Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/octoprint@1.7.0
Typepypi
Namespace
Nameoctoprint
Version1.7.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.11.0
Latest_non_vulnerable_version1.11.6
Affected_by_vulnerabilities
0
url VCID-42qc-rtxt-b7an
vulnerability_id VCID-42qc-rtxt-b7an
summary OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user's or - if the victim has admin permissions - the global API key without having to reauthenticate by re-entering the user account's password. An attacker could use a stolen API key to access OctoPrint through its API, or disrupt workflows depending on the API key they deleted. This vulnerability will be patched in version 1.10.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-51493
reference_id
reference_type
scores
0
value 0.00103
scoring_system epss
scoring_elements 0.27797
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-51493
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://github.com/OctoPrint/OctoPrint/commit/9bc80d782d72881b16e20873dcd0b8314324c70c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint/commit/9bc80d782d72881b16e20873dcd0b8314324c70c
3
reference_url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-cc6x-8cc7-9953
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-05T19:01:40Z/
url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-cc6x-8cc7-9953
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-202.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-202.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-51493
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-51493
fixed_packages
0
url pkg:pypi/octoprint@1.10.3
purl pkg:pypi/octoprint@1.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8egf-pvr4-ekb2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.3
aliases CVE-2024-51493, GHSA-cc6x-8cc7-9953, PYSEC-2024-202
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-42qc-rtxt-b7an
1
url VCID-4rdu-2qdw-skgk
vulnerability_id VCID-4rdu-2qdw-skgk
summary OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the `autologinLocal` option is enabled within `config.yaml`, even if they come from networks that are not configured as `localNetworks`, spoofing their IP via the `X-Forwarded-For` header. If autologin is not enabled, this vulnerability does not have any impact. The vulnerability has been patched in version 1.10.1. Until the patch has been applied, OctoPrint administrators who have autologin enabled on their instances should disable it and/or to make the instance inaccessible from potentially hostile networks like the internet.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-32977
reference_id
reference_type
scores
0
value 0.0012
scoring_system epss
scoring_elements 0.3062
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-32977
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://github.com/OctoPrint/OctoPrint/commit/5afbec8d23508edc25b0f1bdef1620580136add4
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-15T13:21:43Z/
url https://github.com/OctoPrint/OctoPrint/commit/5afbec8d23508edc25b0f1bdef1620580136add4
3
reference_url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-2vjq-hg5w-5gm7
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-15T13:21:43Z/
url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-2vjq-hg5w-5gm7
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-237.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-237.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-32977
reference_id CVE-2024-32977
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-32977
6
reference_url https://github.com/advisories/GHSA-2vjq-hg5w-5gm7
reference_id GHSA-2vjq-hg5w-5gm7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2vjq-hg5w-5gm7
fixed_packages
0
url pkg:pypi/octoprint@1.10.1
purl pkg:pypi/octoprint@1.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42qc-rtxt-b7an
1
vulnerability VCID-8egf-pvr4-ekb2
2
vulnerability VCID-y76e-1rfg-sqa2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.1
aliases CVE-2024-32977, GHSA-2vjq-hg5w-5gm7, PYSEC-2024-237
risk_score 4.2
exploitability 0.5
weighted_severity 8.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4rdu-2qdw-skgk
2
url VCID-72nd-8ydv-zyaz
vulnerability_id VCID-72nd-8ydv-zyaz
summary If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2888
reference_id
reference_type
scores
0
value 0.00047
scoring_system epss
scoring_elements 0.14987
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2888
1
reference_url https://github.com/octoprint/octoprint
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/octoprint/octoprint
2
reference_url https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:05Z/
url https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-282.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-282.yaml
4
reference_url https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:05Z/
url https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2888
reference_id CVE-2022-2888
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2888
6
reference_url https://github.com/advisories/GHSA-937f-qh3w-6g87
reference_id GHSA-937f-qh3w-6g87
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-937f-qh3w-6g87
fixed_packages
0
url pkg:pypi/octoprint@1.8.3
purl pkg:pypi/octoprint@1.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42qc-rtxt-b7an
1
vulnerability VCID-4rdu-2qdw-skgk
2
vulnerability VCID-8egf-pvr4-ekb2
3
vulnerability VCID-a6rx-nu7r-tfhb
4
vulnerability VCID-ehrz-5ved-sbba
5
vulnerability VCID-r59d-6zpd-vkaa
6
vulnerability VCID-y76e-1rfg-sqa2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3
aliases CVE-2022-2888, GHSA-937f-qh3w-6g87, PYSEC-2022-282
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-72nd-8ydv-zyaz
3
url VCID-8egf-pvr4-ekb2
vulnerability_id VCID-8egf-pvr4-ekb2
summary OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential future modifications to the codebase that might incorrectly rely on the vulnerable internal functions for authentication checks, leading to security vulnerabilities. This issue has been patched in version 1.11.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32788
reference_id
reference_type
scores
0
value 0.00086
scoring_system epss
scoring_elements 0.24854
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32788
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://github.com/OctoPrint/OctoPrint/commit/41ff431014edfa18ca1a01897b10463934dc7fc2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T19:56:38Z/
url https://github.com/OctoPrint/OctoPrint/commit/41ff431014edfa18ca1a01897b10463934dc7fc2
3
reference_url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-qw93-h6pf-226x
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T19:56:38Z/
url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-qw93-h6pf-226x
