Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-2phd-tw5c-xbdb
Summaryhttp/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.
Aliases
0
alias CVE-2013-4366
1
alias GHSA-pqwh-44jj-p5rm
Fixed_packages
0
url pkg:deb/debian/httpcomponents-client@4.3.2-1?distro=trixie
purl pkg:deb/debian/httpcomponents-client@4.3.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/httpcomponents-client@4.3.2-1%3Fdistro=trixie
1
url pkg:deb/debian/httpcomponents-client@4.3.5-2
purl pkg:deb/debian/httpcomponents-client@4.3.5-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ur6-9s61-13a3
1
vulnerability VCID-mrdq-9pb2-3qb5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/httpcomponents-client@4.3.5-2
2
url pkg:deb/debian/httpcomponents-client@4.5.13-2?distro=trixie
purl pkg:deb/debian/httpcomponents-client@4.5.13-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/httpcomponents-client@4.5.13-2%3Fdistro=trixie
3
url pkg:deb/debian/httpcomponents-client@4.5.14-1?distro=trixie
purl pkg:deb/debian/httpcomponents-client@4.5.14-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/httpcomponents-client@4.5.14-1%3Fdistro=trixie
4
url pkg:maven/org.apache.httpcomponents/httpclient@4.3.1
purl pkg:maven/org.apache.httpcomponents/httpclient@4.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3bxq-vmjj-kqfe
1
vulnerability VCID-3ur6-9s61-13a3
2
vulnerability VCID-mrdq-9pb2-3qb5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.httpcomponents/httpclient@4.3.1
Affected_packages
0
url pkg:deb/debian/httpcomponents-client@4.0.1-1squeeze1
purl pkg:deb/debian/httpcomponents-client@4.0.1-1squeeze1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2phd-tw5c-xbdb
1
vulnerability VCID-3bxq-vmjj-kqfe
2
vulnerability VCID-3ur6-9s61-13a3
3
vulnerability VCID-mrdq-9pb2-3qb5
4
vulnerability VCID-qyy2-d6f6-gbaq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/httpcomponents-client@4.0.1-1squeeze1
1
url pkg:deb/debian/httpcomponents-client@4.1.1-2%2Bdeb7u1
purl pkg:deb/debian/httpcomponents-client@4.1.1-2%2Bdeb7u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2phd-tw5c-xbdb
1
vulnerability VCID-3bxq-vmjj-kqfe
2
vulnerability VCID-3ur6-9s61-13a3
3
vulnerability VCID-mrdq-9pb2-3qb5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/httpcomponents-client@4.1.1-2%252Bdeb7u1
2
url pkg:maven/org.apache.httpcomponents/httpclient@4.3
purl pkg:maven/org.apache.httpcomponents/httpclient@4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2phd-tw5c-xbdb
1
vulnerability VCID-3bxq-vmjj-kqfe
2
vulnerability VCID-3ur6-9s61-13a3
3
vulnerability VCID-mrdq-9pb2-3qb5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.httpcomponents/httpclient@4.3
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4366
reference_id
reference_type
scores
0
value 0.0129
scoring_system epss
scoring_elements 0.7985
published_at 2026-05-14T12:55:00Z
1
value 0.0129
scoring_system epss
scoring_elements 0.79691
published_at 2026-04-18T12:55:00Z
2
value 0.0129
scoring_system epss
scoring_elements 0.79694
published_at 2026-04-21T12:55:00Z
3
value 0.0129
scoring_system epss
scoring_elements 0.79725
published_at 2026-04-24T12:55:00Z
4
value 0.0129
scoring_system epss
scoring_elements 0.79731
published_at 2026-04-26T12:55:00Z
5
value 0.0129
scoring_system epss
scoring_elements 0.79746
published_at 2026-04-29T12:55:00Z
6
value 0.0129
scoring_system epss
scoring_elements 0.79761
published_at 2026-05-05T12:55:00Z
7
value 0.0129
scoring_system epss
scoring_elements 0.79785
published_at 2026-05-07T12:55:00Z
8
value 0.0129
scoring_system epss
scoring_elements 0.79801
published_at 2026-05-09T12:55:00Z
9
value 0.0129
scoring_system epss
scoring_elements 0.79797
published_at 2026-05-11T12:55:00Z
10
value 0.0129
scoring_system epss
scoring_elements 0.79812
published_at 2026-05-12T12:55:00Z
11
value 0.0129
scoring_system epss
scoring_elements 0.79613
published_at 2026-04-01T12:55:00Z
12
value 0.0129
scoring_system epss
scoring_elements 0.79619
published_at 2026-04-02T12:55:00Z
13
value 0.0129
scoring_system epss
scoring_elements 0.79641
published_at 2026-04-04T12:55:00Z
14
value 0.0129
scoring_system epss
scoring_elements 0.79627
published_at 2026-04-07T12:55:00Z
15
value 0.0129
scoring_system epss
scoring_elements 0.79656
published_at 2026-04-08T12:55:00Z
16
value 0.0129
scoring_system epss
scoring_elements 0.79664
published_at 2026-04-09T12:55:00Z
17
value 0.0129
scoring_system epss
scoring_elements 0.79684
published_at 2026-04-11T12:55:00Z
18
value 0.0129
scoring_system epss
scoring_elements 0.79669
published_at 2026-04-12T12:55:00Z
19
value 0.0129
scoring_system epss
scoring_elements 0.79662
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4366
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4366
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4366
2
reference_url https://github.com/apache/httpcomponents-client/commit/08140864e3e4c0994e094c4cf0507932baf6a66
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/httpcomponents-client/commit/08140864e3e4c0994e094c4cf0507932baf6a66
3
reference_url http://svn.apache.org/r1528614
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://svn.apache.org/r1528614
4
reference_url http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.3.x.txt
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.3.x.txt
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:httpclient:4.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:httpclient:4.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:httpclient:4.3:*:*:*:*:*:*:*
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:httpclient:4.3:alpha1:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:httpclient:4.3:alpha1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:httpclient:4.3:alpha1:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:httpclient:4.3:beta1:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:httpclient:4.3:beta1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:httpclient:4.3:beta1:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:httpclient:4.3:beta2:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:httpclient:4.3:beta2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:httpclient:4.3:beta2:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4366
reference_id CVE-2013-4366
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4366
10
reference_url https://github.com/advisories/GHSA-pqwh-44jj-p5rm
reference_id GHSA-pqwh-44jj-p5rm
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pqwh-44jj-p5rm
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score7.5 - 10.0
Exploitability0.5
Weighted_severity9.0
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-2phd-tw5c-xbdb