Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/lighttpd@1.4.52-1?distro=trixie
Typedeb
Namespacedebian
Namelighttpd
Version1.4.52-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.4.53-4
Latest_non_vulnerable_version1.4.82-2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-uk6q-31q8-qqf9
vulnerability_id VCID-uk6q-31q8-qqf9
summary There exists use-after-free vulnerabilities in lighttpd <= 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not from other requests.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-25103
reference_id
reference_type
scores
0
value 0.00342
scoring_system epss
scoring_elements 0.5688
published_at 2026-04-13T12:55:00Z
1
value 0.00342
scoring_system epss
scoring_elements 0.56862
published_at 2026-04-02T12:55:00Z
2
value 0.00342
scoring_system epss
scoring_elements 0.56883
published_at 2026-04-04T12:55:00Z
3
value 0.00342
scoring_system epss
scoring_elements 0.56859
published_at 2026-04-07T12:55:00Z
4
value 0.00342
scoring_system epss
scoring_elements 0.56911
published_at 2026-04-08T12:55:00Z
5
value 0.00342
scoring_system epss
scoring_elements 0.56914
published_at 2026-04-09T12:55:00Z
6
value 0.00342
scoring_system epss
scoring_elements 0.56923
published_at 2026-04-11T12:55:00Z
7
value 0.00342
scoring_system epss
scoring_elements 0.56903
published_at 2026-04-12T12:55:00Z
8
value 0.00342
scoring_system epss
scoring_elements 0.56767
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-25103
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25103
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25103
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://www.kb.cert.org/vuls/id/312260
reference_id 312260
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:05:27Z/
url https://www.kb.cert.org/vuls/id/312260
4
reference_url https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf
reference_id AMI-SA-2024002.pdf
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:05:27Z/
url https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf
5
reference_url https://github.com/lighttpd/lighttpd1.4/commit/d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8
reference_id d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:05:27Z/
url https://github.com/lighttpd/lighttpd1.4/commit/d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8
6
reference_url https://github.com/lighttpd/lighttpd1.4/commit/df8e4f95614e476276a55e34da2aa8b00b1148e9
reference_id df8e4f95614e476276a55e34da2aa8b00b1148e9
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:05:27Z/
url https://github.com/lighttpd/lighttpd1.4/commit/df8e4f95614e476276a55e34da2aa8b00b1148e9
7
reference_url https://www.runzero.com/blog/lighttpd/
reference_id lighttpd
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:05:27Z/
url https://www.runzero.com/blog/lighttpd/
8
reference_url https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736
reference_id #more-736
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:05:27Z/
url https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736
fixed_packages
0
url pkg:deb/debian/lighttpd@1.4.52-1?distro=trixie
purl pkg:deb/debian/lighttpd@1.4.52-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.52-1%3Fdistro=trixie
1
url pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.59-1%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/lighttpd@1.4.69-1?distro=trixie
purl pkg:deb/debian/lighttpd@1.4.69-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.69-1%3Fdistro=trixie
3
url pkg:deb/debian/lighttpd@1.4.79-2?distro=trixie
purl pkg:deb/debian/lighttpd@1.4.79-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.79-2%3Fdistro=trixie
4
url pkg:deb/debian/lighttpd@1.4.82-2?distro=trixie
purl pkg:deb/debian/lighttpd@1.4.82-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.82-2%3Fdistro=trixie
aliases CVE-2018-25103
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uk6q-31q8-qqf9
1
url VCID-wfbv-rpt2-9bcs
vulnerability_id VCID-wfbv-rpt2-9bcs
summary An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-19052
reference_id
reference_type
scores
0
value 0.58168
scoring_system epss
scoring_elements 0.98188
published_at 2026-04-13T12:55:00Z
1
value 0.58168
scoring_system epss
scoring_elements 0.98173
published_at 2026-04-01T12:55:00Z
2
value 0.58168
scoring_system epss
scoring_elements 0.98175
published_at 2026-04-02T12:55:00Z
3
value 0.58168
scoring_system epss
scoring_elements 0.98179
published_at 2026-04-04T12:55:00Z
4
value 0.58168
scoring_system epss
scoring_elements 0.9818
published_at 2026-04-07T12:55:00Z
5
value 0.58168
scoring_system epss
scoring_elements 0.98184
published_at 2026-04-08T12:55:00Z
6
value 0.58168
scoring_system epss
scoring_elements 0.98185
published_at 2026-04-09T12:55:00Z
7
value 0.58168
scoring_system epss
scoring_elements 0.98189
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-19052
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19052
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19052
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913528
reference_id 913528
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913528
4
reference_url https://usn.ubuntu.com/USN-4775-1/
reference_id USN-USN-4775-1
reference_type
scores
url https://usn.ubuntu.com/USN-4775-1/
fixed_packages
0
url pkg:deb/debian/lighttpd@1.4.52-1?distro=trixie
purl pkg:deb/debian/lighttpd@1.4.52-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.52-1%3Fdistro=trixie
1
url pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.59-1%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/lighttpd@1.4.69-1?distro=trixie
purl pkg:deb/debian/lighttpd@1.4.69-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.69-1%3Fdistro=trixie
3
url pkg:deb/debian/lighttpd@1.4.79-2?distro=trixie
purl pkg:deb/debian/lighttpd@1.4.79-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.79-2%3Fdistro=trixie
4
url pkg:deb/debian/lighttpd@1.4.82-2?distro=trixie
purl pkg:deb/debian/lighttpd@1.4.82-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.82-2%3Fdistro=trixie
aliases CVE-2018-19052
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wfbv-rpt2-9bcs
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.52-1%3Fdistro=trixie