Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/httpcomponents-client@0?distro=trixie
Typedeb
Namespacedebian
Namehttpcomponents-client
Version0
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version4.1.1-1
Latest_non_vulnerable_version4.5.14-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-amws-s4rx-n7fb
vulnerability_id VCID-amws-s4rx-n7fb
summary 
Apache HttpClient disables domain checks
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27820.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27820.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27820
reference_id
reference_type
scores
0
value 0.00327
scoring_system epss
scoring_elements 0.55554
published_at 2026-05-05T12:55:00Z
1
value 0.00327
scoring_system epss
scoring_elements 0.55692
published_at 2026-04-08T12:55:00Z
2
value 0.00327
scoring_system epss
scoring_elements 0.55689
published_at 2026-04-21T12:55:00Z
3
value 0.00327
scoring_system epss
scoring_elements 0.5571
published_at 2026-04-18T12:55:00Z
4
value 0.00327
scoring_system epss
scoring_elements 0.55706
published_at 2026-04-16T12:55:00Z
5
value 0.00327
scoring_system epss
scoring_elements 0.55638
published_at 2026-04-02T12:55:00Z
6
value 0.00327
scoring_system epss
scoring_elements 0.55667
published_at 2026-04-13T12:55:00Z
7
value 0.00327
scoring_system epss
scoring_elements 0.55685
published_at 2026-04-12T12:55:00Z
8
value 0.00327
scoring_system epss
scoring_elements 0.55704
published_at 2026-04-11T12:55:00Z
9
value 0.00327
scoring_system epss
scoring_elements 0.55663
published_at 2026-04-04T12:55:00Z
10
value 0.00327
scoring_system epss
scoring_elements 0.55641
published_at 2026-04-07T12:55:00Z
11
value 0.00327
scoring_system epss
scoring_elements 0.55695
published_at 2026-04-09T12:55:00Z
12
value 0.00327
scoring_system epss
scoring_elements 0.55607
published_at 2026-04-29T12:55:00Z
13
value 0.00327
scoring_system epss
scoring_elements 0.55632
published_at 2026-04-26T12:55:00Z
14
value 0.00337
scoring_system epss
scoring_elements 0.56503
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27820
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/httpcomponents-client
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/httpcomponents-client
4
reference_url https://github.com/apache/httpcomponents-client/pull/574
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:58:16Z/
url https://github.com/apache/httpcomponents-client/pull/574
5
reference_url https://github.com/apache/httpcomponents-client/pull/621
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:58:16Z/
url https://github.com/apache/httpcomponents-client/pull/621
6
reference_url https://hc.apache.org/httpcomponents-client-5.4.x/index.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:58:16Z/
url https://hc.apache.org/httpcomponents-client-5.4.x/index.html
7
reference_url https://lists.apache.org/thread/55xhs40ncqv97qvoocok44995xp5kqn8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:58:16Z/
url https://lists.apache.org/thread/55xhs40ncqv97qvoocok44995xp5kqn8
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27820
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27820
9
reference_url https://security.netapp.com/advisory/ntap-20250516-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250516-0003
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2362042
reference_id 2362042
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2362042
11
reference_url https://github.com/advisories/GHSA-73m2-qfq3-56cx
reference_id GHSA-73m2-qfq3-56cx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-73m2-qfq3-56cx
fixed_packages
0
url pkg:deb/debian/httpcomponents-client@0?distro=trixie
purl pkg:deb/debian/httpcomponents-client@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/httpcomponents-client@0%3Fdistro=trixie
1
url pkg:deb/debian/httpcomponents-client@4.5.13-2?distro=trixie
purl pkg:deb/debian/httpcomponents-client@4.5.13-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/httpcomponents-client@4.5.13-2%3Fdistro=trixie
2
url pkg:deb/debian/httpcomponents-client@4.5.14-1?distro=trixie
purl pkg:deb/debian/httpcomponents-client@4.5.14-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/httpcomponents-client@4.5.14-1%3Fdistro=trixie
aliases CVE-2025-27820, GHSA-73m2-qfq3-56cx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-amws-s4rx-n7fb
1
url VCID-j6a3-452x-7khn
vulnerability_id VCID-j6a3-452x-7khn
summary Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40542.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40542.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40542
reference_id
reference_type
scores
0
value 0.00073
scoring_system epss
scoring_elements 0.21903
published_at 2026-04-26T12:55:00Z
1
value 0.00073
scoring_system epss
scoring_elements 0.21915
published_at 2026-04-24T12:55:00Z
2
value 0.00087
scoring_system epss
scoring_elements 0.24792
published_at 2026-04-29T12:55:00Z
3
value 0.00101
scoring_system epss
scoring_elements 0.27287
published_at 2026-05-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40542
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/httpcomponents-client/commit/726eac2323d370435d8afca1e0540aa099927f18
reference_id
reference_type
scores
url https://github.com/apache/httpcomponents-client/commit/726eac2323d370435d8afca1e0540aa099927f18
4
reference_url http://www.openwall.com/lists/oss-security/2026/04/22/5
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2026/04/22/5
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2460518
reference_id 2460518
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2460518
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40542
reference_id CVE-2026-40542
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-40542
7
reference_url https://github.com/advisories/GHSA-v468-qcjx-r72w
reference_id GHSA-v468-qcjx-r72w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v468-qcjx-r72w
8
reference_url https://lists.apache.org/thread/tfmgv86xr0z1y096vs3z0y315t1v3o97
reference_id tfmgv86xr0z1y096vs3z0y315t1v3o97
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:14:52Z/
url https://lists.apache.org/thread/tfmgv86xr0z1y096vs3z0y315t1v3o97
fixed_packages
0
url pkg:deb/debian/httpcomponents-client@0?distro=trixie
purl pkg:deb/debian/httpcomponents-client@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/httpcomponents-client@0%3Fdistro=trixie
1
url pkg:deb/debian/httpcomponents-client@4.5.13-2?distro=trixie
purl pkg:deb/debian/httpcomponents-client@4.5.13-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/httpcomponents-client@4.5.13-2%3Fdistro=trixie
2
url pkg:deb/debian/httpcomponents-client@4.5.14-1?distro=trixie
purl pkg:deb/debian/httpcomponents-client@4.5.14-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/httpcomponents-client@4.5.14-1%3Fdistro=trixie
aliases CVE-2026-40542, GHSA-v468-qcjx-r72w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j6a3-452x-7khn
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/httpcomponents-client@0%3Fdistro=trixie