/GHSA-94g3-g5v7-q4jg
reference_id GHSA-94g3-g5v7-q4jg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T16:31:59Z/
url https://github.com/phpseclib/phpseclib/security/advisories/GHSA-94g3-g5v7-q4jg
fixed_packages
0
url pkg:composer/phpseclib/phpseclib@3.0.50
purl pkg:composer/phpseclib/phpseclib@3.0.50
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-96xr-m836-f7cq
1
vulnerability VCID-hyua-p4yb-byh1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@3.0.50
aliases CVE-2026-32935, GHSA-94g3-g5v7-q4jg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ejz5-zmbt-afbg
5
url VCID-hyua-p4yb-byh1
vulnerability_id VCID-hyua-p4yb-byh1
summary phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp(), which short-circuits on the first differing byte. This is a real variable-time comparison (CWE-208), proven by scaling benchmarks. This vulnerability is fixed in 3.0.51, 2.0.53, and 1.0.28.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40194
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02882
published_at 2026-06-13T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02893
published_at 2026-06-14T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02897
published_at 2026-06-12T12:55:00Z
3
value 0.00014
scoring_system epss
scoring_elements 0.02888
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40194
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40194
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40194
2
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40194
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40194
4
reference_url https://github.com/phpseclib/phpseclib/releases/tag/1.0.28
reference_id 1.0.28
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T15:28:24Z/
url https://github.com/phpseclib/phpseclib/releases/tag/1.0.28
5
reference_url https://github.com/phpseclib/phpseclib/releases/tag/2.0.53
reference_id 2.0.53
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T15:28:24Z/
url https://github.com/phpseclib/phpseclib/releases/tag/2.0.53
6
reference_url https://github.com/phpseclib/phpseclib/releases/tag/3.0.51
reference_id 3.0.51
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T15:28:24Z/
url https://github.com/phpseclib/phpseclib/releases/tag/3.0.51
7
reference_url https://github.com/phpseclib/phpseclib/commit/ffe48b6b1b1af6963327f0a5330e3aa004a194ac
reference_id ffe48b6b1b1af6963327f0a5330e3aa004a194ac
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T15:28:24Z/
url https://github.com/phpseclib/phpseclib/commit/ffe48b6b1b1af6963327f0a5330e3aa004a194ac
8
reference_url https://github.com/advisories/GHSA-r854-jrxh-36qx
reference_id GHSA-r854-jrxh-36qx
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r854-jrxh-36qx
9
reference_url https://github.com/phpseclib/phpseclib/security/advisories/GHSA-r854-jrxh-36qx
reference_id GHSA-r854-jrxh-36qx
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T15:28:24Z/
url https://github.com/phpseclib/phpseclib/security/advisories/GHSA-r854-jrxh-36qx
fixed_packages
0
url pkg:composer/phpseclib/phpseclib@3.0.51
purl pkg:composer/phpseclib/phpseclib@3.0.51
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-96xr-m836-f7cq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@3.0.51
aliases CVE-2026-40194, GHSA-r854-jrxh-36qx
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hyua-p4yb-byh1
6
url VCID-j96y-epag-6kbd
vulnerability_id VCID-j96y-epag-6kbd
summary 
Duplicate Advisory: phpseclib vulnerable to denial of service
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-2f25-pfq3-c7h8. This link is maintained to preserve external references.

### Original Description
In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees in binary fields can lead to a denial of service.
