Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/receptor@1.6.2-1?arch=el9ap

Type rpm

Namespace redhat

Name receptor

Version 1.6.2-1

Qualifiers

arch	el9ap

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-cwjz-fga9-tubz

vulnerability_id

VCID-cwjz-fga9-tubz

summary

quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service (DoS) attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authentication and can be exploited during the handshake phase. This was observed in the wild with certain server implementations. quic-go needs to be able to handle misbehaving server implementations, including those that prematurely send a HANDSHAKE_DONE frame. Versions 0.49.0, 0.54.1, and 0.55.0 discard Initial keys when receiving a HANDSHAKE_DONE frame, thereby correctly handling premature HANDSHAKE_DONE frames.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59530.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59530.json

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59530
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59530

reference_url

https://github.com/quic-go/quic-go

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/quic-go/quic-go

reference_url

https://github.com/quic-go/quic-go/blob/v0.55.0/connection.go#L2682-L2685

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T16:31:32Z/

url

https://github.com/quic-go/quic-go/blob/v0.55.0/connection.go#L2682-L2685

reference_url

https://github.com/quic-go/quic-go/commit/bc5bccf10fd02728eef150683eb4dfaa5c0e749c

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/quic-go/quic-go/commit/bc5bccf10fd02728eef150683eb4dfaa5c0e749c

reference_url

https://github.com/quic-go/quic-go/commit/ce7c9ea8834b9d2ed79efa9269467f02c0895d42

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/quic-go/quic-go/commit/ce7c9ea8834b9d2ed79efa9269467f02c0895d42

reference_url

https://github.com/quic-go/quic-go/pull/5354

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T16:31:32Z/

url

https://github.com/quic-go/quic-go/pull/5354

reference_url

https://github.com/quic-go/quic-go/security/advisories/GHSA-47m2-4cr7-mhcw

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T16:31:32Z/

url

https://github.com/quic-go/quic-go/security/advisories/GHSA-47m2-4cr7-mhcw

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-59530

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-59530

reference_url

https://pkg.go.dev/vuln/GO-2025-4017

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pkg.go.dev/vuln/GO-2025-4017

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2403125
reference_id	2403125
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2403125

reference_url	https://access.redhat.com/errata/RHSA-2025:21706
reference_id	RHSA-2025:21706
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:21706

reference_url	https://access.redhat.com/errata/RHSA-2025:21768
reference_id	RHSA-2025:21768
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:21768

reference_url	https://access.redhat.com/errata/RHSA-2025:21775
reference_id	RHSA-2025:21775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:21775

reference_url	https://access.redhat.com/errata/RHSA-2025:21892
reference_id	RHSA-2025:21892
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:21892

reference_url	https://access.redhat.com/errata/RHSA-2025:22784
reference_id	RHSA-2025:22784
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22784

reference_url	https://access.redhat.com/errata/RHSA-2025:23069
reference_id	RHSA-2025:23069
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23069

reference_url	https://access.redhat.com/errata/RHSA-2025:23131
reference_id	RHSA-2025:23131
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23131

fixed_packages

aliases

CVE-2025-59530, GHSA-47m2-4cr7-mhcw

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-cwjz-fga9-tubz

url

VCID-whgc-pt2s-77ar

vulnerability_id

VCID-whgc-pt2s-77ar

summary

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460

reference_url

https://docs.djangoproject.com/en/dev/releases/security

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/dev/releases/security

reference_url

https://docs.djangoproject.com/en/dev/releases/security/

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/

url

https://docs.djangoproject.com/en/dev/releases/security/

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85

reference_url

https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4

reference_url

https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b

reference_url

https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241

reference_url

https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-108.yaml

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-108.yaml

reference_url

https://groups.google.com/g/django-announce

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/

url

https://groups.google.com/g/django-announce

reference_url

https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html

reference_url

https://www.djangoproject.com/weblog/2025/nov/05/security-releases

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2025/nov/05/security-releases

reference_url

https://www.djangoproject.com/weblog/2025/nov/05/security-releases/

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/

url

https://www.djangoproject.com/weblog/2025/nov/05/security-releases/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139
reference_id	1120139
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2412651
reference_id	2412651
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2412651

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py
reference_id	CVE-2025-64459
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-64459

reference_id

CVE-2025-64459

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-64459

reference_url

https://github.com/advisories/GHSA-frmv-pr5f-9mcr

reference_id

GHSA-frmv-pr5f-9mcr

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-frmv-pr5f-9mcr

reference_url	https://access.redhat.com/errata/RHSA-2025:23069
reference_id	RHSA-2025:23069
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23069

reference_url	https://access.redhat.com/errata/RHSA-2025:23070
reference_id	RHSA-2025:23070
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23070

reference_url	https://access.redhat.com/errata/RHSA-2025:23130
reference_id	RHSA-2025:23130
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23130

reference_url	https://access.redhat.com/errata/RHSA-2025:23131
reference_id	RHSA-2025:23131
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23131

reference_url	https://access.redhat.com/errata/RHSA-2025:23133
reference_id	RHSA-2025:23133
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23133

reference_url	https://access.redhat.com/errata/RHSA-2025:23196
reference_id	RHSA-2025:23196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23196

reference_url	https://access.redhat.com/errata/RHSA-2026:1596
reference_id	RHSA-2026:1596
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1596

reference_url	https://usn.ubuntu.com/7859-1/
reference_id	USN-7859-1
reference_type
scores
url	https://usn.ubuntu.com/7859-1/

fixed_packages

aliases

BIT-django-2025-64459, CVE-2025-64459, GHSA-frmv-pr5f-9mcr, PYSEC-2025-108

risk_score

10.0

exploitability

2.0

weighted_severity

9.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-whgc-pt2s-77ar

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/receptor@1.6.2-1%3Farch=el9ap

Package Instance