Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-t5gr-yesx-hqah
Summarysssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
Aliases
0
alias CVE-2022-4254
Fixed_packages
0
url pkg:deb/debian/sssd@2.3.1-1?distro=trixie
purl pkg:deb/debian/sssd@2.3.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/sssd@2.3.1-1%3Fdistro=trixie
1
url pkg:deb/debian/sssd@2.4.1-2?distro=trixie
purl pkg:deb/debian/sssd@2.4.1-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ztj4-pvvh-wuay
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/sssd@2.4.1-2%3Fdistro=trixie
2
url pkg:deb/debian/sssd@2.4.1-2
purl pkg:deb/debian/sssd@2.4.1-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r1m1-kp4g-pbc7
1
vulnerability VCID-t4w3-vj56-4fcq
2
vulnerability VCID-ztj4-pvvh-wuay
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/sssd@2.4.1-2
3
url pkg:deb/debian/sssd@2.8.2-4%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/sssd@2.8.2-4%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ztj4-pvvh-wuay
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/sssd@2.8.2-4%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/sssd@2.10.1-2?distro=trixie
purl pkg:deb/debian/sssd@2.10.1-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ztj4-pvvh-wuay
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/sssd@2.10.1-2%3Fdistro=trixie
5
url pkg:deb/debian/sssd@2.12.0-4?distro=trixie
purl pkg:deb/debian/sssd@2.12.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/sssd@2.12.0-4%3Fdistro=trixie
Affected_packages
0
url pkg:deb/debian/sssd@1.2.1-4%2Bsqueeze1
purl pkg:deb/debian/sssd@1.2.1-4%2Bsqueeze1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3sh2-437b-ayfj
1
vulnerability VCID-5hxw-dnz2-v7by
2
vulnerability VCID-bveu-ff3p-gfh7
3
vulnerability VCID-d4ke-65rx-13ac
4
vulnerability VCID-f5pv-qsd2-gkda
5
vulnerability VCID-jhrd-1f8g-6ueh
6
vulnerability VCID-kb5t-88br-5yh8
7
vulnerability VCID-r1m1-kp4g-pbc7
8
vulnerability VCID-t4w3-vj56-4fcq
9
vulnerability VCID-t5gr-yesx-hqah
10
vulnerability VCID-xpwr-fzex-m7fa
11
vulnerability VCID-yn22-35eg-1khb
12
vulnerability VCID-zee4-1xpd-27bc
13
vulnerability VCID-zz4w-9935-q3gc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/sssd@1.2.1-4%252Bsqueeze1
1
url pkg:deb/debian/sssd@1.8.4-2
purl pkg:deb/debian/sssd@1.8.4-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5hxw-dnz2-v7by
1
vulnerability VCID-bveu-ff3p-gfh7
2
vulnerability VCID-d4ke-65rx-13ac
3
vulnerability VCID-jhrd-1f8g-6ueh
4
vulnerability VCID-r1m1-kp4g-pbc7
5
vulnerability VCID-t4w3-vj56-4fcq
6
vulnerability VCID-t5gr-yesx-hqah
7
vulnerability VCID-xpwr-fzex-m7fa
8
vulnerability VCID-yn22-35eg-1khb
9
vulnerability VCID-zee4-1xpd-27bc
10
vulnerability VCID-zz4w-9935-q3gc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/sssd@1.8.4-2
2
url pkg:deb/debian/sssd@1.11.7-3
purl pkg:deb/debian/sssd@1.11.7-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5hxw-dnz2-v7by
1
vulnerability VCID-bveu-ff3p-gfh7
2
vulnerability VCID-jhrd-1f8g-6ueh
3
vulnerability VCID-r1m1-kp4g-pbc7
4
vulnerability VCID-t4w3-vj56-4fcq
5
vulnerability VCID-t5gr-yesx-hqah
6
vulnerability VCID-yn22-35eg-1khb
7
vulnerability VCID-zee4-1xpd-27bc
8
vulnerability VCID-zz4w-9935-q3gc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/sssd@1.11.7-3
3
url pkg:deb/debian/sssd@1.11.7.3-3~bpo70%2B1
purl pkg:deb/debian/sssd@1.11.7.3-3~bpo70%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5hxw-dnz2-v7by
1
vulnerability VCID-bveu-ff3p-gfh7
2
vulnerability VCID-jhrd-1f8g-6ueh
3
vulnerability VCID-r1m1-kp4g-pbc7
4
vulnerability VCID-t4w3-vj56-4fcq
5
vulnerability VCID-t5gr-yesx-hqah
6
vulnerability VCID-yn22-35eg-1khb
7
vulnerability VCID-zee4-1xpd-27bc
8
vulnerability VCID-zz4w-9935-q3gc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/sssd@1.11.7.3-3~bpo70%252B1
4
url pkg:deb/debian/sssd@1.15.0-3%2Bdeb9u1
purl pkg:deb/debian/sssd@1.15.0-3%2Bdeb9u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5hxw-dnz2-v7by
1
vulnerability VCID-bveu-ff3p-gfh7
2
vulnerability VCID-jhrd-1f8g-6ueh
3
vulnerability VCID-r1m1-kp4g-pbc7
4
vulnerability VCID-t4w3-vj56-4fcq
5
vulnerability VCID-t5gr-yesx-hqah
6
vulnerability VCID-yn22-35eg-1khb
7
vulnerability VCID-zee4-1xpd-27bc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/sssd@1.15.0-3%252Bdeb9u1
5
url pkg:deb/debian/sssd@1.16.3-3.2
purl pkg:deb/debian/sssd@1.16.3-3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5hxw-dnz2-v7by
1
vulnerability VCID-r1m1-kp4g-pbc7
2
vulnerability VCID-t4w3-vj56-4fcq
3
vulnerability VCID-t5gr-yesx-hqah
4
vulnerability VCID-yn22-35eg-1khb
5
vulnerability VCID-zee4-1xpd-27bc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/sssd@1.16.3-3.2
6
url pkg:rpm/redhat/sssd@1.16.5-10.el7_9?arch=15
