Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/ansible@2.10.0rc1
Typepypi
Namespace
Nameansible
Version2.10.0rc1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.0.0
Latest_non_vulnerable_version12.0.0
Affected_by_vulnerabilities
0
url VCID-am9g-ba4h-sfhr
vulnerability_id VCID-am9g-ba4h-sfhr
summary A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635
1
reference_url https://github.com/ansible/ansible
reference_id
reference_type
scores
url https://github.com/ansible/ansible
2
reference_url https://github.com/ansible-collections/community.aws/issues/222
reference_id
reference_type
scores
url https://github.com/ansible-collections/community.aws/issues/222
3
reference_url https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094
reference_id
reference_type
scores
url https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25635
reference_id CVE-2020-25635
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-25635
6
reference_url https://github.com/advisories/GHSA-f556-49jc-4rvc
reference_id GHSA-f556-49jc-4rvc
reference_type
scores
url https://github.com/advisories/GHSA-f556-49jc-4rvc
fixed_packages
0
url pkg:pypi/ansible@2.10.1
purl pkg:pypi/ansible@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hjc4-jcfm-7be5
1
vulnerability VCID-p4p5-29r5-8qh9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.1
aliases CVE-2020-25635, GHSA-f556-49jc-4rvc, PYSEC-2020-220
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-am9g-ba4h-sfhr
1
url VCID-hjc4-jcfm-7be5
vulnerability_id VCID-hjc4-jcfm-7be5
summary information disclosure
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1956477
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1956477
1
reference_url https://security.archlinux.org/AVG-2056
reference_id AVG-2056
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2056
fixed_packages
0
url pkg:pypi/ansible@3.0.0
purl pkg:pypi/ansible@3.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@3.0.0
aliases CVE-2021-3533, PYSEC-2021-126
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hjc4-jcfm-7be5
2
url VCID-vhxq-1hqq-77bx
vulnerability_id VCID-vhxq-1hqq-77bx
summary An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330
1
reference_url https://github.com/advisories/GHSA-785x-qw4v-6872
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-785x-qw4v-6872
2
reference_url https://github.com/ansible/ansible/issues/68400
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/68400
fixed_packages
0
url pkg:pypi/ansible@2.10.0
purl pkg:pypi/ansible@2.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2z4k-r21v-rfgx
1
vulnerability VCID-am9g-ba4h-sfhr
2
vulnerability VCID-hjc4-jcfm-7be5
3
vulnerability VCID-p4p5-29r5-8qh9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0
aliases CVE-2020-14330, GHSA-785x-qw4v-6872, PYSEC-2020-3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vhxq-1hqq-77bx
Fixing_vulnerabilities
0
url VCID-hs3w-mah1-ckb5
vulnerability_id VCID-hs3w-mah1-ckb5
summary An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744
1
reference_url https://github.com/advisories/GHSA-vp9j-rghq-8jhh
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-vp9j-rghq-8jhh
2
reference_url https://github.com/ansible/ansible
reference_id
reference_type
scores
url https://github.com/ansible/ansible
3
reference_url https://github.com/ansible/ansible/commit/77d0effcc5b2da1ef23e4ba32986a9759c27c10d
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/77d0effcc5b2da1ef23e4ba32986a9759c27c10d
4
reference_url https://github.com/ansible/ansible/commit/84afa8e90cd168ff13208c8eae3e533ce7e21e1f
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/84afa8e90cd168ff13208c8eae3e533ce7e21e1f
5
reference_url https://github.com/ansible/ansible/commit/ffd3757fc35468a97791e452e7f2d14c3e3fcb80
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/ffd3757fc35468a97791e452e7f2d14c3e3fcb80
6
reference_url https://github.com/ansible/ansible/issues/69782
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/69782
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-208.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-208.yaml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10744
reference_id CVE-2020-10744
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-10744
fixed_packages
0
url pkg:pypi/ansible@2.8.0a1
purl pkg:pypi/ansible@2.8.0a1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-833d-up6b-rfe1
1
vulnerability VCID-8u2v-jtqe-dqg3
2
vulnerability VCID-am9g-ba4h-sfhr
3
vulnerability VCID-dkds-s3ad-cufa
4
vulnerability VCID-gm99-68bj-c3cz
5
vulnerability VCID-hjc4-jcfm-7be5
6
vulnerability VCID-hpqa-ysnc-b7dw
7
vulnerability VCID-p4p5-29r5-8qh9
8
vulnerability VCID-pqj1-u787-g3aj
9
vulnerability VCID-vhxq-1hqq-77bx
10
vulnerability VCID-w1ap-atw2-qbc8
11
vulnerability VCID-ykkx-swgs-vybn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.0a1
1
url pkg:pypi/ansible@2.8.13
purl pkg:pypi/ansible@2.8.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-833d-up6b-rfe1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-dkds-s3ad-cufa
5
vulnerability VCID-ec6s-8f24-9bh7
6
vulnerability VCID-gm99-68bj-c3cz
7
vulnerability VCID-hjc4-jcfm-7be5
8
vulnerability VCID-p4p5-29r5-8qh9
9
vulnerability VCID-pqj1-u787-g3aj
10
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.13
2
url pkg:pypi/ansible@2.9.10
purl pkg:pypi/ansible@2.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-8u2v-jtqe-dqg3
2
vulnerability VCID-am9g-ba4h-sfhr
3
vulnerability VCID-dkds-s3ad-cufa
4
vulnerability VCID-ec6s-8f24-9bh7
5
vulnerability VCID-gm99-68bj-c3cz
6
vulnerability VCID-hjc4-jcfm-7be5
7
vulnerability VCID-p4p5-29r5-8qh9
8
vulnerability VCID-pqj1-u787-g3aj
9
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.10
3
url pkg:pypi/ansible@2.9.12
purl pkg:pypi/ansible@2.9.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-8u2v-jtqe-dqg3
2
vulnerability VCID-am9g-ba4h-sfhr
3
vulnerability VCID-dkds-s3ad-cufa
4
vulnerability VCID-gm99-68bj-c3cz
5
vulnerability VCID-hjc4-jcfm-7be5
6
vulnerability VCID-p4p5-29r5-8qh9
7
vulnerability VCID-pqj1-u787-g3aj
8
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.12
4
url pkg:pypi/ansible@2.10.0rc1
purl pkg:pypi/ansible@2.10.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-am9g-ba4h-sfhr
1
vulnerability VCID-hjc4-jcfm-7be5
2
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0rc1
aliases CVE-2020-10744, GHSA-vp9j-rghq-8jhh, PYSEC-2020-208
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hs3w-mah1-ckb5
1
url VCID-x4mr-vrp9-ufg6
vulnerability_id VCID-x4mr-vrp9-ufg6
summary A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.
