Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-b74t-ahas-6fav

Summary

dhowden tag panic due to out-of-bounds read
Due to improper bounds checking, a number of methods in dhowden tag before 0.0.0-20201120070457-d52dcb253c63 can trigger a panic due to attempted out-of-bounds reads. If the package is used to parse user supplied input, this may be used as a vector for a denial of service attack.

Aliases

alias	CVE-2020-29244

alias	GHSA-27mh-3343-6hg5

Fixed_packages

url	pkg:golang/github.com/dhowden/tag@0.0.0-20201120070457-d52dcb253c63
purl	pkg:golang/github.com/dhowden/tag@0.0.0-20201120070457-d52dcb253c63
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/dhowden/tag@0.0.0-20201120070457-d52dcb253c63

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-29244

reference_id

reference_type

scores

value	0.00285
scoring_system	epss
scoring_elements	0.52082
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-29244

reference_url

https://github.com/dhowden/tag

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dhowden/tag

reference_url

https://github.com/dhowden/tag/commit/4b595ed4fac79f467594aa92f8953f90f817116e

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dhowden/tag/commit/4b595ed4fac79f467594aa92f8953f90f817116e

reference_url

https://github.com/dhowden/tag/commit/6b18201aa5c5535511802ddfb4e4117686b4866d

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dhowden/tag/commit/6b18201aa5c5535511802ddfb4e4117686b4866d

reference_url

https://github.com/dhowden/tag/commit/a92213460e4838490ce3066ef11dc823cdc1740e

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dhowden/tag/commit/a92213460e4838490ce3066ef11dc823cdc1740e

reference_url

https://github.com/dhowden/tag/commit/d52dcb253c63a153632bfee5f269dd411dcd8e96

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dhowden/tag/commit/d52dcb253c63a153632bfee5f269dd411dcd8e96

reference_url

https://github.com/dhowden/tag/issues/79

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dhowden/tag/issues/79

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-29244

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-29244

reference_url

https://pkg.go.dev/vuln/GO-2021-0097

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pkg.go.dev/vuln/GO-2021-0097

Weaknesses

cwe_id	129
name	Improper Validation of Array Index
description	The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b74t-ahas-6fav

Vulnerability Instance