Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/curl@7.86.0-3?distro=trixie
Typedeb
Namespacedebian
Namecurl
Version7.86.0-3
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version7.88.1-1
Latest_non_vulnerable_version8.20.0-5
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-ns58-vmsz-5ued
vulnerability_id VCID-ns58-vmsz-5ued
summary A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43551.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43551.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43551
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.14256
published_at 2026-06-04T12:55:00Z
1
value 0.00045
scoring_system epss
scoring_elements 0.14235
published_at 2026-06-09T12:55:00Z
2
value 0.00045
scoring_system epss
scoring_elements 0.14327
published_at 2026-06-05T12:55:00Z
3
value 0.00045
scoring_system epss
scoring_elements 0.14329
published_at 2026-06-06T12:55:00Z
4
value 0.00045
scoring_system epss
scoring_elements 0.14293
published_at 2026-06-07T12:55:00Z
5
value 0.00045
scoring_system epss
scoring_elements 0.14211
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43551
2
reference_url https://curl.se/docs/CVE-2022-43551.html
reference_id
reference_type
scores
0
value Medium
scoring_system cvssv3.1
scoring_elements
url https://curl.se/docs/CVE-2022-43551.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43551
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43551
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/1755083
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-15T14:38:16Z/
url https://hackerone.com/reports/1755083
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026829
reference_id 1026829
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026829
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2152639
reference_id 2152639
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2152639
8
reference_url https://security.gentoo.org/glsa/202310-12
reference_id GLSA-202310-12
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-15T14:38:16Z/
url https://security.gentoo.org/glsa/202310-12
9
reference_url https://security.netapp.com/advisory/ntap-20230427-0007/
reference_id ntap-20230427-0007
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-15T14:38:16Z/
url https://security.netapp.com/advisory/ntap-20230427-0007/
10
reference_url https://access.redhat.com/errata/RHSA-2023:3354
reference_id RHSA-2023:3354
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3354
11
reference_url https://access.redhat.com/errata/RHSA-2023:3355
reference_id RHSA-2023:3355
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3355
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVWZW5CNSJ7UYAF2BGSYAWAEXDJYUBHA/
reference_id TVWZW5CNSJ7UYAF2BGSYAWAEXDJYUBHA
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-15T14:38:16Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVWZW5CNSJ7UYAF2BGSYAWAEXDJYUBHA/
13
reference_url https://usn.ubuntu.com/5788-1/
reference_id USN-5788-1
reference_type
scores
url https://usn.ubuntu.com/5788-1/
fixed_packages
0
url pkg:deb/debian/curl@7.86.0-3?distro=trixie
purl pkg:deb/debian/curl@7.86.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.86.0-3%3Fdistro=trixie
1
url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie
purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1dw3-33ju-jkbs
1
vulnerability VCID-21ff-tazv-9ud3
2
vulnerability VCID-39qh-jayw-g3dh
3
vulnerability VCID-5un8-xymy-37bt
4
vulnerability VCID-7wqd-99h2-e7hk
5
vulnerability VCID-bcuq-n4vb-k7f3
6
vulnerability VCID-ezve-gc2h-qyga
7
vulnerability VCID-f9nm-d5ax-qkcb
8
vulnerability VCID-fcb7-8163-muf4
9
vulnerability VCID-g7ux-4vz2-ckfg
10
vulnerability VCID-gux4-dncg-h7a6
11
vulnerability VCID-hhms-2hg6-nke9
12
vulnerability VCID-p155-gbtu-abg1
13
vulnerability VCID-secz-78pt-dben
14
vulnerability VCID-ucyf-faft-33bv
15
vulnerability VCID-v82t-s9e1-2fbw
16
vulnerability VCID-w8ff-vxga-8qcz
17
vulnerability VCID-wgur-psum-pbck
18
vulnerability VCID-y44u-23he-aya8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie
2
url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u3?distro=trixie
purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21ff-tazv-9ud3
