Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/20613?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/20613?format=api", "purl": "pkg:pypi/octoprint@1.4.0rc2", "type": "pypi", "namespace": "", "name": "octoprint", "version": "1.4.0rc2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.11.0", "latest_non_vulnerable_version": "1.11.6", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9259?format=api", "vulnerability_id": "VCID-42qc-rtxt-b7an", "summary": "OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user's or - if the victim has admin permissions - the global API key without having to reauthenticate by re-entering the user account's password. An attacker could use a stolen API key to access OctoPrint through its API, or disrupt workflows depending on the API key they deleted. This vulnerability will be patched in version 1.10.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51493", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27797", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51493" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/OctoPrint/OctoPrint" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint/commit/9bc80d782d72881b16e20873dcd0b8314324c70c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/OctoPrint/OctoPrint/commit/9bc80d782d72881b16e20873dcd0b8314324c70c" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-cc6x-8cc7-9953", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-05T19:01:40Z/" } ], "url": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-cc6x-8cc7-9953" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-202.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-202.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51493", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51493" }, { "reference_url": "https://github.com/advisories/GHSA-cc6x-8cc7-9953", "reference_id": "GHSA-cc6x-8cc7-9953", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cc6x-8cc7-9953" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42694?format=api", "purl": "pkg:pypi/octoprint@1.10.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8egf-pvr4-ekb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.3" } ], "aliases": [ "CVE-2024-51493", "GHSA-cc6x-8cc7-9953", "PYSEC-2024-202" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-42qc-rtxt-b7an" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9126?format=api", "vulnerability_id": "VCID-4rdu-2qdw-skgk", "summary": "OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the `autologinLocal` option is enabled within `config.yaml`, even if they come from networks that are not configured as `localNetworks`, spoofing their IP via the `X-Forwarded-For` header. If autologin is not enabled, this vulnerability does not have any impact. The vulnerability has been patched in version 1.10.1. Until the patch has been applied, OctoPrint administrators who have autologin enabled on their instances should disable it and/or to make the instance inaccessible from potentially hostile networks like the internet.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32977", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.3062", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32977" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/OctoPrint/OctoPrint" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint/commit/5afbec8d23508edc25b0f1bdef1620580136add4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-15T13:21:43Z/" } ], "url": "https://github.com/OctoPrint/OctoPrint/commit/5afbec8d23508edc25b0f1bdef1620580136add4" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-2vjq-hg5w-5gm7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-15T13:21:43Z/" } ], "url": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-2vjq-hg5w-5gm7" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-237.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-237.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32977", "reference_id": "CVE-2024-32977", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32977" }, { "reference_url": "https://github.com/advisories/GHSA-2vjq-hg5w-5gm7", "reference_id": "GHSA-2vjq-hg5w-5gm7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2vjq-hg5w-5gm7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39924?format=api", "purl": "pkg:pypi/octoprint@1.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42qc-rtxt-b7an" }, { "vulnerability": "VCID-8egf-pvr4-ekb2" }, { "vulnerability": "VCID-y76e-1rfg-sqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.1" } ], "aliases": [ "CVE-2024-32977", "GHSA-2vjq-hg5w-5gm7", "PYSEC-2024-237" ], "risk_score": 4.2, "exploitability": "0.5", "weighted_severity": "8.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4rdu-2qdw-skgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8519?format=api", "vulnerability_id": "VCID-72nd-8ydv-zyaz", "summary": "If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2888", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14987", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2888" }, { "reference_url": "https://github.com/octoprint/octoprint", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/octoprint/octoprint" }, { "reference_url": "https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:05Z/" } ], "url": "https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-282.