references
0
reference_url https://github.com/advisories/GHSA-jpr7-q523-hx25
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-jpr7-q523-hx25
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2023-49316.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2023-49316.yaml
2
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
3
reference_url https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f
4
reference_url https://github.com/phpseclib/phpseclib/releases/tag/3.0.34
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/releases/tag/3.0.34
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49316
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49316
fixed_packages
0
url pkg:composer/phpseclib/phpseclib@3.0.34
purl pkg:composer/phpseclib/phpseclib@3.0.34
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-96xr-m836-f7cq
1
vulnerability VCID-a1e2-pwtb-zqd1
2
vulnerability VCID-ejz5-zmbt-afbg
3
vulnerability VCID-hyua-p4yb-byh1
4
vulnerability VCID-mc2v-gtgm-d3g5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@3.0.34
aliases GHSA-jpr7-q523-hx25
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j96y-epag-6kbd
7
url VCID-k7qp-9g66-rugk
vulnerability_id VCID-k7qp-9g66-rugk
summary Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27560
reference_id
reference_type
scores
0
value 0.00269
scoring_system epss
scoring_elements 0.50832
published_at 2026-06-14T12:55:00Z
1
value 0.00269
scoring_system epss
scoring_elements 0.50844
published_at 2026-06-13T12:55:00Z
2
value 0.00269
scoring_system epss
scoring_elements 0.50828
published_at 2026-06-12T12:55:00Z
3
value 0.00269
scoring_system epss
scoring_elements 0.50695
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27560
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2023-27560.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2023-27560.yaml
2
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
3
reference_url https://github.com/phpseclib/phpseclib/commit/6298d1cd55c3ffa44533bd41906caec246b60440#commitcomment-103226722
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/commit/6298d1cd55c3ffa44533bd41906caec246b60440#commitcomment-103226722
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27560
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27560
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032371
reference_id 1032371
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032371
6
reference_url https://github.com/phpseclib/phpseclib/releases/tag/3.0.19
reference_id 3.0.19
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:16:55Z/
url https://github.com/phpseclib/phpseclib/releases/tag/3.0.19
7
reference_url https://github.com/phpseclib/phpseclib/commit/6298d1cd55c3ffa44533bd41906caec246b60440
reference_id 6298d1cd55c3ffa44533bd41906caec246b60440
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:16:55Z/
url https://github.com/phpseclib/phpseclib/commit/6298d1cd55c3ffa44533bd41906caec246b60440
8
reference_url https://github.com/advisories/GHSA-hm7p-r324-hhf3
reference_id GHSA-hm7p-r324-hhf3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hm7p-r324-hhf3
fixed_packages
0
url pkg:composer/phpseclib/phpseclib@3.0.19
purl pkg:composer/phpseclib/phpseclib@3.0.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qj3-a1sx-kubr
1
vulnerability VCID-4x2v-6awj-t7ae
2
vulnerability VCID-96xr-m836-f7cq
3
vulnerability VCID-a1e2-pwtb-zqd1
4
vulnerability VCID-ejz5-zmbt-afbg
5
vulnerability VCID-hyua-p4yb-byh1
6
vulnerability VCID-j96y-epag-6kbd
7
vulnerability VCID-mc2v-gtgm-d3g5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@3.0.19
aliases CVE-2023-27560, GHSA-hm7p-r324-hhf3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k7qp-9g66-rugk
8
url VCID-mc2v-gtgm-d3g5
vulnerability_id VCID-mc2v-gtgm-d3g5
summary An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27354
reference_id
reference_type
scores
0
value 0.00204
scoring_system epss
scoring_elements 0.42724
published_at 2026-06-14T12:55:00Z
1
value 0.00204
scoring_system epss
scoring_elements 0.42735
published_at 2026-06-13T12:55:00Z
2
value 0.00204
scoring_system epss
scoring_elements 0.42554
published_at 2026-06-11T12:55:00Z
3
value 0.00204
scoring_system epss
scoring_elements 0.42716
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27354
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27354
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27354
2
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
3
reference_url https://github.com/phpseclib/phpseclib/commit/2870c8fab3f132d2ed40a66c97a36fe5ab625698
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/commit/2870c8fab3f132d2ed40a66c97a36fe5ab625698
4
reference_url https://github.com/phpseclib/phpseclib/commit/ad5dbdf2129f5e0fb644637770b7f33de8ca8575
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/commit/ad5dbdf2129f5e0fb644637770b7f33de8ca8575
5
reference_url https://github.com/phpseclib/phpseclib/commit/c55b75199ec8d12cec6eadf6da99da4a3712fe56
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/commit/c55b75199ec8d12cec6eadf6da99da4a3712fe56
6
reference_url https://github.com/phpseclib/phpseclib/security/advisories/GHSA-2528-jw5q-ww88
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/security/advisories/GHSA-2528-jw5q-ww88
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27354
reference_id CVE-2024-27354
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27354
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2024-27354.yaml
reference_id CVE-2024-27354.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2024-27354.yaml
9
reference_url https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b
reference_id ee72f3c2a00590812b2ea3c0c8890e0b
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T15:59:46Z/
url https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b
10
reference_url https://github.com/advisories/GHSA-2528-jw5q-ww88
reference_id GHSA-2528-jw5q-ww88
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2528-jw5q-ww88
11
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html
reference_id msg00002.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T15:59:46Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html
12
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html
reference_id msg00003.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T15:59:46Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html
13
reference_url https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Math/PrimeField.php#L49
reference_id PrimeField.php#L49
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T15:59:46Z/
url https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Math/PrimeField.php#L49
14
reference_url https://usn.ubuntu.com/7404-1/
reference_id USN-7404-1
reference_type
scores
url https://usn.ubuntu.com/7404-1/
fixed_packages
0
url pkg:composer/phpseclib/phpseclib@3.0.36
purl pkg:composer/phpseclib/phpseclib@3.0.36
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-96xr-m836-f7cq
1
vulnerability VCID-ejz5-zmbt-afbg
2
vulnerability VCID-hyua-p4yb-byh1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@3.0.36
aliases CVE-2024-27354, GHSA-2528-jw5q-ww88
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mc2v-gtgm-d3g5
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@3.0.16