1
vulnerability VCID-39qh-jayw-g3dh
2
vulnerability VCID-5un8-xymy-37bt
3
vulnerability VCID-7wqd-99h2-e7hk
4
vulnerability VCID-bcuq-n4vb-k7f3
5
vulnerability VCID-f9nm-d5ax-qkcb
6
vulnerability VCID-fcb7-8163-muf4
7
vulnerability VCID-fxgf-t3ue-6qhf
8
vulnerability VCID-g7ux-4vz2-ckfg
9
vulnerability VCID-gux4-dncg-h7a6
10
vulnerability VCID-hhms-2hg6-nke9
11
vulnerability VCID-p155-gbtu-abg1
12
vulnerability VCID-secz-78pt-dben
13
vulnerability VCID-v82t-s9e1-2fbw
14
vulnerability VCID-w8ff-vxga-8qcz
15
vulnerability VCID-wgur-psum-pbck
16
vulnerability VCID-y44u-23he-aya8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u3%3Fdistro=trixie
3
url pkg:deb/debian/curl@8.20.0-2?distro=trixie
purl pkg:deb/debian/curl@8.20.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-2%3Fdistro=trixie
4
url pkg:deb/debian/curl@8.20.0-5?distro=trixie
purl pkg:deb/debian/curl@8.20.0-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-5%3Fdistro=trixie
aliases CVE-2022-43551
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ns58-vmsz-5ued
1
url VCID-r2g9-c896-rkge
vulnerability_id VCID-r2g9-c896-rkge
summary A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43552.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43552.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43552
reference_id
reference_type
scores
0
value 0.00104
scoring_system epss
scoring_elements 0.27848
published_at 2026-06-04T12:55:00Z
1
value 0.00104
scoring_system epss
scoring_elements 0.27783
published_at 2026-06-09T12:55:00Z
2
value 0.00104
scoring_system epss
scoring_elements 0.27915
published_at 2026-06-05T12:55:00Z
3
value 0.00104
scoring_system epss
scoring_elements 0.27865
published_at 2026-06-06T12:55:00Z
4
value 0.00104
scoring_system epss
scoring_elements 0.27826
published_at 2026-06-07T12:55:00Z
5
value 0.00104
scoring_system epss
scoring_elements 0.27778
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43552
2
reference_url https://curl.se/docs/CVE-2022-43552.html
reference_id
reference_type
scores
0
value Low
scoring_system cvssv3.1
scoring_elements
url https://curl.se/docs/CVE-2022-43552.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32221
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32221
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43552
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43552
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://hackerone.com/reports/1764858
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:27:40Z/
url https://hackerone.com/reports/1764858
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026830
reference_id 1026830
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026830
8
reference_url http://seclists.org/fulldisclosure/2023/Mar/17
reference_id 17
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:27:40Z/
url http://seclists.org/fulldisclosure/2023/Mar/17
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2152652
reference_id 2152652
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2152652
10
reference_url https://security.gentoo.org/glsa/202310-12
reference_id GLSA-202310-12
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:27:40Z/
url https://security.gentoo.org/glsa/202310-12
11
reference_url https://support.apple.com/kb/HT213670
reference_id HT213670
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:27:40Z/
url https://support.apple.com/kb/HT213670
12
reference_url https://security.netapp.com/advisory/ntap-20230214-0002/
reference_id ntap-20230214-0002
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:27:40Z/
url https://security.netapp.com/advisory/ntap-20230214-0002/
13
reference_url https://access.redhat.com/errata/RHSA-2023:2478
reference_id RHSA-2023:2478
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2478
14
reference_url https://access.redhat.com/errata/RHSA-2023:2963
reference_id RHSA-2023:2963
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2963
15
reference_url https://access.redhat.com/errata/RHSA-2023:3354
reference_id RHSA-2023:3354
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3354
16
reference_url https://access.redhat.com/errata/RHSA-2023:3355