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-282.yaml" }, { "reference_url": "https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:05Z/" } ], "url": "https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2888", "reference_id": "CVE-2022-2888", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2888" }, { "reference_url": "https://github.com/advisories/GHSA-937f-qh3w-6g87", "reference_id": "GHSA-937f-qh3w-6g87", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-937f-qh3w-6g87" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27561?format=api", "purl": "pkg:pypi/octoprint@1.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42qc-rtxt-b7an" }, { "vulnerability": "VCID-4rdu-2qdw-skgk" }, { "vulnerability": "VCID-8egf-pvr4-ekb2" }, { "vulnerability": "VCID-a6rx-nu7r-tfhb" }, { "vulnerability": "VCID-ehrz-5ved-sbba" }, { "vulnerability": "VCID-r59d-6zpd-vkaa" }, { "vulnerability": "VCID-y76e-1rfg-sqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3" } ], "aliases": [ "CVE-2022-2888", "GHSA-937f-qh3w-6g87", "PYSEC-2022-282" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-72nd-8ydv-zyaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9385?format=api", "vulnerability_id": "VCID-8egf-pvr4-ekb2", "summary": "OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential future modifications to the codebase that might incorrectly rely on the vulnerable internal functions for authentication checks, leading to security vulnerabilities. This issue has been patched in version 1.11.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32788", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24854", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32788" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/OctoPrint/OctoPrint" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint/commit/41ff431014edfa18ca1a01897b10463934dc7fc2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T19:56:38Z/" } ], "url": "https://github.com/OctoPrint/OctoPrint/commit/41ff431014edfa18ca1a01897b10463934dc7fc2" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-qw93-h6pf-226x", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T19:56:38Z/" } ], "url": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-qw93-h6pf-226x" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2025-56.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2025-56.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32788", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32788" }, { "reference_url": "https://github.com/advisories/GHSA-qw93-h6pf-226x", "reference_id": "GHSA-qw93-h6pf-226x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qw93-h6pf-226x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43919?format=api", "purl": "pkg:pypi/octoprint@1.11.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.0" } ], "aliases": [ "CVE-2025-32788", "GHSA-qw93-h6pf-226x", "PYSEC-2025-56" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8egf-pvr4-ekb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8449?format=api", "vulnerability_id": "VCID-94gj-qvwx-m7c1", "summary": "Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2930", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00122", "scoring_system": "epss", "scoring_elements": "0.30902", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2930" }, { "reference_url": "https://github.com/octoprint/octoprint", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/octoprint/octoprint" }, { "reference_url": "https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-43142.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-43142.yaml" }, { "reference_url": "https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2930", "reference_id": "CVE-2022-2930", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2930" }, { "reference_url": "https://github.com/advisories/GHSA-39gf-864w-pxw4", "reference_id": "GHSA-39gf-864w-pxw4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-39gf-864w-pxw4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27561?format=api", "purl": "pkg:pypi/octoprint@1.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42qc-rtxt-b7an" }, { "vulnerability": "VCID-4rdu-2qdw-skgk" }, { "vulnerability": "VCID-8egf-pvr4-ekb2" }, { "vulnerability": "VCID-a6rx-nu7r-tfhb" }, { "vulnerability": "VCID-ehrz-5ved-sbba" }, { "vulnerability": "VCID-r59d-6zpd-vkaa" }, { "vulnerability": "VCID-y76e-1rfg-sqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3" } ], "aliases": [ "CVE-2022-2930", "GHSA-39gf-864w-pxw4", "PYSEC-2022-43142" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-94gj-qvwx-m7c1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8901?format=api", "vulnerability_id": "VCID-a6rx-nu7r-tfhb", "summary": "OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract data managed by OctoPrint, or manipulate data managed by OctoPrint, as well as execute arbitrary commands with the rights of the OctoPrint process on the server system. OctoPrint versions from 1.9.3 onward have been patched. Administrators of OctoPrint instances are advised to make sure they can trust all other administrators on their instance and to also not blindly configure arbitrary GCODE scripts found online or provided to them by third parties.