Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/freeradius@3.0.17%2Bdfsg-1.1?distro=trixie

Type deb

Namespace debian

Name freeradius

Version 3.0.17+dfsg-1.1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.0.20+dfsg-1

Latest_non_vulnerable_version 3.2.8+dfsg-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-5wfc-j1rs-yqdk

vulnerability_id VCID-5wfc-j1rs-yqdk

summary FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11234.json

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11234.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11234

reference_id

reference_type

scores

value	0.25852
scoring_system	epss
scoring_elements	0.96363
published_at	2026-06-04T12:55:00Z

value	0.25852
scoring_system	epss
scoring_elements	0.96368
published_at	2026-06-05T12:55:00Z

value	0.25852
scoring_system	epss
scoring_elements	0.96378
published_at	2026-06-09T12:55:00Z

value	0.25852
scoring_system	epss
scoring_elements	0.96372
published_at	2026-06-06T12:55:00Z

value	0.25852
scoring_system	epss
scoring_elements	0.96373
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11234

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11234
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11234

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1695783
reference_id	1695783
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1695783

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926958
reference_id	926958
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926958

reference_url	https://access.redhat.com/errata/RHSA-2019:1131
reference_id	RHSA-2019:1131
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1131

reference_url	https://access.redhat.com/errata/RHSA-2019:1142
reference_id	RHSA-2019:1142
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1142

reference_url	https://usn.ubuntu.com/3954-1/
reference_id	USN-3954-1
reference_type
scores
url	https://usn.ubuntu.com/3954-1/

fixed_packages

url	pkg:deb/debian/freeradius@3.0.17%2Bdfsg-1.1?distro=trixie
purl	pkg:deb/debian/freeradius@3.0.17%2Bdfsg-1.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/freeradius@3.0.17%252Bdfsg-1.1%3Fdistro=trixie

url pkg:deb/debian/freeradius@3.0.21%2Bdfsg-2.2%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/freeradius@3.0.21%2Bdfsg-2.2%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5muc-ntps-4ffg

vulnerability	VCID-xwvg-v78q-q3hd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freeradius@3.0.21%252Bdfsg-2.2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/freeradius@3.2.1%2Bdfsg-4%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/freeradius@3.2.1%2Bdfsg-4%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5muc-ntps-4ffg

vulnerability	VCID-xwvg-v78q-q3hd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freeradius@3.2.1%252Bdfsg-4%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/freeradius@3.2.7%2Bdfsg-1%2Bdeb13u2?distro=trixie
purl	pkg:deb/debian/freeradius@3.2.7%2Bdfsg-1%2Bdeb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/freeradius@3.2.7%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/freeradius@3.2.8%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/freeradius@3.2.8%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/freeradius@3.2.8%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2019-11234

risk_score 2.2

exploitability 0.5

weighted_severity 4.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5wfc-j1rs-yqdk

url VCID-78nv-kquq-ryh3

vulnerability_id VCID-78nv-kquq-ryh3

summary FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11235.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11235.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11235

reference_id

reference_type

scores

value	0.04547
scoring_system	epss
scoring_elements	0.89371
published_at	2026-06-04T12:55:00Z

value	0.04547
scoring_system	epss
scoring_elements	0.8939
published_at	2026-06-05T12:55:00Z

value	0.04547
scoring_system	epss
scoring_elements	0.89389
published_at	2026-06-08T12:55:00Z

value	0.04547
scoring_system	epss
scoring_elements	0.89387
published_at	2026-06-07T12:55:00Z

value	0.07689
scoring_system	epss
scoring_elements	0.92079
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11235

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11235
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11235

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1695748
reference_id	1695748
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1695748

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926958
reference_id	926958
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926958

reference_url	https://access.redhat.com/errata/RHSA-2019:1131
reference_id	RHSA-2019:1131
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1131

reference_url	https://access.redhat.com/errata/RHSA-2019:1142
reference_id	RHSA-2019:1142
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1142

reference_url	https://usn.ubuntu.com/3954-1/
reference_id	USN-3954-1
reference_type
scores
url	https://usn.ubuntu.com/3954-1/

fixed_packages

url	pkg:deb/debian/freeradius@3.0.17%2Bdfsg-1.1?distro=trixie
purl	pkg:deb/debian/freeradius@3.0.17%2Bdfsg-1.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/freeradius@3.0.17%252Bdfsg-1.1%3Fdistro=trixie

url pkg:deb/debian/freeradius@3.0.21%2Bdfsg-2.2%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/freeradius@3.0.21%2Bdfsg-2.2%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5muc-ntps-4ffg

vulnerability	VCID-xwvg-v78q-q3hd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freeradius@3.0.21%252Bdfsg-2.2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/freeradius@3.2.1%2Bdfsg-4%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/freeradius@3.2.1%2Bdfsg-4%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5muc-ntps-4ffg

vulnerability	VCID-xwvg-v78q-q3hd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freeradius@3.2.1%252Bdfsg-4%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/freeradius@3.2.7%2Bdfsg-1%2Bdeb13u2?distro=trixie
purl	pkg:deb/debian/freeradius@3.2.7%2Bdfsg-1%2Bdeb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/freeradius@3.2.7%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/freeradius@3.2.8%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/freeradius@3.2.8%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/freeradius@3.2.8%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2019-11235

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-78nv-kquq-ryh3

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freeradius@3.0.17%252Bdfsg-1.1%3Fdistro=trixie

Package Instance