Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:cargo/h2@0.4.0

Type cargo

Namespace

Name h2

Version 0.4.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 0.4.2

Latest_non_vulnerable_version 0.4.4

Affected_by_vulnerabilities

url VCID-uxja-62es-e7dk

vulnerability_id VCID-uxja-62es-e7dk

summary Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)

references

reference_url

https://github.com/hyperium/h2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hyperium/h2

reference_url

https://github.com/hyperium/h2/commit/59570e11ccddbec85f67a0c7aa353f7730c68854

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hyperium/h2/commit/59570e11ccddbec85f67a0c7aa353f7730c68854

reference_url

https://github.com/hyperium/h2/commit/d919cd6fd8e0f4f5d1f6282fab0b38a1b4bf999c

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hyperium/h2/commit/d919cd6fd8e0f4f5d1f6282fab0b38a1b4bf999c

reference_url

https://github.com/hyperium/h2/pull/737

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hyperium/h2/pull/737

reference_url

https://rustsec.org/advisories/RUSTSEC-2024-0003.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2024-0003.html

reference_url

https://github.com/advisories/GHSA-8r5v-vm4m-4g25

reference_id

GHSA-8r5v-vm4m-4g25

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8r5v-vm4m-4g25

fixed_packages

url	pkg:cargo/h2@0.4.2
purl	pkg:cargo/h2@0.4.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:cargo/h2@0.4.2

aliases GHSA-8r5v-vm4m-4g25

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uxja-62es-e7dk

url VCID-wuxh-n9ef-dua7

vulnerability_id VCID-wuxh-n9ef-dua7

summary h2 servers vulnerable to degradation of service with CONTINUATION Flood

references

reference_url

https://github.com/hyperium/h2

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hyperium/h2

reference_url

https://rustsec.org/advisories/RUSTSEC-2024-0332.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2024-0332.html

reference_url

https://seanmonstar.com/blog/hyper-http2-continuation-flood

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://seanmonstar.com/blog/hyper-http2-continuation-flood

reference_url

https://www.kb.cert.org/vuls/id/421644

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.kb.cert.org/vuls/id/421644

reference_url

https://github.com/advisories/GHSA-q6cp-qfwq-4gcv

reference_id

GHSA-q6cp-qfwq-4gcv

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q6cp-qfwq-4gcv

fixed_packages

url	pkg:cargo/h2@0.4.4
purl	pkg:cargo/h2@0.4.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:cargo/h2@0.4.4

aliases GHSA-q6cp-qfwq-4gcv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wuxh-n9ef-dua7

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/h2@0.4.0

Package Instance