Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/ansible@2.10.1
Typepypi
Namespace
Nameansible
Version2.10.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.0.0
Latest_non_vulnerable_version12.0.0
Affected_by_vulnerabilities
0
url VCID-hjc4-jcfm-7be5
vulnerability_id VCID-hjc4-jcfm-7be5
summary information disclosure
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1956477
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1956477
1
reference_url https://security.archlinux.org/AVG-2056
reference_id AVG-2056
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2056
fixed_packages
0
url pkg:pypi/ansible@3.0.0
purl pkg:pypi/ansible@3.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@3.0.0
aliases CVE-2021-3533, PYSEC-2021-126
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hjc4-jcfm-7be5
1
url VCID-p4p5-29r5-8qh9
vulnerability_id VCID-p4p5-29r5-8qh9
summary A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1916813
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1916813
1
reference_url https://github.com/advisories/GHSA-8f4m-hccc-8qph
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-8f4m-hccc-8qph
fixed_packages
0
url pkg:pypi/ansible@2.10.7
purl pkg:pypi/ansible@2.10.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hjc4-jcfm-7be5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.7
aliases CVE-2021-20191, GHSA-8f4m-hccc-8qph, PYSEC-2021-124
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p4p5-29r5-8qh9
Fixing_vulnerabilities
0
url VCID-am9g-ba4h-sfhr
vulnerability_id VCID-am9g-ba4h-sfhr
summary A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635
1
reference_url https://github.com/ansible/ansible
reference_id
reference_type
scores
url https://github.com/ansible/ansible
2
reference_url https://github.com/ansible-collections/community.aws/issues/222
reference_id
reference_type
scores
url https://github.com/ansible-collections/community.aws/issues/222
3
reference_url https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094
reference_id
reference_type
scores
url https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25635
reference_id CVE-2020-25635
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-25635
6
reference_url https://github.com/advisories/GHSA-f556-49jc-4rvc
reference_id GHSA-f556-49jc-4rvc
reference_type
scores
url https://github.com/advisories/GHSA-f556-49jc-4rvc
fixed_packages
0
url pkg:pypi/ansible@2.10.1
purl pkg:pypi/ansible@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hjc4-jcfm-7be5
1
vulnerability VCID-p4p5-29r5-8qh9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.1
aliases CVE-2020-25635, GHSA-f556-49jc-4rvc, PYSEC-2020-220
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-am9g-ba4h-sfhr
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.1