references
0
reference_url https://access.redhat.com/errata/RHBA-2020:0547
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHBA-2020:0547
1
reference_url https://access.redhat.com/errata/RHBA-2020:1539
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHBA-2020:1539
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1801804
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1801804
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734
4
reference_url https://github.com/advisories/GHSA-h39q-95q5-9jfp
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-h39q-95q5-9jfp
5
reference_url https://github.com/ansible/ansible
reference_id
reference_type
scores
url https://github.com/ansible/ansible
6
reference_url https://github.com/ansible/ansible/commit/4f978af4ca16ad9828ffe42203b9615425195f8b
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/4f978af4ca16ad9828ffe42203b9615425195f8b
7
reference_url https://github.com/ansible/ansible/commit/963bdd9983b91a48fb6949fb2ef41071e72d0be0
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/963bdd9983b91a48fb6949fb2ef41071e72d0be0
8
reference_url https://github.com/ansible/ansible/commit/bff0724e9eab2770f874e018298f9ab74cc2a78f
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/bff0724e9eab2770f874e018298f9ab74cc2a78f
9
reference_url https://github.com/ansible/ansible/commit/e5649ca3e807f17e7c034ee22791f107162973b0
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/e5649ca3e807f17e7c034ee22791f107162973b0
10
reference_url https://github.com/ansible/ansible/issues/67792
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67792
11
reference_url https://github.com/ansible/ansible/issues/70159
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/70159
12
reference_url https://github.com/ansible/ansible/pull/70596
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/70596
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-6.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-6.yaml
14
reference_url https://access.redhat.com/security/cve/CVE-2020-1734
reference_id CVE-2020-1734
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2020-1734
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1734
reference_id CVE-2020-1734
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-1734
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-833d-up6b-rfe1
1
vulnerability VCID-8u2v-jtqe-dqg3
2
vulnerability VCID-am9g-ba4h-sfhr
3
vulnerability VCID-cuq1-se5h-vygd
4
vulnerability VCID-dkds-s3ad-cufa
5
vulnerability VCID-gm99-68bj-c3cz
6
vulnerability VCID-hjc4-jcfm-7be5
7
vulnerability VCID-hpqa-ysnc-b7dw
8
vulnerability VCID-hs3w-mah1-ckb5
9
vulnerability VCID-p4p5-29r5-8qh9
10
vulnerability VCID-pqj1-u787-g3aj
11
vulnerability VCID-vhxq-1hqq-77bx
12
vulnerability VCID-ykkx-swgs-vybn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.13
purl pkg:pypi/ansible@2.8.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-833d-up6b-rfe1
2
vulnerability VCID-8u2v-jtqe-dqg3
3
vulnerability VCID-am9g-ba4h-sfhr
4
vulnerability VCID-dkds-s3ad-cufa
5
vulnerability VCID-ec6s-8f24-9bh7
6
vulnerability VCID-gm99-68bj-c3cz
7
vulnerability VCID-hjc4-jcfm-7be5
8
vulnerability VCID-p4p5-29r5-8qh9
9
vulnerability VCID-pqj1-u787-g3aj
10
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.13
2
url pkg:pypi/ansible@2.9.11
purl pkg:pypi/ansible@2.9.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t77-f231-6ffg
1
vulnerability VCID-8u2v-jtqe-dqg3
2
vulnerability VCID-am9g-ba4h-sfhr
3
vulnerability VCID-dkds-s3ad-cufa
4
vulnerability VCID-ec6s-8f24-9bh7
5
vulnerability VCID-gm99-68bj-c3cz
6
vulnerability VCID-hjc4-jcfm-7be5
7
vulnerability VCID-p4p5-29r5-8qh9
8
vulnerability VCID-pqj1-u787-g3aj
9
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.11
3
url pkg:pypi/ansible@2.10.0rc1
purl pkg:pypi/ansible@2.10.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-am9g-ba4h-sfhr
1
vulnerability VCID-hjc4-jcfm-7be5
2
vulnerability VCID-vhxq-1hqq-77bx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0rc1
aliases CVE-2020-1734, GHSA-h39q-95q5-9jfp, PYSEC-2020-6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x4mr-vrp9-ufg6
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0rc1