Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/dotnet3.1@3.1.422-1?arch=el8_6

Type rpm

Namespace redhat

Name dotnet3.1

Version 3.1.422-1

Qualifiers

arch	el8_6

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-65c5-st4q-dff3

vulnerability_id

VCID-65c5-st4q-dff3

summary

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository eventsource/eventsource prior to v2.0.2.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1650.json

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1650.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1650

reference_id

reference_type

scores

value	0.01141
scoring_system	epss
scoring_elements	0.78498
published_at	2026-04-29T12:55:00Z

value	0.01141
scoring_system	epss
scoring_elements	0.78482
published_at	2026-04-26T12:55:00Z

value	0.01141
scoring_system	epss
scoring_elements	0.78475
published_at	2026-04-24T12:55:00Z

value	0.01141
scoring_system	epss
scoring_elements	0.78442
published_at	2026-04-21T12:55:00Z

value	0.01141
scoring_system	epss
scoring_elements	0.78446
published_at	2026-04-18T12:55:00Z

value	0.01141
scoring_system	epss
scoring_elements	0.78447
published_at	2026-04-16T12:55:00Z

value	0.01141
scoring_system	epss
scoring_elements	0.78419
published_at	2026-04-13T12:55:00Z

value	0.01141
scoring_system	epss
scoring_elements	0.78426
published_at	2026-04-12T12:55:00Z

value	0.01141
scoring_system	epss
scoring_elements	0.78445
published_at	2026-04-11T12:55:00Z

value	0.01141
scoring_system	epss
scoring_elements	0.78418
published_at	2026-04-09T12:55:00Z

value	0.01141
scoring_system	epss
scoring_elements	0.78413
published_at	2026-04-08T12:55:00Z

value	0.01141
scoring_system	epss
scoring_elements	0.78386
published_at	2026-04-07T12:55:00Z

value	0.01141
scoring_system	epss
scoring_elements	0.78402
published_at	2026-04-04T12:55:00Z

value	0.01141
scoring_system	epss
scoring_elements	0.78365
published_at	2026-04-01T12:55:00Z

value	0.01141
scoring_system	epss
scoring_elements	0.78371
published_at	2026-04-02T12:55:00Z

value	0.01543
scoring_system	epss
scoring_elements	0.81489
published_at	2026-05-07T12:55:00Z

value	0.01543
scoring_system	epss
scoring_elements	0.81469
published_at	2026-05-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1650

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1650
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1650

reference_url

https://github.com/eventsource/eventsource

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/eventsource/eventsource

reference_url

https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4

reference_url

https://github.com/EventSource/eventsource/commit/f9f6416567bff62c1af2f4314be51d9870e94bc2

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/EventSource/eventsource/commit/f9f6416567bff62c1af2f4314be51d9870e94bc2

reference_url

https://github.com/EventSource/eventsource/pull/273#issuecomment-1127624508

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/EventSource/eventsource/pull/273#issuecomment-1127624508

reference_url

https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e

reference_url

https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2085307
reference_id	2085307
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2085307

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-1650

reference_id

CVE-2022-1650

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-1650

reference_url

https://github.com/advisories/GHSA-6h5x-7c5m-7cr7

reference_id

GHSA-6h5x-7c5m-7cr7

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6h5x-7c5m-7cr7

reference_url	https://access.redhat.com/errata/RHSA-2022:5006
reference_id	RHSA-2022:5006
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5006

reference_url	https://access.redhat.com/errata/RHSA-2022:5030
reference_id	RHSA-2022:5030
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5030

reference_url	https://access.redhat.com/errata/RHSA-2022:6037
reference_id	RHSA-2022:6037
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6037

reference_url	https://access.redhat.com/errata/RHSA-2022:6057
reference_id	RHSA-2022:6057
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6057

reference_url	https://access.redhat.com/errata/RHSA-2022:6156
reference_id	RHSA-2022:6156
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6156

reference_url	https://access.redhat.com/errata/RHSA-2022:6429
reference_id	RHSA-2022:6429
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6429

reference_url	https://access.redhat.com/errata/RHSA-2023:3642
reference_id	RHSA-2023:3642
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3642

reference_url	https://usn.ubuntu.com/6082-1/
reference_id	USN-6082-1
reference_type
scores
url	https://usn.ubuntu.com/6082-1/

fixed_packages

aliases

CVE-2022-1650, GHSA-6h5x-7c5m-7cr7

risk_score

4.5

exploitability

0.5

weighted_severity

9.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-65c5-st4q-dff3

url

VCID-rz8f-jn6b-a7fw

vulnerability_id

VCID-rz8f-jn6b-a7fw

summary

.NET Information Disclosure Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

An information disclosure vulnerability exists in .NET Core 3.1 and .NET 6.0 that could lead to unauthorized access of privileged information.