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-41047", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34253", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-41047" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/OctoPrint/OctoPrint" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint/commit/d0072cff894509c77e243d6562245ad3079e17db", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T16:43:52Z/" } ], "url": "https://github.com/OctoPrint/OctoPrint/commit/d0072cff894509c77e243d6562245ad3079e17db" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint/releases/tag/1.9.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T16:43:52Z/" } ], "url": "https://github.com/OctoPrint/OctoPrint/releases/tag/1.9.3" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-fwfg-vprh-97ph", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T16:43:52Z/" } ], "url": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-fwfg-vprh-97ph" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2023-195.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2023-195.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41047", "reference_id": "CVE-2023-41047", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41047" }, { "reference_url": "https://github.com/advisories/GHSA-fwfg-vprh-97ph", "reference_id": "GHSA-fwfg-vprh-97ph", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fwfg-vprh-97ph" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35193?format=api", "purl": "pkg:pypi/octoprint@1.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42qc-rtxt-b7an" }, { "vulnerability": "VCID-4rdu-2qdw-skgk" }, { "vulnerability": "VCID-8egf-pvr4-ekb2" }, { "vulnerability": "VCID-ehrz-5ved-sbba" }, { "vulnerability": "VCID-r59d-6zpd-vkaa" }, { "vulnerability": "VCID-y76e-1rfg-sqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.9.3" } ], "aliases": [ "CVE-2023-41047", "GHSA-fwfg-vprh-97ph", "PYSEC-2023-195" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a6rx-nu7r-tfhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8376?format=api", "vulnerability_id": "VCID-bbaq-8mvf-fbfy", "summary": "Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1432", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.63171", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1432" }, { "reference_url": "https://github.com/advisories/GHSA-h8pc-j334-jjhm", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h8pc-j334-jjhm" }, { "reference_url": "https://github.com/octoprint/octoprint", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/octoprint/octoprint" }, { "reference_url": "https://github.com/octoprint/octoprint/commit/6d259d7e6f5b0de9a1c762831537a386e53978d3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/octoprint/octoprint/commit/6d259d7e6f5b0de9a1c762831537a386e53978d3" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-201.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-201.yaml" }, { "reference_url": "https://huntr.dev/bounties/cb545c63-a3c1-4d57-8f06-e4593ab389bf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/cb545c63-a3c1-4d57-8f06-e4593ab389bf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1432", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1432" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26519?format=api", "purl": "pkg:pypi/octoprint@1.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42qc-rtxt-b7an" }, { "vulnerability": "VCID-4rdu-2qdw-skgk" }, { "vulnerability": "VCID-72nd-8ydv-zyaz" }, { "vulnerability": "VCID-8egf-pvr4-ekb2" }, { "vulnerability": "VCID-94gj-qvwx-m7c1" }, { "vulnerability": "VCID-a6rx-nu7r-tfhb" }, { "vulnerability": "VCID-ehrz-5ved-sbba" }, { "vulnerability": "VCID-esc4-ussb-wycb" }, { "vulnerability": "VCID-kjta-w4nw-2ybr" }, { "vulnerability": "VCID-pwxz-emyt-rfbm" }, { "vulnerability": "VCID-r59d-6zpd-vkaa" }, { "vulnerability": "VCID-y76e-1rfg-sqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.0" } ], "aliases": [ "CVE-2022-1432", "GHSA-h8pc-j334-jjhm", "PYSEC-2022-201" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bbaq-8mvf-fbfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9048?format=api", "vulnerability_id": "VCID-ehrz-5ved-sbba", "summary": "OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an admin account might use this to lock out actual admins from their OctoPrint instance. The vulnerability will be patched in version 1.10.