Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/18265?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/18265?format=api", "purl": "pkg:pypi/ansible@2.9.19", "type": "pypi", "namespace": "", "name": "ansible", "version": "2.9.19", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.0.0", "latest_non_vulnerable_version": "3.0.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35653?format=api", "vulnerability_id": "VCID-am9g-ba4h-sfhr", "summary": "A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible-collections/community.aws/issues/222", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.aws/issues/222" }, { "reference_url": "https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25635", "reference_id": "CVE-2020-25635", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25635" }, { "reference_url": "https://github.com/advisories/GHSA-f556-49jc-4rvc", "reference_id": "GHSA-f556-49jc-4rvc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f556-49jc-4rvc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18528?format=api", "purl": "pkg:pypi/ansible@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.1" } ], "aliases": [ "CVE-2020-25635", "GHSA-f556-49jc-4rvc", "PYSEC-2020-220" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-am9g-ba4h-sfhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3444?format=api", "vulnerability_id": "VCID-dkds-s3ad-cufa", "summary": "information disclosure", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767" }, { "reference_url": "https://github.com/advisories/GHSA-4r65-35qq-ch8j", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4r65-35qq-ch8j" }, { "reference_url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes" }, { "reference_url": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0" }, { "reference_url": "https://security.archlinux.org/AVG-1941", "reference_id": "AVG-1941", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1941" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3620", "reference_id": "CVE-2021-3620", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3620" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18281?format=api", "purl": "pkg:pypi/ansible@2.9.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.27" } ], "aliases": [ "CVE-2021-3620", "GHSA-4r65-35qq-ch8j", "PYSEC-2022-164" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dkds-s3ad-cufa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7216?format=api", "vulnerability_id": "VCID-gm99-68bj-c3cz", "summary": "arbitrary command execution", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968412", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968412" }, { "reference_url": "https://github.com/advisories/GHSA-2pfh-q76x-gwvm", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2pfh-q76x-gwvm" }, { "reference_url": "https://security.archlinux.org/AVG-2260", "reference_id": "AVG-2260", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2260" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3583", "reference_id": "CVE-2021-3583", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3583" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18273?format=api", "purl": "pkg:pypi/ansible@2.9.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.23" } ], "aliases": [ "CVE-2021-3583", "GHSA-2pfh-q76x-gwvm", "PYSEC-2021-358" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gm99-68bj-c3cz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7307?format=api", "vulnerability_id": "VCID-hjc4-jcfm-7be5", "summary": "information disclosure", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956477" }, { "reference_url": "https://security.archlinux.org/AVG-2056", "reference_id": "AVG-2056", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2056" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22508?format=api", "purl": "pkg:pypi/ansible@3.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@3.0.0" } ], "aliases": [ "CVE-2021-3533", "PYSEC-2021-126" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hjc4-jcfm-7be5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35617?format=api", "vulnerability_id": "VCID-vhxq-1hqq-77bx", "summary": "An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330" }, { "reference_url": "https://github.com/advisories/GHSA-785x-qw4v-6872", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-785x-qw4v-6872" }, { "reference_url": "https://github.com/ansible/ansible/issues/68400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/68400" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18294?format=api", "purl": "pkg:pypi/ansible@2.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z4k-r21v-rfgx" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0" } ], "aliases": [ "CVE-2020-14330", "GHSA-785x-qw4v-6872", "PYSEC-2020-3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vhxq-1hqq-77bx" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35785?format=api", "vulnerability_id": "VCID-8u2v-jtqe-dqg3", "summary": "A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925002" }, { "reference_url": "https://github.com/advisories/GHSA-5rrg-rr89-x9mv", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5rrg-rr89-x9mv" }, { "reference_url": "https://github.com/ansible/ansible/pull/73487", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/73487" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18265?format=api", "purl": "pkg:pypi/ansible@2.9.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-dkds-s3ad-cufa" }, { "vulnerability": "VCID-gm99-68bj-c3cz" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.19" } ], "aliases": [ "CVE-2021-20228", "GHSA-5rrg-rr89-x9mv", "PYSEC-2021-1" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8u2v-jtqe-dqg3" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.19" }