purl pkg:rpm/redhat/sssd@1.16.5-10.el7_9?arch=15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t5gr-yesx-hqah
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/sssd@1.16.5-10.el7_9%3Farch=15
7
url pkg:rpm/redhat/sssd@2.2.0-19.el8_1?arch=3
purl pkg:rpm/redhat/sssd@2.2.0-19.el8_1?arch=3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t5gr-yesx-hqah
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/sssd@2.2.0-19.el8_1%3Farch=3
8
url pkg:rpm/redhat/sssd@2.2.3-20.el8_2?arch=2
purl pkg:rpm/redhat/sssd@2.2.3-20.el8_2?arch=2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t5gr-yesx-hqah
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/sssd@2.2.3-20.el8_2%3Farch=2
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4254.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4254.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4254
reference_id
reference_type
scores
0
value 0.00078
scoring_system epss
scoring_elements 0.23084
published_at 2026-05-14T12:55:00Z
1
value 0.00078
scoring_system epss
scoring_elements 0.23301
published_at 2026-04-02T12:55:00Z
2
value 0.00078
scoring_system epss
scoring_elements 0.23152
published_at 2026-04-21T12:55:00Z
3
value 0.00078
scoring_system epss
scoring_elements 0.2298
published_at 2026-04-24T12:55:00Z
4
value 0.00078
scoring_system epss
scoring_elements 0.22973
published_at 2026-04-26T12:55:00Z
5
value 0.00078
scoring_system epss
scoring_elements 0.22969
published_at 2026-04-29T12:55:00Z
6
value 0.00078
scoring_system epss
scoring_elements 0.22863
published_at 2026-05-05T12:55:00Z
7
value 0.00078
scoring_system epss
scoring_elements 0.22947
published_at 2026-05-07T12:55:00Z
8
value 0.00078
scoring_system epss
scoring_elements 0.23023
published_at 2026-05-09T12:55:00Z
9
value 0.00078
scoring_system epss
scoring_elements 0.22988
published_at 2026-05-11T12:55:00Z
10
value 0.00078
scoring_system epss
scoring_elements 0.23006
published_at 2026-05-12T12:55:00Z
11
value 0.00078
scoring_system epss
scoring_elements 0.23343
published_at 2026-04-04T12:55:00Z
12
value 0.00078
scoring_system epss
scoring_elements 0.23132
published_at 2026-04-07T12:55:00Z
13
value 0.00078
scoring_system epss
scoring_elements 0.23205
published_at 2026-04-08T12:55:00Z
14
value 0.00078
scoring_system epss
scoring_elements 0.23255
published_at 2026-04-09T12:55:00Z
15
value 0.00078
scoring_system epss
scoring_elements 0.23278
published_at 2026-04-11T12:55:00Z
16
value 0.00078
scoring_system epss
scoring_elements 0.2324
published_at 2026-04-12T12:55:00Z
17
value 0.00078
scoring_system epss
scoring_elements 0.23182
published_at 2026-04-13T12:55:00Z
18
value 0.00078
scoring_system epss
scoring_elements 0.23199
published_at 2026-04-16T12:55:00Z
19
value 0.00078
scoring_system epss
scoring_elements 0.23191
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4254
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4254
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4254
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2149894
reference_id 2149894
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-27T14:42:02Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2149894
5
reference_url https://github.com/SSSD/sssd/issues/5135
reference_id 5135
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-27T14:42:02Z/
url https://github.com/SSSD/sssd/issues/5135
6
reference_url https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274
reference_id a2b9a84460429181f2a4fa7e2bb5ab49fd561274
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-27T14:42:02Z/
url https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274
7
reference_url https://access.redhat.com/security/cve/CVE-2022-4254
reference_id CVE-2022-4254
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-27T14:42:02Z/
url https://access.redhat.com/security/cve/CVE-2022-4254
8
reference_url https://access.redhat.com/errata/RHSA-2023:0397
reference_id RHSA-2023:0397
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0397
9
reference_url https://access.redhat.com/errata/RHSA-2023:0403
reference_id RHSA-2023:0403
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0403
10
reference_url https://access.redhat.com/errata/RHSA-2023:0442
reference_id RHSA-2023:0442
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0442
11
reference_url https://usn.ubuntu.com/6156-1/
reference_id USN-6156-1
reference_type
scores
url https://usn.ubuntu.com/6156-1/
Weaknesses
0
cwe_id 90
name Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
description The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.
Exploits
Severity_range_score8.3 - 8.8
Exploitability0.5
Weighted_severity7.9
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-t5gr-yesx-hqah