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23637", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10048", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23637" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/OctoPrint/OctoPrint" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint/commit/1729d167b4ae4a5835bbc7211b92c6828b1c4125", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T20:27:59Z/" } ], "url": "https://github.com/OctoPrint/OctoPrint/commit/1729d167b4ae4a5835bbc7211b92c6828b1c4125" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint/releases/tag/1.10.0rc1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T20:27:59Z/" } ], "url": "https://github.com/OctoPrint/OctoPrint/releases/tag/1.10.0rc1" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-5626-pw9c-hmjr", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T20:27:59Z/" } ], "url": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-5626-pw9c-hmjr" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-29.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-29.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23637", "reference_id": "CVE-2024-23637", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23637" }, { "reference_url": "https://github.com/advisories/GHSA-5626-pw9c-hmjr", "reference_id": "GHSA-5626-pw9c-hmjr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5626-pw9c-hmjr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38104?format=api", "purl": "pkg:pypi/octoprint@1.10.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42qc-rtxt-b7an" }, { "vulnerability": "VCID-4rdu-2qdw-skgk" }, { "vulnerability": "VCID-8egf-pvr4-ekb2" }, { "vulnerability": "VCID-r59d-6zpd-vkaa" }, { "vulnerability": "VCID-y76e-1rfg-sqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.0rc1" } ], "aliases": [ "CVE-2024-23637", "GHSA-5626-pw9c-hmjr", "PYSEC-2024-29" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ehrz-5ved-sbba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8567?format=api", "vulnerability_id": "VCID-esc4-ussb-wycb", "summary": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3607", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44478", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3607" }, { "reference_url": "https://github.com/octoprint/octoprint", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/octoprint/octoprint" }, { "reference_url": "https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-09T14:47:28Z/" } ], "url": "https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-42975.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-42975.yaml" }, { "reference_url": "https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-09T14:47:28Z/" } ], "url": "https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3607", "reference_id": "CVE-2022-3607", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3607" }, { "reference_url": "https://github.com/advisories/GHSA-rj5f-vm79-5j84", "reference_id": "GHSA-rj5f-vm79-5j84", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rj5f-vm79-5j84" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27561?format=api", "purl": "pkg:pypi/octoprint@1.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42qc-rtxt-b7an" }, { "vulnerability": "VCID-4rdu-2qdw-skgk" }, { "vulnerability": "VCID-8egf-pvr4-ekb2" }, { "vulnerability": "VCID-a6rx-nu7r-tfhb" }, { "vulnerability": "VCID-ehrz-5ved-sbba" }, { "vulnerability": "VCID-r59d-6zpd-vkaa" }, { "vulnerability": "VCID-y76e-1rfg-sqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3" } ], "aliases": [ "CVE-2022-3607", "GHSA-rj5f-vm79-5j84", "PYSEC-2022-42975" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-esc4-ussb-wycb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8520?format=api", "vulnerability_id": "VCID-kjta-w4nw-2ybr", "summary": "Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3068", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35218", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3068" }, { "reference_url": "https://github.com/octoprint/octoprint", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/octoprint/octoprint" }, { "reference_url": "https://github.com/octoprint/octoprint/commit/ef95ef1c101b79394f134e8fce000e6bae046571", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:21:49Z/" } ], "url": "https://github.com/octoprint/octoprint/commit/ef95ef1c101b79394f134e8fce000e6bae046571" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-283.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-283.yaml" }, { "reference_url": "https://huntr.dev/bounties/f45c24cb-9104-4c6e-a9e1-5c7e75e83884", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:21:49Z/" } ], "url": "https://huntr.dev/bounties/f45c24cb-9104-4c6e-a9e1-5c7e75e83884" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3068", "reference_id": "CVE-2022-3068", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3068" }, { "reference_url": "https://github.com/advisories/GHSA-2p75-q37p-f852", "reference_id": "GHSA-2p75-q37p-f852", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2p75-q37p-f852" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27561?format=api", "purl": "pkg:pypi/octoprint@1.