Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-7k3x-hspm-2bh1

Summary The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input.

Aliases

alias	CVE-2024-8445

Fixed_packages

url pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie

purl pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mdk-bqm7-mkeu

vulnerability	VCID-7dna-4mcn-jqd5

vulnerability	VCID-ft29-jr9j-jbbm

vulnerability	VCID-k27f-tsq5-73fn

vulnerability	VCID-ud9m-jz3k-bfhm

vulnerability	VCID-vadc-mdbp-q3g9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie

url	pkg:deb/debian/389-ds-base@1.4.4.11-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/389-ds-base@1.4.4.11-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/389-ds-base@2.0.11-1?distro=trixie
purl	pkg:deb/debian/389-ds-base@2.0.11-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.0.11-1%3Fdistro=trixie

url pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1

purl pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mdk-bqm7-mkeu

vulnerability	VCID-7dna-4mcn-jqd5

vulnerability	VCID-ft29-jr9j-jbbm

vulnerability	VCID-k27f-tsq5-73fn

vulnerability	VCID-ud9m-jz3k-bfhm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1

url pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mdk-bqm7-mkeu

vulnerability	VCID-7dna-4mcn-jqd5

vulnerability	VCID-ft29-jr9j-jbbm

vulnerability	VCID-k27f-tsq5-73fn

vulnerability	VCID-ud9m-jz3k-bfhm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie
purl	pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/389-ds-base@1.3.3.5-4

purl pkg:deb/debian/389-ds-base@1.3.3.5-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ncv-1mvn-3ua2

vulnerability	VCID-3182-86wa-ffgn

vulnerability	VCID-4gwa-5ha9-2yep

vulnerability	VCID-6668-ae1t-43bn

vulnerability	VCID-7k3x-hspm-2bh1

vulnerability	VCID-8d2y-q7qm-ukba

vulnerability	VCID-92hm-bx5r-2kb5

vulnerability	VCID-cuaw-efm3-5kb6

vulnerability	VCID-f4xw-eaee-tbaf

vulnerability	VCID-fe6s-f2sw-tbdb

vulnerability	VCID-kgfj-ur5s-97hd

vulnerability	VCID-kyw9-xd61-effu

vulnerability	VCID-m9ab-q9cx-suhk

vulnerability	VCID-pqup-v2we-kqat

vulnerability	VCID-qybp-25x7-6fak

vulnerability	VCID-sfpm-3ead-t7ds

vulnerability	VCID-svne-c12c-hucb

vulnerability	VCID-sz1r-ts2d-uqam

vulnerability	VCID-ta8n-wu4n-qqfq

vulnerability	VCID-tjhk-xzr6-p7dx

vulnerability	VCID-twz6-mtum-qbck

vulnerability	VCID-u5q1-nkup-f7ga

vulnerability	VCID-uz8q-6ydj-x3cu

vulnerability	VCID-v1ut-bxzt-kqet

vulnerability	VCID-v94q-q9gt-zkcq

vulnerability	VCID-wvqp-u8kz-8bd4

vulnerability	VCID-xryf-2vae-j7gk

vulnerability	VCID-xv3p-gza9-4bcg

vulnerability	VCID-yrgr-fu6h-ykh9

vulnerability	VCID-ytmc-t4we-y7gr

vulnerability	VCID-znf9-cydr-nqbm

vulnerability	VCID-zrba-h7st-jbgz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.3.5-4

url pkg:deb/debian/389-ds-base@1.3.5.17-2

purl pkg:deb/debian/389-ds-base@1.3.5.17-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ncv-1mvn-3ua2