reference_id RHSA-2023:3355
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3355
17
reference_url https://access.redhat.com/errata/RHSA-2023:7743
reference_id RHSA-2023:7743
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7743
18
reference_url https://access.redhat.com/errata/RHSA-2024:0428
reference_id RHSA-2024:0428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0428
19
reference_url https://usn.ubuntu.com/5788-1/
reference_id USN-5788-1
reference_type
scores
url https://usn.ubuntu.com/5788-1/
20
reference_url https://usn.ubuntu.com/5894-1/
reference_id USN-5894-1
reference_type
scores
url https://usn.ubuntu.com/5894-1/
fixed_packages
0
url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u5?distro=trixie
purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u5%3Fdistro=trixie
1
url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie
purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18p4-rvxz-pkeu
1
vulnerability VCID-1dw3-33ju-jkbs
2
vulnerability VCID-1m1w-rayk-sffe
3
vulnerability VCID-21ff-tazv-9ud3
4
vulnerability VCID-287k-bzqy-n7ag
5
vulnerability VCID-39qh-jayw-g3dh
6
vulnerability VCID-5un8-xymy-37bt
7
vulnerability VCID-6ggz-pa5t-77c4
8
vulnerability VCID-7wqd-99h2-e7hk
9
vulnerability VCID-85qb-zec7-subc
10
vulnerability VCID-a8z6-bswu-jue8
11
vulnerability VCID-bcuq-n4vb-k7f3
12
vulnerability VCID-f9nm-d5ax-qkcb
13
vulnerability VCID-fcb7-8163-muf4
14
vulnerability VCID-g7ux-4vz2-ckfg
15
vulnerability VCID-h4nw-va5b-23ef
16
vulnerability VCID-hhms-2hg6-nke9
17
vulnerability VCID-ns58-vmsz-5ued
18
vulnerability VCID-nwvb-d466-4uaa
19
vulnerability VCID-p155-gbtu-abg1
20
vulnerability VCID-secz-78pt-dben
21
vulnerability VCID-ucyf-faft-33bv
22
vulnerability VCID-v82t-s9e1-2fbw
23
vulnerability VCID-w8ff-vxga-8qcz
24
vulnerability VCID-wgur-psum-pbck
25
vulnerability VCID-y44u-23he-aya8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie
2
url pkg:deb/debian/curl@7.86.0-3?distro=trixie
purl pkg:deb/debian/curl@7.86.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.86.0-3%3Fdistro=trixie
3
url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie
purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1dw3-33ju-jkbs
1
vulnerability VCID-21ff-tazv-9ud3
2
vulnerability VCID-39qh-jayw-g3dh
3
vulnerability VCID-5un8-xymy-37bt
4
vulnerability VCID-7wqd-99h2-e7hk
5
vulnerability VCID-bcuq-n4vb-k7f3
6
vulnerability VCID-ezve-gc2h-qyga
7
vulnerability VCID-f9nm-d5ax-qkcb
8
vulnerability VCID-fcb7-8163-muf4
9
vulnerability VCID-g7ux-4vz2-ckfg
10
vulnerability VCID-gux4-dncg-h7a6
11
vulnerability VCID-hhms-2hg6-nke9
12
vulnerability VCID-p155-gbtu-abg1
13
vulnerability VCID-secz-78pt-dben
14
vulnerability VCID-ucyf-faft-33bv
15
vulnerability VCID-v82t-s9e1-2fbw
16
vulnerability VCID-w8ff-vxga-8qcz
17
vulnerability VCID-wgur-psum-pbck
18
vulnerability VCID-y44u-23he-aya8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie
4
url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u3?distro=trixie
purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21ff-tazv-9ud3
1
vulnerability VCID-39qh-jayw-g3dh
2
vulnerability VCID-5un8-xymy-37bt
3
vulnerability VCID-7wqd-99h2-e7hk
4
vulnerability VCID-bcuq-n4vb-k7f3
5
vulnerability VCID-f9nm-d5ax-qkcb
6
vulnerability VCID-fcb7-8163-muf4
7
vulnerability VCID-fxgf-t3ue-6qhf
8
vulnerability VCID-g7ux-4vz2-ckfg
9
vulnerability VCID-gux4-dncg-h7a6
10
vulnerability VCID-hhms-2hg6-nke9
11
vulnerability VCID-p155-gbtu-abg1
12
vulnerability VCID-secz-78pt-dben
13
vulnerability VCID-v82t-s9e1-2fbw
14
vulnerability VCID-w8ff-vxga-8qcz
15
vulnerability VCID-wgur-psum-pbck
16
vulnerability VCID-y44u-23he-aya8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u3%3Fdistro=trixie
5
url pkg:deb/debian/curl@8.20.0-2?distro=trixie
purl pkg:deb/debian/curl@8.20.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-2%3Fdistro=trixie
6
url pkg:deb/debian/curl@8.20.0-5?distro=trixie
purl pkg:deb/debian/curl@8.20.0-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-5%3Fdistro=trixie
aliases CVE-2022-43552
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r2g9-c896-rkge
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.86.0-3%3Fdistro=trixie