Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/blacksheep@2.4.4a2
Typepypi
Namespace
Nameblacksheep
Version2.4.4a2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.4.6
Latest_non_vulnerable_version2.4.6
Affected_by_vulnerabilities
0
url VCID-6ajn-kkrh-47ax
vulnerability_id VCID-6ajn-kkrh-47ax
summary 
BlackSheep's ClientSession is vulnerable to CRLF injection
The HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests (e.g. insert a new header) or even create a new HTTP request.
Exploitation requires developers to pass unsanitized user input directly into headers.
The server part is not affected because BlackSheep delegates to an underlying ASGI server handling of response headers.

**Attack vector:** Applications using user input in HTTP client requests (method, URL, headers).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-22779
reference_id
reference_type
scores
0
value 0.00052
scoring_system epss
scoring_elements 0.16593
published_at 2026-06-06T12:55:00Z
1
value 0.00052
scoring_system epss
scoring_elements 0.16484
published_at 2026-06-09T12:55:00Z
2
value 0.00052
scoring_system epss
scoring_elements 0.16469
published_at 2026-06-08T12:55:00Z
3
value 0.00052
scoring_system epss
scoring_elements 0.16551
published_at 2026-06-07T12:55:00Z
4
value 0.00052
scoring_system epss
scoring_elements 0.16596
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-22779
1
reference_url https://github.com/Neoteroi/BlackSheep
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Neoteroi/BlackSheep
2
reference_url https://github.com/Neoteroi/BlackSheep/commit/bd4ecb9542b5d52442276b5a6907931b90f38d12
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-14T21:01:45Z/
url https://github.com/Neoteroi/BlackSheep/commit/bd4ecb9542b5d52442276b5a6907931b90f38d12
3
reference_url https://github.com/Neoteroi/BlackSheep/releases/tag/v2.4.6
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-14T21:01:45Z/
url https://github.com/Neoteroi/BlackSheep/releases/tag/v2.4.6
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-22779
reference_id CVE-2026-22779
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-22779
5
reference_url https://github.com/advisories/GHSA-6pw3-h7xf-x4gp
reference_id GHSA-6pw3-h7xf-x4gp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6pw3-h7xf-x4gp
6
reference_url https://github.com/Neoteroi/BlackSheep/security/advisories/GHSA-6pw3-h7xf-x4gp
reference_id GHSA-6pw3-h7xf-x4gp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-14T21:01:45Z/
url https://github.com/Neoteroi/BlackSheep/security/advisories/GHSA-6pw3-h7xf-x4gp
fixed_packages
0
url pkg:pypi/blacksheep@2.4.6
purl pkg:pypi/blacksheep@2.4.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/blacksheep@2.4.6
aliases CVE-2026-22779, GHSA-6pw3-h7xf-x4gp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ajn-kkrh-47ax
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/blacksheep@2.4.4a2