vulnerability	VCID-3182-86wa-ffgn

vulnerability	VCID-4gwa-5ha9-2yep

vulnerability	VCID-6668-ae1t-43bn

vulnerability	VCID-7k3x-hspm-2bh1

vulnerability	VCID-8d2y-q7qm-ukba

vulnerability	VCID-f4xw-eaee-tbaf

vulnerability	VCID-fe6s-f2sw-tbdb

vulnerability	VCID-kgfj-ur5s-97hd

vulnerability	VCID-kyw9-xd61-effu

vulnerability	VCID-pqup-v2we-kqat

vulnerability	VCID-sfpm-3ead-t7ds

vulnerability	VCID-svne-c12c-hucb

vulnerability	VCID-sz1r-ts2d-uqam

vulnerability	VCID-ta8n-wu4n-qqfq

vulnerability	VCID-tjhk-xzr6-p7dx

vulnerability	VCID-twz6-mtum-qbck

vulnerability	VCID-uz8q-6ydj-x3cu

vulnerability	VCID-v1ut-bxzt-kqet

vulnerability	VCID-v94q-q9gt-zkcq

vulnerability	VCID-wvqp-u8kz-8bd4

vulnerability	VCID-xryf-2vae-j7gk

vulnerability	VCID-xv3p-gza9-4bcg

vulnerability	VCID-znf9-cydr-nqbm

vulnerability	VCID-zrba-h7st-jbgz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.5.17-2

url pkg:deb/debian/389-ds-base@1.4.0.21-1

purl pkg:deb/debian/389-ds-base@1.4.0.21-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4gwa-5ha9-2yep

vulnerability	VCID-6668-ae1t-43bn

vulnerability	VCID-7k3x-hspm-2bh1

vulnerability	VCID-8d2y-q7qm-ukba

vulnerability	VCID-f4xw-eaee-tbaf

vulnerability	VCID-fe6s-f2sw-tbdb

vulnerability	VCID-sfpm-3ead-t7ds

vulnerability	VCID-svne-c12c-hucb

vulnerability	VCID-sz1r-ts2d-uqam

vulnerability	VCID-twz6-mtum-qbck

vulnerability	VCID-uz8q-6ydj-x3cu

vulnerability	VCID-v1ut-bxzt-kqet

vulnerability	VCID-v94q-q9gt-zkcq

vulnerability	VCID-xv3p-gza9-4bcg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.0.21-1

url pkg:deb/debian/389-ds-base@1.4.4.11-2

purl pkg:deb/debian/389-ds-base@1.4.4.11-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4gwa-5ha9-2yep

vulnerability	VCID-5mdk-bqm7-mkeu

vulnerability	VCID-6668-ae1t-43bn

vulnerability	VCID-7dna-4mcn-jqd5

vulnerability	VCID-7k3x-hspm-2bh1

vulnerability	VCID-ft29-jr9j-jbbm

vulnerability	VCID-k27f-tsq5-73fn

vulnerability	VCID-sfpm-3ead-t7ds

vulnerability	VCID-svne-c12c-hucb

vulnerability	VCID-twz6-mtum-qbck

vulnerability	VCID-ud9m-jz3k-bfhm

vulnerability	VCID-uz8q-6ydj-x3cu

vulnerability	VCID-v1ut-bxzt-kqet

vulnerability	VCID-vadc-mdbp-q3g9

vulnerability	VCID-xv3p-gza9-4bcg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2

url pkg:rpm/redhat/389-ds-base@1.3.11.1-7?arch=el7_9

purl pkg:rpm/redhat/389-ds-base@1.3.11.1-7?arch=el7_9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k3x-hspm-2bh1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/389-ds-base@1.3.11.1-7%3Farch=el7_9

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8445.json

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8445.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-8445

reference_id

reference_type

scores

value	0.00076
scoring_system	epss
scoring_elements	0.23034
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-8445

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8445
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8445

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082852
reference_id	1082852
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082852

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2310110

reference_id

2310110

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T19:58:06Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2310110

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11
reference_id	cpe:/a:redhat:directory_server:11
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:12
reference_id	cpe:/a:redhat:directory_server:12
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:12

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id	cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id	cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7
reference_id	cpe:/o:redhat:rhel_els:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7

reference_url

https://access.redhat.com/security/cve/CVE-2024-8445

reference_id

CVE-2024-8445

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T19:58:06Z/

url

https://access.redhat.com/security/cve/CVE-2024-8445

reference_url

https://access.redhat.com/errata/RHSA-2024:7434

reference_id

RHSA-2024:7434

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T19:58:06Z/

url

https://access.redhat.com/errata/RHSA-2024:7434

Weaknesses

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Exploits

Severity_range_score 5.7 - 5.7

Exploitability 0.5

Weighted_severity 5.1

Risk_score 2.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7k3x-hspm-2bh1

Vulnerability Instance