Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/curl@7.61.1-30.el8_8?arch=3
Typerpm
Namespaceredhat
Namecurl
Version7.61.1-30.el8_8
Qualifiers
arch 3
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-47qb-2qkw-1qej
vulnerability_id VCID-47qb-2qkw-1qej
summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28321.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28321.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28321
reference_id
reference_type
scores
0
value 0.00297
scoring_system epss
scoring_elements 0.53057
published_at 2026-04-16T12:55:00Z
1
value 0.00297
scoring_system epss
scoring_elements 0.52966
published_at 2026-04-02T12:55:00Z
2
value 0.00297
scoring_system epss
scoring_elements 0.52991
published_at 2026-04-04T12:55:00Z
3
value 0.00297
scoring_system epss
scoring_elements 0.52959
published_at 2026-04-07T12:55:00Z
4
value 0.00297
scoring_system epss
scoring_elements 0.53009
published_at 2026-04-08T12:55:00Z
5
value 0.00297
scoring_system epss
scoring_elements 0.53003
published_at 2026-04-09T12:55:00Z
6
value 0.00297
scoring_system epss
scoring_elements 0.53052
published_at 2026-04-11T12:55:00Z
7
value 0.00297
scoring_system epss
scoring_elements 0.53037
published_at 2026-04-12T12:55:00Z
8
value 0.00297
scoring_system epss
scoring_elements 0.5302
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28321
2
reference_url https://curl.se/docs/CVE-2023-28321.html
reference_id
reference_type
scores
0
value Low
scoring_system cvssv3.1
scoring_elements
url https://curl.se/docs/CVE-2023-28321.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28321
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28321
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/1950627
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/
url https://hackerone.com/reports/1950627
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239
reference_id 1036239
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2196786
reference_id 2196786
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2196786
8
reference_url http://seclists.org/fulldisclosure/2023/Jul/47
reference_id 47
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/
url http://seclists.org/fulldisclosure/2023/Jul/47
9
reference_url http://seclists.org/fulldisclosure/2023/Jul/48
reference_id 48
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/
url http://seclists.org/fulldisclosure/2023/Jul/48
10
reference_url http://seclists.org/fulldisclosure/2023/Jul/52
reference_id 52
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/
url http://seclists.org/fulldisclosure/2023/Jul/52
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/
reference_id F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/
12
reference_url https://security.gentoo.org/glsa/202310-12
reference_id GLSA-202310-12
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/
url https://security.gentoo.org/glsa/202310-12
13
reference_url https://support.apple.com/kb/HT213843
reference_id HT213843
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/
url https://support.apple.com/kb/HT213843
14
reference_url https://support.apple.com/kb/HT213844
reference_id HT213844
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/
url https://support.apple.com/kb/HT213844
15
reference_url https://support.apple.com/kb/HT213845
reference_id HT213845
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/
url https://support.apple.com/kb/HT213845
16
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html
reference_id msg00016.html
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/
url https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html
17
reference_url https://security.netapp.com/advisory/ntap-20230609-0009/
reference_id ntap-20230609-0009
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/
url https://security.netapp.com/advisory/ntap-20230609-0009/
18
reference_url https://access.redhat.com/errata/RHSA-2023:4354
reference_id RHSA-2023:4354
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4354
19
reference_url https://access.redhat.com/errata/RHSA-2023:4523
reference_id RHSA-2023:4523
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4523
20
reference_url https://access.redhat.com/errata/RHSA-2023:4628
reference_id RHSA-2023:4628
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4628
21
reference_url https://access.redhat.com/errata/RHSA-2023:4629
reference_id RHSA-2023:4629
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4629
22
reference_url https://access.redhat.com/errata/RHSA-2023:5598
reference_id RHSA-2023:5598
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5598
23
reference_url https://access.redhat.com/errata/RHSA-2023:6292
reference_id RHSA-2023:6292
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6292
24
reference_url https://usn.ubuntu.com/6237-1/
reference_id USN-6237-1
reference_type
scores
url https://usn.ubuntu.com/6237-1/
25
reference_url https://usn.ubuntu.com/6237-3/
reference_id USN-6237-3
reference_type
scores
url https://usn.ubuntu.com/6237-3/
26
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/
reference_id Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/
fixed_packages
aliases CVE-2023-28321
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-47qb-2qkw-1qej
1
url VCID-ms2r-94ph-yyh3
vulnerability_id VCID-ms2r-94ph-yyh3
summary 
Improper Authentication
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27536.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27536.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27536
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01282
published_at 2026-04-16T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01285
published_at 2026-04-02T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.0129
published_at 2026-04-04T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01301
published_at 2026-04-07T12:55:00Z
4
value 0.00011
scoring_system epss
scoring_elements 0.01306
published_at 2026-04-08T12:55:00Z
5
value 0.00011
scoring_system epss
scoring_elements 0.0131
published_at 2026-04-09T12:55:00Z
6
value 0.00011
scoring_system epss
scoring_elements 0.01294
published_at 2026-04-11T12:55:00Z
7
value 0.00011
scoring_system epss
scoring_elements 0.01288
published_at 2026-04-12T12:55:00Z
8
value 0.00011
scoring_system epss
scoring_elements 0.01291
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27536
2
reference_url https://curl.se/docs/CVE-2023-27536.html
reference_id
reference_type
scores
0
value Low
scoring_system cvssv3.1
scoring_elements
url https://curl.se/docs/CVE-2023-27536.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27536
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27536
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/1895135
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/
url https://hackerone.com/reports/1895135
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2179092
reference_id 2179092
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2179092
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
reference_id 36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27536
reference_id CVE-2023-27536
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-27536
10
reference_url https://security.gentoo.org/glsa/202310-12
reference_id GLSA-202310-12
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/
url https://security.gentoo.org/glsa/202310-12
11
reference_url https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html
reference_id msg00025.html
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/
url https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html
12
reference_url https://security.netapp.com/advisory/ntap-20230420-0010/
reference_id ntap-20230420-0010
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/
url https://security.netapp.com/advisory/ntap-20230420-0010/
13
reference_url https://access.redhat.com/errata/RHSA-2023:4523
reference_id RHSA-2023:4523
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4523
14
reference_url https://access.redhat.com/errata/RHSA-2023:6679
reference_id RHSA-2023:6679
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6679
15
reference_url https://access.redhat.com/errata/RHSA-2024:0428
reference_id RHSA-2024:0428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0428
16
reference_url https://usn.ubuntu.com/5964-1/
reference_id USN-5964-1
reference_type
scores
url https://usn.ubuntu.com/5964-1/
17
reference_url https://usn.ubuntu.com/5964-2/
reference_id USN-5964-2
reference_type
scores
url https://usn.ubuntu.com/5964-2/
fixed_packages
aliases CVE-2023-27536
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ms2r-94ph-yyh3
Fixing_vulnerabilities
Risk_score2.6
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/curl@7.61.1-30.el8_8%3Farch=3