## <a name="affected-software"></a>Affected software

* Any .NET 6.0 application running on .NET 6.0.7 or earlier.
* Any .NET Core 3.1 applicaiton running on .NET Core 3.1.27 or earlier.

If your application uses the following package versions, ensure you update to the latest version of .NET.

### <a name=".NET Core 3.1"></a>.NET Core 3.1

Package name | Affected version | Patched version
------------ | ---------------- | -------------------------
[System.Security.Cryptography.Xml](http://system.security)| <=4.7.0| 4.7.1
[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm)| >=3.1.0, 3.1.27| 3.1.28

### <a name=".NET 6"></a>.NET 6

Package name | Affected version | Patched version
------------ | ---------------- | -------------------------
[System.Security.Cryptography.Xml](https://www.nuget.org/packages/System.Security.Cryptography.Xml)| >=5.0.0, 6.0.0| 6.0.1
[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm)| >=6.0.0, 6.0.7| 6.0.8

## Patches


* If you're using .NET 6.0, you should download and install Runtime 6.0.8 or SDK 6.0.108 (for Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0.
* If you're using .NET Core 3.1, you should download and install Runtime 3.1.28 (for Visual Studio 2019 v16.9) from https://dotnet.microsoft.com/download/dotnet-core/3.1.


### Other

Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/232
An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/43166
MSRC details for this can be found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34716.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34716.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-34716

reference_id

reference_type

scores

value	0.00952
scoring_system	epss
scoring_elements	0.76484
published_at	2026-05-07T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76469
published_at	2026-04-29T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76455
published_at	2026-05-05T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76385
published_at	2026-04-13T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76425
published_at	2026-04-16T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76431
published_at	2026-04-18T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76415
published_at	2026-04-21T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76449
published_at	2026-04-24T12:55:00Z

value	0.01106
scoring_system	epss
scoring_elements	0.7809
published_at	2026-04-08T12:55:00Z

value	0.01106
scoring_system	epss
scoring_elements	0.78103
published_at	2026-04-12T12:55:00Z

value	0.01106
scoring_system	epss
scoring_elements	0.78121
published_at	2026-04-11T12:55:00Z

value	0.01106
scoring_system	epss
scoring_elements	0.78082
published_at	2026-04-04T12:55:00Z

value	0.01106
scoring_system	epss
scoring_elements	0.78064
published_at	2026-04-07T12:55:00Z

value	0.01106
scoring_system	epss
scoring_elements	0.78094
published_at	2026-04-09T12:55:00Z

value	0.01106
scoring_system	epss
scoring_elements	0.78053
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-34716

reference_url

https://github.com/dotnet/announcements/issues/232

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/announcements/issues/232

reference_url

https://github.com/dotnet/aspnetcore/issues/43166

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore/issues/43166

reference_url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-vh55-786g-wjwj

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-vh55-786g-wjwj

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T20:04:18Z/

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-34716

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-34716

reference_url

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2115183
reference_id	2115183
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2115183

reference_url

https://github.com/advisories/GHSA-vh55-786g-wjwj

reference_id

GHSA-vh55-786g-wjwj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vh55-786g-wjwj

reference_url	https://access.redhat.com/errata/RHSA-2022:6037
reference_id	RHSA-2022:6037
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6037

reference_url	https://access.redhat.com/errata/RHSA-2022:6038
reference_id	RHSA-2022:6038
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6038

reference_url	https://access.redhat.com/errata/RHSA-2022:6043
reference_id	RHSA-2022:6043
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6043

reference_url	https://access.redhat.com/errata/RHSA-2022:6057
reference_id	RHSA-2022:6057
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6057

reference_url	https://access.redhat.com/errata/RHSA-2022:6058
reference_id	RHSA-2022:6058
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6058

fixed_packages

aliases

CVE-2022-34716, GHSA-vh55-786g-wjwj, GMS-2024-75, GMS-2024-76, GMS-2024-77, GMS-2024-78, GMS-2024-79, GMS-2024-80, GMS-2024-81, GMS-2024-82, GMS-2024-83, GMS-2024-84, GMS-2024-85, GMS-2024-86, GMS-2024-90

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-rz8f-jn6b-a7fw

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/dotnet3.1@3.1.422-1%3Farch=el8_6

Package Instance