Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/18282?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/18282?format=api", "purl": "pkg:pypi/ansible@2.10.0a1", "type": "pypi", "namespace": "", "name": "ansible", "version": "2.10.0a1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.0.0", "latest_non_vulnerable_version": "12.0.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35653?format=api", "vulnerability_id": "VCID-am9g-ba4h-sfhr", "summary": "A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible-collections/community.aws/issues/222", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.aws/issues/222" }, { "reference_url": "https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25635", "reference_id": "CVE-2020-25635", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25635" }, { "reference_url": "https://github.com/advisories/GHSA-f556-49jc-4rvc", "reference_id": "GHSA-f556-49jc-4rvc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f556-49jc-4rvc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18528?format=api", "purl": "pkg:pypi/ansible@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.1" } ], "aliases": [ "CVE-2020-25635", "GHSA-f556-49jc-4rvc", "PYSEC-2020-220" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-am9g-ba4h-sfhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7307?format=api", "vulnerability_id": "VCID-hjc4-jcfm-7be5", "summary": "information disclosure", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956477" }, { "reference_url": "https://security.archlinux.org/AVG-2056", "reference_id": "AVG-2056", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2056" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22508?format=api", "purl": "pkg:pypi/ansible@3.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@3.0.0" } ], "aliases": [ "CVE-2021-3533", "PYSEC-2021-126" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hjc4-jcfm-7be5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35559?format=api", "vulnerability_id": "VCID-hs3w-mah1-ckb5", "summary": "An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744" }, { "reference_url": "https://github.com/advisories/GHSA-vp9j-rghq-8jhh", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vp9j-rghq-8jhh" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/77d0effcc5b2da1ef23e4ba32986a9759c27c10d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/77d0effcc5b2da1ef23e4ba32986a9759c27c10d" }, { "reference_url": "https://github.com/ansible/ansible/commit/84afa8e90cd168ff13208c8eae3e533ce7e21e1f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/84afa8e90cd168ff13208c8eae3e533ce7e21e1f" }, { "reference_url": "https://github.com/ansible/ansible/commit/ffd3757fc35468a97791e452e7f2d14c3e3fcb80", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/ffd3757fc35468a97791e452e7f2d14c3e3fcb80" }, { "reference_url": "https://github.com/ansible/ansible/issues/69782", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/69782" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-208.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-208.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10744", "reference_id": "CVE-2020-10744", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10744" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18293?format=api", "purl": "pkg:pypi/ansible@2.10.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0rc1" } ], "aliases": [ "CVE-2020-10744", "GHSA-vp9j-rghq-8jhh", "PYSEC-2020-208" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hs3w-mah1-ckb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35617?format=api", "vulnerability_id": "VCID-vhxq-1hqq-77bx", "summary": "An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330" }, { "reference_url": "https://github.com/advisories/GHSA-785x-qw4v-6872", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-785x-qw4v-6872" }, { "reference_url": "https://github.com/ansible/ansible/issues/68400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/68400" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18294?format=api", "purl": "pkg:pypi/ansible@2.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2z4k-r21v-rfgx" }, { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-p4p5-29r5-8qh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0" } ], "aliases": [ "CVE-2020-14330", "GHSA-785x-qw4v-6872", "PYSEC-2020-3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vhxq-1hqq-77bx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35516?format=api", "vulnerability_id": "VCID-x4mr-vrp9-ufg6", "summary": "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHBA-2020:0547", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHBA-2020:0547" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2020:1539", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHBA-2020:1539" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801804" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734" }, { "reference_url": "https://github.com/advisories/GHSA-h39q-95q5-9jfp", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h39q-95q5-9jfp" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/4f978af4ca16ad9828ffe42203b9615425195f8b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/4f978af4ca16ad9828ffe42203b9615425195f8b" }, { "reference_url": "https://github.com/ansible/ansible/commit/963bdd9983b91a48fb6949fb2ef41071e72d0be0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/963bdd9983b91a48fb6949fb2ef41071e72d0be0" }, { "reference_url": "https://github.com/ansible/ansible/commit/bff0724e9eab2770f874e018298f9ab74cc2a78f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/bff0724e9eab2770f874e018298f9ab74cc2a78f" }, { "reference_url": "https://github.com/ansible/ansible/commit/e5649ca3e807f17e7c034ee22791f107162973b0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/e5649ca3e807f17e7c034ee22791f107162973b0" }, { "reference_url": "https://github.com/ansible/ansible/issues/67792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/67792" }, { "reference_url": "https://github.com/ansible/ansible/issues/70159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/70159" }, { "reference_url": "https://github.com/ansible/ansible/pull/70596", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/70596" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-6.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-6.yaml" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2020-1734", "reference_id": "CVE-2020-1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2020-1734" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1734", "reference_id": "CVE-2020-1734", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1734" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18293?format=api", "purl": "pkg:pypi/ansible@2.10.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am9g-ba4h-sfhr" }, { "vulnerability": "VCID-hjc4-jcfm-7be5" }, { "vulnerability": "VCID-vhxq-1hqq-77bx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0rc1" } ], "aliases": [ "CVE-2020-1734", "GHSA-h39q-95q5-9jfp", "PYSEC-2020-6" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x4mr-vrp9-ufg6" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0a1" }