Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/ansible@2.10.0
Typepypi
Namespace
Nameansible
Version2.10.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.0.0
Latest_non_vulnerable_version3.0.0
Affected_by_vulnerabilities
0
url VCID-2z4k-r21v-rfgx
vulnerability_id VCID-2z4k-r21v-rfgx
summary A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736
1
reference_url https://github.com/advisories/GHSA-x7jh-595q-wq82
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-x7jh-595q-wq82
2
reference_url https://github.com/ansible/ansible
reference_id
reference_type
scores
url https://github.com/ansible/ansible
3
reference_url https://github.com/ansible/ansible/issues/67794
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67794
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-8.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-8.yaml
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/
9
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1736
reference_id CVE-2020-1736
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-1736
fixed_packages
aliases CVE-2020-1736, GHSA-x7jh-595q-wq82, PYSEC-2020-8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2z4k-r21v-rfgx
1
url VCID-am9g-ba4h-sfhr
vulnerability_id VCID-am9g-ba4h-sfhr
summary A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635
1
reference_url https://github.com/ansible/ansible
reference_id
reference_type
scores
url https://github.com/ansible/ansible
2
reference_url https://github.com/ansible-collections/community.aws/issues/222
reference_id
reference_type
scores
url https://github.com/ansible-collections/community.aws/issues/222
3
reference_url https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094
reference_id
reference_type
scores
url https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25635
reference_id CVE-2020-25635
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-25635
6
reference_url https://github.com/advisories/GHSA-f556-49jc-4rvc
reference_id GHSA-f556-49jc-4rvc
reference_type
scores
url https://github.com/advisories/GHSA-f556-49jc-4rvc
fixed_packages
0
url pkg:pypi/ansible@2.10.1
purl pkg:pypi/ansible@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hjc4-jcfm-7be5
1
vulnerability VCID-p4p5-29r5-8qh9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.1
aliases CVE-2020-25635, GHSA-f556-49jc-4rvc, PYSEC-2020-220
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-am9g-ba4h-sfhr
2
url VCID-hjc4-jcfm-7be5
vulnerability_id VCID-hjc4-jcfm-7be5
summary information disclosure
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1956477
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1956477
1
reference_url https://security.archlinux.org/AVG-2056
reference_id AVG-2056
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2056
fixed_packages
0
url pkg:pypi/ansible@3.0.0
purl pkg:pypi/ansible@3.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@3.0.0
aliases CVE-2021-3533, PYSEC-2021-126
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hjc4-jcfm-7be5
3
url VCID-p4p5-29r5-8qh9
vulnerability_id VCID-p4p5-29r5-8qh9
summary A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1916813
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1916813
1
reference_url https://github.com/advisories/GHSA-8f4m-hccc-8qph
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-8f4m-hccc-8qph
fixed_packages
0
url pkg:pypi/ansible@2.10.7
purl pkg:pypi/ansible@2.10.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hjc4-jcfm-7be5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.7
aliases CVE-2021-20191, GHSA-8f4m-hccc-8qph, PYSEC-2021-124
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p4p5-29r5-8qh9
Fixing_vulnerabilities
0
url VCID-vhxq-1hqq-77bx
vulnerability_id VCID-vhxq-1hqq-77bx
summary An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330
1
reference_url https://github.com/advisories/GHSA-785x-qw4v-6872
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-785x-qw4v-6872
2
reference_url https://github.com/ansible/ansible/issues/68400
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/68400
fixed_packages
0
url pkg:pypi/ansible@2.10.0
purl pkg:pypi/ansible@2.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2z4k-r21v-rfgx
1
vulnerability VCID-am9g-ba4h-sfhr
2
vulnerability VCID-hjc4-jcfm-7be5
3
vulnerability VCID-p4p5-29r5-8qh9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0
aliases CVE-2020-14330, GHSA-785x-qw4v-6872, PYSEC-2020-3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vhxq-1hqq-77bx
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0