Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/cvxopt@1.2.2
Typepypi
Namespace
Namecvxopt
Version1.2.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.2.7
Latest_non_vulnerable_version1.2.7
Affected_by_vulnerabilities
0
url VCID-sgng-sj7m-gub3
vulnerability_id VCID-sgng-sj7m-gub3
summary Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects.
references
0
reference_url https://github.com/advisories/GHSA-8rh6-h94m-vj54
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-8rh6-h94m-vj54
1
reference_url https://github.com/cvxopt/cvxopt
reference_id
reference_type
scores
url https://github.com/cvxopt/cvxopt
2
reference_url https://github.com/cvxopt/cvxopt/commit/d5a21cf1da62e4269176384b1ff62edac5579f94
reference_id
reference_type
scores
url https://github.com/cvxopt/cvxopt/commit/d5a21cf1da62e4269176384b1ff62edac5579f94
3
reference_url https://github.com/cvxopt/cvxopt/issues/193
reference_id
reference_type
scores
url https://github.com/cvxopt/cvxopt/issues/193
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/cvxopt/PYSEC-2021-870.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/cvxopt/PYSEC-2021-870.yaml
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CXTPM3DGVYTYQ54OFCMXZVWVOMR7JM2D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CXTPM3DGVYTYQ54OFCMXZVWVOMR7JM2D
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CXTPM3DGVYTYQ54OFCMXZVWVOMR7JM2D/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CXTPM3DGVYTYQ54OFCMXZVWVOMR7JM2D/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41500
reference_id CVE-2021-41500
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-41500
fixed_packages
0
url pkg:pypi/cvxopt@1.2.7
purl pkg:pypi/cvxopt@1.2.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cvxopt@1.2.7
aliases CVE-2021-41500, GHSA-8rh6-h94m-vj54, PYSEC-2021-870
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sgng-sj7m-gub3
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/cvxopt@1.2.2