Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-6g29-te13-kucu

Summary Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to arbitrary code execution.

Aliases

alias	CVE-2024-9026

Fixed_packages

url	pkg:apk/alpine/php81@8.1.30-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/php81@8.1.30-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.30-r0%3Farch=aarch64&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/php81@8.1.30-r0?arch=armhf&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/php81@8.1.30-r0?arch=armhf&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.30-r0%3Farch=armhf&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/php81@8.1.30-r0?arch=armv7&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/php81@8.1.30-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.30-r0%3Farch=armv7&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/php81@8.1.30-r0?arch=ppc64le&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/php81@8.1.30-r0?arch=ppc64le&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.30-r0%3Farch=ppc64le&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/php81@8.1.30-r0?arch=s390x&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/php81@8.1.30-r0?arch=s390x&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.30-r0%3Farch=s390x&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/php81@8.1.30-r0?arch=x86&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/php81@8.1.30-r0?arch=x86&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.30-r0%3Farch=x86&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/php81@8.1.30-r0?arch=x86_64&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/php81@8.1.30-r0?arch=x86_64&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.30-r0%3Farch=x86_64&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/php82@8.2.24-r0?arch=aarch64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/php82@8.2.24-r0?arch=aarch64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php82@8.2.24-r0%3Farch=aarch64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/php82@8.2.24-r0?arch=armhf&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/php82@8.2.24-r0?arch=armhf&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php82@8.2.24-r0%3Farch=armhf&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/php82@8.2.24-r0?arch=armv7&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/php82@8.2.24-r0?arch=armv7&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php82@8.2.24-r0%3Farch=armv7&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/php82@8.2.24-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/php82@8.2.24-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php82@8.2.24-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/php82@8.2.24-r0?arch=riscv64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/php82@8.2.24-r0?arch=riscv64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php82@8.2.24-r0%3Farch=riscv64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/php82@8.2.24-r0?arch=s390x&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/php82@8.2.24-r0?arch=s390x&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php82@8.2.24-r0%3Farch=s390x&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/php82@8.2.24-r0?arch=x86&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/php82@8.2.24-r0?arch=x86&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php82@8.2.24-r0%3Farch=x86&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/php82@8.2.24-r0?arch=x86_64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/php82@8.2.24-r0?arch=x86_64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php82@8.2.24-r0%3Farch=x86_64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/php83@8.3.12-r0?arch=armhf&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/php83@8.3.12-r0?arch=armhf&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php83@8.3.12-r0%3Farch=armhf&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/php83@8.3.12-r0?arch=aarch64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/php83@8.3.12-r0?arch=aarch64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php83@8.3.12-r0%3Farch=aarch64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/php83@8.3.12-r0?arch=armv7&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/php83@8.3.12-r0?arch=armv7&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php83@8.3.12-r0%3Farch=armv7&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/php83@8.3.12-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/php83@8.3.12-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php83@8.3.12-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/php83@8.3.12-r0?arch=riscv64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/php83@8.3.12-r0?arch=riscv64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php83@8.3.12-r0%3Farch=riscv64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/php83@8.3.12-r0?arch=s390x&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/php83@8.3.12-r0?arch=s390x&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php83@8.3.12-r0%3Farch=s390x&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/php83@8.3.12-r0?arch=x86&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/php83@8.3.12-r0?arch=x86&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php83@8.3.12-r0%3Farch=x86&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/php83@8.3.12-r0?arch=x86_64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/php83@8.3.12-r0?arch=x86_64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php83@8.3.12-r0%3Farch=x86_64&distroversion=v3.20&reponame=community

url	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye
purl	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye

url	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u6?distro=bullseye
purl	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u6?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u6%3Fdistro=bullseye

url	pkg:deb/debian/php8.2@8.2.24-1~deb12u1?distro=bookworm
purl	pkg:deb/debian/php8.2@8.2.24-1~deb12u1?distro=bookworm
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.24-1~deb12u1%3Fdistro=bookworm

url	pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm
purl	pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm

url	pkg:ebuild/dev-lang/php@8.1.30
purl	pkg:ebuild/dev-lang/php@8.1.30
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@8.1.30

url	pkg:ebuild/dev-lang/php@8.2.24
purl	pkg:ebuild/dev-lang/php@8.2.24
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@8.2.24

url	pkg:ebuild/dev-lang/php@8.3.12
purl	pkg:ebuild/dev-lang/php@8.3.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@8.3.12

