Lookup for vulnerable packages by Package URL.
| Purl | pkg:pypi/privacyidea@2.6.dev4 |
|---|
| Type | pypi |
|---|
| Namespace | |
|---|
| Name | privacyidea |
|---|
| Version | 2.6.dev4 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | true |
|---|
| Next_non_vulnerable_version | 2.23.2 |
|---|
| Latest_non_vulnerable_version | 2.23.2 |
|---|
| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-tusy-zs8z-bfgm |
| vulnerability_id |
VCID-tusy-zs8z-bfgm |
| summary |
privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http request with user=<space>&pass= to /validate/check url. This vulnerability appears to have been fixed in 2.23.2. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-1000809, GHSA-7qqv-r2q4-jxhm, PYSEC-2018-20
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tusy-zs8z-bfgm |
|
|
|---|
| Fixing_vulnerabilities |
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:pypi/privacyidea@2.6.dev4 |
|---|