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42qc-rtxt-b7an" }, { "vulnerability": "VCID-4rdu-2qdw-skgk" }, { "vulnerability": "VCID-8egf-pvr4-ekb2" }, { "vulnerability": "VCID-a6rx-nu7r-tfhb" }, { "vulnerability": "VCID-ehrz-5ved-sbba" }, { "vulnerability": "VCID-r59d-6zpd-vkaa" }, { "vulnerability": "VCID-y76e-1rfg-sqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3" } ], "aliases": [ "CVE-2022-3068", "GHSA-2p75-q37p-f852", "PYSEC-2022-283" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kjta-w4nw-2ybr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8518?format=api", "vulnerability_id": "VCID-pwxz-emyt-rfbm", "summary": "Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2872", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44942", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2872" }, { "reference_url": "https://github.com/octoprint/octoprint", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/octoprint/octoprint" }, { "reference_url": "https://github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:26:52Z/" } ], "url": "https://github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-286.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-286.yaml" }, { "reference_url": "https://huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:26:52Z/" } ], "url": "https://huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2872", "reference_id": "CVE-2022-2872", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2872" }, { "reference_url": "https://github.com/advisories/GHSA-49wm-4fp6-h59c", "reference_id": "GHSA-49wm-4fp6-h59c", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-49wm-4fp6-h59c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27561?format=api", "purl": "pkg:pypi/octoprint@1.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42qc-rtxt-b7an" }, { "vulnerability": "VCID-4rdu-2qdw-skgk" }, { "vulnerability": "VCID-8egf-pvr4-ekb2" }, { "vulnerability": "VCID-a6rx-nu7r-tfhb" }, { "vulnerability": "VCID-ehrz-5ved-sbba" }, { "vulnerability": "VCID-r59d-6zpd-vkaa" }, { "vulnerability": "VCID-y76e-1rfg-sqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3" } ], "aliases": [ "CVE-2022-2872", "GHSA-49wm-4fp6-h59c", "PYSEC-2022-286" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pwxz-emyt-rfbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9090?format=api", "vulnerability_id": "VCID-r59d-6zpd-vkaa", "summary": "OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through the \"Test\" button included in the web interface will execute JavaScript code in the victims browser when attempting to render the snapshot image. An attacker who successfully talked a victim with admin rights into performing a snapshot test with such a crafted URL could use this to retrieve or modify sensitive configuration settings, interrupt prints or otherwise interact with the OctoPrint instance in a malicious way. The vulnerability is patched in version 1.10.0rc3. OctoPrint administrators are strongly advised to thoroughly vet who has admin access to their installation and what settings they modify based on instructions by strangers.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-28237", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00487", "scoring_system": "epss", "scoring_elements": "0.65752", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-28237" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/OctoPrint/OctoPrint" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint/commit/779894c1bc6478332d14bc9ed1006df1354eb517", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-02T15:19:13Z/" } ], "url": "https://github.com/OctoPrint/OctoPrint/commit/779894c1bc6478332d14bc9ed1006df1354eb517" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-x7mf-wrh9-r76c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-02T15:19:13Z/" } ], "url": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-x7mf-wrh9-r76c" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-179.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-179.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28237", "reference_id": "CVE-2024-28237", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28237" }, { "reference_url": "https://github.com/advisories/GHSA-x7mf-wrh9-r76c", "reference_id": "GHSA-x7mf-wrh9-r76c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x7mf-wrh9-r76c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39562?format=api", "purl": "pkg:pypi/octoprint@1.10.0rc3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42qc-rtxt-b7an" }, { "vulnerability": "VCID-4rdu-2qdw-skgk" }, { "vulnerability": "VCID-8egf-pvr4-ekb2" }, { "vulnerability": "VCID-r59d-6zpd-vkaa" }, { "vulnerability": "VCID-y76e-1rfg-sqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.0rc3" }, { "url": "http://public2.vulnerablecode.io/api/packages/39564?format=api", "purl": "pkg:pypi/octoprint@1.