Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/rtslib-fb@2.1.63

Type pypi

Namespace

Name rtslib-fb

Version 2.1.63

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.1.73

Latest_non_vulnerable_version 2.1.73

Affected_by_vulnerabilities

url VCID-wcjb-xc6g-g7d4

vulnerability_id VCID-wcjb-xc6g-g7d4

summary Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00012.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00012.html

reference_url	https://github.com/open-iscsi/rtslib-fb/pull/162
reference_id
reference_type
scores
url	https://github.com/open-iscsi/rtslib-fb/pull/162

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNMCV2DJJTX345YYBXAMJBXNNVUZQ5UH/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNMCV2DJJTX345YYBXAMJBXNNVUZQ5UH/

fixed_packages

url	pkg:pypi/rtslib-fb@2.1.73
purl	pkg:pypi/rtslib-fb@2.1.73
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.73

aliases CVE-2020-14019, PYSEC-2020-250

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wcjb-xc6g-g7d4

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rtslib-fb@2.1.63

Package Instance