Affected_packages

url pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5

purl pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1re1-15w4-cqeq

vulnerability	VCID-26ab-3bt8-jkf3

vulnerability	VCID-341r-8amt-z7dr

vulnerability	VCID-53h9-y2ns-jfh1

vulnerability	VCID-6g29-te13-kucu

vulnerability	VCID-7151-69v8-cqaj

vulnerability	VCID-7qqj-hp6m-z7bh

vulnerability	VCID-9byf-ymwr-eug8

vulnerability	VCID-bf18-3zx5-f7gr

vulnerability	VCID-e16f-4ynx-fqb9

vulnerability	VCID-fhh6-shuh-v3am

vulnerability	VCID-fyhr-st6h-eker

vulnerability	VCID-nrnn-pgxj-xugg

vulnerability	VCID-qyx5-b321-2udm

vulnerability	VCID-t862-kese-z7ae

vulnerability	VCID-ugx8-uqup-n3b4

vulnerability	VCID-uqrh-9nue-rqgx

vulnerability	VCID-uush-g6k9-9ffm

vulnerability	VCID-v42g-pabn-yqe7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5

url pkg:rpm/redhat/php@8.0.30-2?arch=el9

purl pkg:rpm/redhat/php@8.0.30-2?arch=el9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1re1-15w4-cqeq

vulnerability	VCID-341r-8amt-z7dr

vulnerability	VCID-53h9-y2ns-jfh1

vulnerability	VCID-6g29-te13-kucu

vulnerability	VCID-9byf-ymwr-eug8

vulnerability	VCID-dmvz-493v-mfdr

vulnerability	VCID-dqb9-fgsz-rycp

vulnerability	VCID-e16f-4ynx-fqb9

vulnerability	VCID-v42g-pabn-yqe7

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@8.0.30-2%3Farch=el9

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9026.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9026.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-9026

reference_id

reference_type

scores

value	0.00868
scoring_system	epss
scoring_elements	0.75354
published_at	2026-05-14T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75309
published_at	2026-05-09T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.7529
published_at	2026-05-11T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75298
published_at	2026-05-12T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75127
published_at	2026-04-02T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75157
published_at	2026-04-04T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75134
published_at	2026-04-07T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75168
published_at	2026-04-13T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.7518
published_at	2026-04-12T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75202
published_at	2026-04-21T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75206
published_at	2026-04-16T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75212
published_at	2026-04-18T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75239
published_at	2026-04-24T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75243
published_at	2026-04-26T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75247
published_at	2026-04-29T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75256
published_at	2026-05-05T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75284
published_at	2026-05-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-9026

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9026
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9026

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2317144
reference_id	2317144
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2317144

reference_url

https://github.com/php/php-src/security/advisories/GHSA-865w-9rf3-2wh5

reference_id

GHSA-865w-9rf3-2wh5

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T12:47:58Z/

url

https://github.com/php/php-src/security/advisories/GHSA-865w-9rf3-2wh5

reference_url	https://security.gentoo.org/glsa/202501-11
reference_id	GLSA-202501-11
reference_type
scores
url	https://security.gentoo.org/glsa/202501-11

reference_url	https://access.redhat.com/errata/RHSA-2024:10949
reference_id	RHSA-2024:10949
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10949

reference_url	https://access.redhat.com/errata/RHSA-2024:10950
reference_id	RHSA-2024:10950
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10950

reference_url	https://access.redhat.com/errata/RHSA-2024:10951
reference_id	RHSA-2024:10951
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10951

reference_url	https://access.redhat.com/errata/RHSA-2024:10952
reference_id	RHSA-2024:10952
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10952

reference_url	https://access.redhat.com/errata/RHSA-2025:7315
reference_id	RHSA-2025:7315
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7315

reference_url	https://usn.ubuntu.com/7049-1/
reference_id	USN-7049-1
reference_type
scores
url	https://usn.ubuntu.com/7049-1/

Weaknesses

cwe_id	117
name	Improper Output Neutralization for Logs
description	The product does not neutralize or incorrectly neutralizes output that is written to logs.

cwe_id	158
name	Improper Neutralization of Null Byte or NUL Character
description	The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component.

Exploits

Severity_range_score 3.3 - 3.3

Exploitability 0.5

Weighted_severity 3.0

Risk_score 1.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6g29-te13-kucu

Vulnerability Instance