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42qc-rtxt-b7an" }, { "vulnerability": "VCID-4rdu-2qdw-skgk" }, { "vulnerability": "VCID-8egf-pvr4-ekb2" }, { "vulnerability": "VCID-y76e-1rfg-sqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.0" } ], "aliases": [ "CVE-2024-28237", "GHSA-x7mf-wrh9-r76c", "PYSEC-2024-179" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r59d-6zpd-vkaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8377?format=api", "vulnerability_id": "VCID-s69a-p1yc-fkdt", "summary": "Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1430", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.6364", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1430" }, { "reference_url": "https://github.com/advisories/GHSA-x7r7-wmj8-vv5g", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x7r7-wmj8-vv5g" }, { "reference_url": "https://github.com/octoprint/octoprint", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/octoprint/octoprint" }, { "reference_url": "https://github.com/octoprint/octoprint/commit/8087528e4a7ddd15c7d95ff662deb5ef7de90045", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/octoprint/octoprint/commit/8087528e4a7ddd15c7d95ff662deb5ef7de90045" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-200.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-200.yaml" }, { "reference_url": "https://huntr.dev/bounties/0cd30d71-1e32-4a0b-b4c3-faaa1907b541", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/0cd30d71-1e32-4a0b-b4c3-faaa1907b541" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1430", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1430" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26519?format=api", "purl": "pkg:pypi/octoprint@1.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42qc-rtxt-b7an" }, { "vulnerability": "VCID-4rdu-2qdw-skgk" }, { "vulnerability": "VCID-72nd-8ydv-zyaz" }, { "vulnerability": "VCID-8egf-pvr4-ekb2" }, { "vulnerability": "VCID-94gj-qvwx-m7c1" }, { "vulnerability": "VCID-a6rx-nu7r-tfhb" }, { "vulnerability": "VCID-ehrz-5ved-sbba" }, { "vulnerability": "VCID-esc4-ussb-wycb" }, { "vulnerability": "VCID-kjta-w4nw-2ybr" }, { "vulnerability": "VCID-pwxz-emyt-rfbm" }, { "vulnerability": "VCID-r59d-6zpd-vkaa" }, { "vulnerability": "VCID-y76e-1rfg-sqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.0" } ], "aliases": [ "CVE-2022-1430", "GHSA-x7r7-wmj8-vv5g", "PYSEC-2022-200" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s69a-p1yc-fkdt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8091?format=api", "vulnerability_id": "VCID-s7hh-6c4x-5baj", "summary": "The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not *.log files.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32560", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.5778", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32560" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/OctoPrint/OctoPrint" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2021-29.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2021-29.yaml" }, { "reference_url": "https://octoprint.org/blog/2021/04/27/new-release-1.6.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://octoprint.org/blog/2021/04/27/new-release-1.6.0" }, { "reference_url": "https://octoprint.org/blog/2021/04/27/new-release-1.6.0/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://octoprint.org/blog/2021/04/27/new-release-1.6.0/" }, { "reference_url": "https://www.brzozowski.io", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.brzozowski.io" }, { "reference_url": "https://www.brzozowski.io/web-applications/2021/05/11/the-insecure-story-of-octoprint.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.brzozowski.io/web-applications/2021/05/11/the-insecure-story-of-octoprint.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32560", "reference_id": "CVE-2021-32560", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32560" }, { "reference_url": "https://github.com/advisories/GHSA-x9rq-fjp5-qgm9", "reference_id": "GHSA-x9rq-fjp5-qgm9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x9rq-fjp5-qgm9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20635?format=api", "purl": "pkg:pypi/octoprint@1.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42qc-rtxt-b7an" }, { "vulnerability": "VCID-4rdu-2qdw-skgk" }, { "vulnerability": "VCID-72nd-8ydv-zyaz" }, { "vulnerability": "VCID-8egf-pvr4-ekb2" }, { "vulnerability": "VCID-94gj-qvwx-m7c1" }, { "vulnerability": "VCID-a6rx-nu7r-tfhb" }, { "vulnerability": "VCID-bbaq-8mvf-fbfy" }, { "vulnerability": "VCID-ehrz-5ved-sbba" }, { "vulnerability": "VCID-esc4-ussb-wycb" }, { "vulnerability": "VCID-kjta-w4nw-2ybr" }, { "vulnerability": "VCID-pwxz-emyt-rfbm" }, { "vulnerability": "VCID-r59d-6zpd-vkaa" }, { "vulnerability": "VCID-s69a-p1yc-fkdt" }, { "vulnerability": "VCID-y76e-1rfg-sqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.6.0" } ], "aliases": [ "CVE-2021-32560", "GHSA-x9rq-fjp5-qgm9", "PYSEC-2021-29" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s7hh-6c4x-5baj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8090?format=api", "vulnerability_id": "VCID-v9f2-3qjn-6fat", "summary": "OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32561", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54163", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32561" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/OctoPrint/OctoPrint" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2021-30.