Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-gu2y-9qzw-8ke4

Summary Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.

Aliases

alias	CVE-2023-3823

Fixed_packages

url	pkg:apk/alpine/php8@8.0.30-r0?arch=x86_64&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/php8@8.0.30-r0?arch=x86_64&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php8@8.0.30-r0%3Farch=x86_64&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/php8@8.0.30-r0?arch=aarch64&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/php8@8.0.30-r0?arch=aarch64&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php8@8.0.30-r0%3Farch=aarch64&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/php8@8.0.30-r0?arch=armhf&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/php8@8.0.30-r0?arch=armhf&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php8@8.0.30-r0%3Farch=armhf&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/php8@8.0.30-r0?arch=armv7&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/php8@8.0.30-r0?arch=armv7&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php8@8.0.30-r0%3Farch=armv7&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/php8@8.0.30-r0?arch=ppc64le&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/php8@8.0.30-r0?arch=ppc64le&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php8@8.0.30-r0%3Farch=ppc64le&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/php8@8.0.30-r0?arch=s390x&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/php8@8.0.30-r0?arch=s390x&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php8@8.0.30-r0%3Farch=s390x&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/php8@8.0.30-r0?arch=x86&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/php8@8.0.30-r0?arch=x86&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php8@8.0.30-r0%3Farch=x86&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/php81@8.1.22-r0?arch=armhf&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/php81@8.1.22-r0?arch=armhf&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.22-r0%3Farch=armhf&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/php81@8.1.22-r0?arch=aarch64&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/php81@8.1.22-r0?arch=aarch64&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.22-r0%3Farch=aarch64&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/php81@8.1.22-r0?arch=armv7&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/php81@8.1.22-r0?arch=armv7&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.22-r0%3Farch=armv7&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/php81@8.1.22-r0?arch=ppc64le&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/php81@8.1.22-r0?arch=ppc64le&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.22-r0%3Farch=ppc64le&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/php81@8.1.22-r0?arch=s390x&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/php81@8.1.22-r0?arch=s390x&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.22-r0%3Farch=s390x&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/php81@8.1.22-r0?arch=x86&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/php81@8.1.22-r0?arch=x86&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.22-r0%3Farch=x86&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/php81@8.1.22-r0?arch=x86_64&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/php81@8.1.22-r0?arch=x86_64&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.22-r0%3Farch=x86_64&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/php81@8.1.22-r0?arch=aarch64&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/php81@8.1.22-r0?arch=aarch64&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.22-r0%3Farch=aarch64&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/php81@8.1.22-r0?arch=armhf&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/php81@8.1.22-r0?arch=armhf&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.22-r0%3Farch=armhf&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/php81@8.1.22-r0?arch=armv7&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/php81@8.1.22-r0?arch=armv7&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.22-r0%3Farch=armv7&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/php81@8.1.22-r0?arch=ppc64le&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/php81@8.1.22-r0?arch=ppc64le&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.22-r0%3Farch=ppc64le&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/php81@8.1.22-r0?arch=s390x&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/php81@8.1.22-r0?arch=s390x&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.22-r0%3Farch=s390x&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/php81@8.1.22-r0?arch=x86&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/php81@8.1.22-r0?arch=x86&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.22-r0%3Farch=x86&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/php81@8.1.22-r0?arch=x86_64&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/php81@8.1.22-r0?arch=x86_64&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.22-r0%3Farch=x86_64&distroversion=v3.16&reponame=community

url	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye
purl	pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye

url	pkg:deb/debian/php8.2@8.2.18-1~deb12u1?distro=bookworm
purl	pkg:deb/debian/php8.2@8.2.18-1~deb12u1?distro=bookworm
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.18-1~deb12u1%3Fdistro=bookworm

url	pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm
purl	pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm

url	pkg:ebuild/dev-lang/php@8.1
purl	pkg:ebuild/dev-lang/php@8.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@8.1

url	pkg:ebuild/dev-lang/php@8.1.29
purl	pkg:ebuild/dev-lang/php@8.1.29
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@8.1.29

url	pkg:ebuild/dev-lang/php@8.2.20
purl	pkg:ebuild/dev-lang/php@8.2.20
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@8.2.20

url	pkg:ebuild/dev-lang/php@8.3.8
purl	pkg:ebuild/dev-lang/php@8.3.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@8.3.8

Affected_packages

url pkg:rpm/redhat/php@8.0.30-1?arch=el9_2

purl pkg:rpm/redhat/php@8.0.30-1?arch=el9_2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9p3x-8hp1-2bge

vulnerability	VCID-a21g-6nbb-fbb1

vulnerability	VCID-g2sk-sa2j-dkcv

vulnerability	VCID-gu2y-9qzw-8ke4

vulnerability	VCID-h7pk-y5gm-kyg7

vulnerability	VCID-vz8y-te3y-gqhp

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@8.0.30-1%3Farch=el9_2

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3823.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3823.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3823

reference_id

reference_type

scores

value	0.00343
scoring_system	epss
scoring_elements	0.56953
published_at	2026-04-02T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56975
published_at	2026-04-04T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.5695
published_at	2026-04-07T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.57002
published_at	2026-04-08T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.57004
published_at	2026-04-09T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.57012
published_at	2026-04-11T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56991
published_at	2026-04-12T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56968
published_at	2026-04-13T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56997
published_at	2026-04-16T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56994
published_at	2026-04-18T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.5697
published_at	2026-04-21T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.5691
published_at	2026-04-24T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56928
published_at	2026-04-26T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56912
published_at	2026-04-29T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56866
published_at	2026-05-05T12:55:00Z

value	0.00604
scoring_system	epss
scoring_elements	0.69771
published_at	2026-05-14T12:55:00Z

value	0.00604
scoring_system	epss
scoring_elements	0.69693
published_at	2026-05-07T12:55:00Z

value	0.00604
scoring_system	epss
scoring_elements	0.69726
published_at	2026-05-09T12:55:00Z

value	0.00604
scoring_system	epss
scoring_elements	0.69696
published_at	2026-05-11T12:55:00Z

value	0.00604
scoring_system	epss
scoring_elements	0.69722
published_at	2026-05-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3823

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2756
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2756

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3096
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3096

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043477
reference_id	1043477
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043477

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2229396
reference_id	2229396
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2229396

reference_url	https://security.gentoo.org/glsa/202408-32
reference_id	GLSA-202408-32
reference_type
scores
url	https://security.gentoo.org/glsa/202408-32

reference_url	https://access.redhat.com/errata/RHSA-2023:5926
reference_id	RHSA-2023:5926
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5926

reference_url	https://access.redhat.com/errata/RHSA-2023:5927
reference_id	RHSA-2023:5927
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5927

reference_url	https://access.redhat.com/errata/RHSA-2024:0387
reference_id	RHSA-2024:0387
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0387

reference_url	https://access.redhat.com/errata/RHSA-2024:10952
reference_id	RHSA-2024:10952
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10952

reference_url	https://usn.ubuntu.com/6305-1/
reference_id	USN-6305-1
reference_type
scores
url	https://usn.ubuntu.com/6305-1/

reference_url	https://usn.ubuntu.com/6305-2/
reference_id	USN-6305-2
reference_type
scores
url	https://usn.ubuntu.com/6305-2/

Weaknesses

cwe_id	611
name	Improper Restriction of XML External Entity Reference
description	The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

Exploits

Severity_range_score 7.5 - 7.5

Exploitability 0.5

Weighted_severity 6.8

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gu2y-9qzw-8ke4

Vulnerability Instance