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2021-30.yaml" }, { "reference_url": "https://octoprint.org/blog/2021/04/27/new-release-1.6.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://octoprint.org/blog/2021/04/27/new-release-1.6.0" }, { "reference_url": "https://octoprint.org/blog/2021/04/27/new-release-1.6.0/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://octoprint.org/blog/2021/04/27/new-release-1.6.0/" }, { "reference_url": "https://www.brzozowski.io", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.brzozowski.io" }, { "reference_url": "https://www.brzozowski.io/web-applications/2021/05/11/the-insecure-story-of-octoprint.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.brzozowski.io/web-applications/2021/05/11/the-insecure-story-of-octoprint.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32561", "reference_id": "CVE-2021-32561", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32561" }, { "reference_url": "https://github.com/advisories/GHSA-vcx4-fpmp-mvv6", "reference_id": "GHSA-vcx4-fpmp-mvv6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vcx4-fpmp-mvv6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20635?format=api", "purl": "pkg:pypi/octoprint@1.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42qc-rtxt-b7an" }, { "vulnerability": "VCID-4rdu-2qdw-skgk" }, { "vulnerability": "VCID-72nd-8ydv-zyaz" }, { "vulnerability": "VCID-8egf-pvr4-ekb2" }, { "vulnerability": "VCID-94gj-qvwx-m7c1" }, { "vulnerability": "VCID-a6rx-nu7r-tfhb" }, { "vulnerability": "VCID-bbaq-8mvf-fbfy" }, { "vulnerability": "VCID-ehrz-5ved-sbba" }, { "vulnerability": "VCID-esc4-ussb-wycb" }, { "vulnerability": "VCID-kjta-w4nw-2ybr" }, { "vulnerability": "VCID-pwxz-emyt-rfbm" }, { "vulnerability": "VCID-r59d-6zpd-vkaa" }, { "vulnerability": "VCID-s69a-p1yc-fkdt" }, { "vulnerability": "VCID-y76e-1rfg-sqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.6.0" } ], "aliases": [ "CVE-2021-32561", "GHSA-vcx4-fpmp-mvv6", "PYSEC-2021-30" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v9f2-3qjn-6fat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9258?format=api", "vulnerability_id": "VCID-y76e-1rfg-sqa2", "summary": "OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog. An attacker who successfully talked a victim into clicking on a specially crafted login link, or a malicious app running on a victim's computer triggering the application key workflow with specially crafted parameters and then redirecting the victim to the related standalone confirmation dialog could use this to retrieve or modify sensitive configuration settings, interrupt prints or otherwise interact with the OctoPrint instance in a malicious way. The above mentioned specific vulnerabilities of the login dialog and the standalone application key confirmation dialog have been patched in the bugfix release 1.10.3 by individual escaping of the detected locations. A global change throughout all of OctoPrint's templating system with the upcoming 1.11.0 release will handle this further, switching to globally enforced automatic escaping and thus reducing the attack surface in general. The latter will also improve the security of third party plugins. During a transition period, third party plugins will be able to opt into the automatic escaping. With OctoPrint 1.13.0, automatic escaping will be switched over to be enforced even for third party plugins, unless they explicitly opt-out.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-49377", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56607", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-49377" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/OctoPrint/OctoPrint" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint/commit/b8a6b0a75202edac3bb142a8e4f9041a0b6825bf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/OctoPrint/OctoPrint/commit/b8a6b0a75202edac3bb142a8e4f9041a0b6825bf" }, { "reference_url": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-xvxq-g8hw-fx4g", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-05T19:01:15Z/" } ], "url": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-xvxq-g8hw-fx4g" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-201.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-201.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49377", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49377" }, { "reference_url": "https://github.com/advisories/GHSA-xvxq-g8hw-fx4g", "reference_id": "GHSA-xvxq-g8hw-fx4g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xvxq-g8hw-fx4g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42694?format=api", "purl": "pkg:pypi/octoprint@1.10.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8egf-pvr4-ekb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.3" } ], "aliases": [ "CVE-2024-49377", "GHSA-xvxq-g8hw-fx4g", "PYSEC-2024-201" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y76e-1rfg-sqa2" } ], "fixing_vulnerabilities": [], "risk_score": "4.2", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.4.0rc2" }