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2025-56.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2025-56.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-32788
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-32788
fixed_packages
0
url pkg:pypi/octoprint@1.11.0
purl pkg:pypi/octoprint@1.11.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.0
aliases CVE-2025-32788, GHSA-qw93-h6pf-226x, PYSEC-2025-56
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8egf-pvr4-ekb2
4
url VCID-94gj-qvwx-m7c1
vulnerability_id VCID-94gj-qvwx-m7c1
summary Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2930
reference_id
reference_type
scores
0
value 0.00122
scoring_system epss
scoring_elements 0.30902
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2930
1
reference_url https://github.com/octoprint/octoprint
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/octoprint/octoprint
2
reference_url https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-43142.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-43142.yaml
4
reference_url https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2930
reference_id CVE-2022-2930
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2930
6
reference_url https://github.com/advisories/GHSA-39gf-864w-pxw4
reference_id GHSA-39gf-864w-pxw4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-39gf-864w-pxw4
fixed_packages
0
url pkg:pypi/octoprint@1.8.3
purl pkg:pypi/octoprint@1.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42qc-rtxt-b7an
1
vulnerability VCID-4rdu-2qdw-skgk
2
vulnerability VCID-8egf-pvr4-ekb2
3
vulnerability VCID-a6rx-nu7r-tfhb
4
vulnerability VCID-ehrz-5ved-sbba
5
vulnerability VCID-r59d-6zpd-vkaa
6
vulnerability VCID-y76e-1rfg-sqa2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3
aliases CVE-2022-2930, GHSA-39gf-864w-pxw4, PYSEC-2022-43142
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-94gj-qvwx-m7c1
5
url VCID-a6rx-nu7r-tfhb
vulnerability_id VCID-a6rx-nu7r-tfhb
summary OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract data managed by OctoPrint, or manipulate data managed by OctoPrint, as well as execute arbitrary commands with the rights of the OctoPrint process on the server system. OctoPrint versions from 1.9.3 onward have been patched. Administrators of OctoPrint instances are advised to make sure they can trust all other administrators on their instance and to also not blindly configure arbitrary GCODE scripts found online or provided to them by third parties.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-41047
reference_id
reference_type
scores
0
value 0.00143
scoring_system epss
scoring_elements 0.34253
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-41047
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://github.com/OctoPrint/OctoPrint/commit/d0072cff894509c77e243d6562245ad3079e17db
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
2
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T16:43:52Z/
url https://github.com/OctoPrint/OctoPrint/commit/d0072cff894509c77e243d6562245ad3079e17db
3
reference_url https://github.com/OctoPrint/OctoPrint/releases/tag/1.9.3
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
2
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T16:43:52Z/
url https://github.com/OctoPrint/OctoPrint/releases/tag/1.9.3
4
reference_url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-fwfg-vprh-97ph
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
2
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T16:43:52Z/
url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-fwfg-vprh-97ph
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2023-195.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2023-195.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-41047
reference_id CVE-2023-41047
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-41047
7
reference_url https://github.com/advisories/GHSA-fwfg-vprh-97ph
reference_id GHSA-fwfg-vprh-97ph
reference_type
scores
url https://github.com/advisories/GHSA-fwfg-vprh-97ph
fixed_packages
0
url pkg:pypi/octoprint@1.9.3
purl pkg:pypi/octoprint@1.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42qc-rtxt-b7an
1
vulnerability VCID-4rdu-2qdw-skgk
2
vulnerability VCID-8egf-pvr4-ekb2
3
vulnerability VCID-ehrz-5ved-sbba
4
vulnerability VCID-r59d-6zpd-vkaa
5
vulnerability VCID-y76e-1rfg-sqa2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.9.3
aliases CVE-2023-41047, GHSA-fwfg-vprh-97ph, PYSEC-2023-195
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a6rx-nu7r-tfhb
6
url VCID-bbaq-8mvf-fbfy
vulnerability_id VCID-bbaq-8mvf-fbfy
summary Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1432
reference_id
reference_type
scores
0
value 0.00435
scoring_system epss
scoring_elements 0.63171
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1432
1
reference_url https://github.com/advisories/GHSA-h8pc-j334-jjhm
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-h8pc-j334-jjhm
2
reference_url https://github.com/octoprint/octoprint
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/octoprint/octoprint
3
reference_url https://github.com/octoprint/octoprint/commit/6d259d7e6f5b0de9a1c762831537a386e53978d3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/octoprint/octoprint/commit/6d259d7e6f5b0de9a1c762831537a386e53978d3
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-201.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-201.yaml
5
reference_url https://huntr.dev/bounties/cb545c63-a3c1-4d57-8f06-e4593ab389bf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/cb545c63-a3c1-4d57-8f06-e4593ab389bf
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1432
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1432
fixed_packages
0
url pkg:pypi/octoprint@1.8.0
purl pkg:pypi/octoprint@1.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42qc-rtxt-b7an
1
vulnerability VCID-4rdu-2qdw-skgk
2
vulnerability VCID-72nd-8ydv-zyaz
3
vulnerability VCID-8egf-pvr4-ekb2
4
vulnerability VCID-94gj-qvwx-m7c1
5
vulnerability VCID-a6rx-nu7r-tfhb
6
vulnerability VCID-ehrz-5ved-sbba
7
vulnerability VCID-esc4-ussb-wycb
8
vulnerability VCID-kjta-w4nw-2ybr
9
vulnerability VCID-pwxz-emyt-rfbm
10
vulnerability VCID-r59d-6zpd-vkaa
11
vulnerability VCID-y76e-1rfg-sqa2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.0
aliases CVE-2022-1432, GHSA-h8pc-j334-jjhm, PYSEC-2022-201
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bbaq-8mvf-fbfy
7
url VCID-ehrz-5ved-sbba
vulnerability_id VCID-ehrz-5ved-sbba
summary OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an admin account might use this to lock out actual admins from their OctoPrint instance. The vulnerability will be patched in version 1.10.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23637
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10048
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23637
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://github.com/OctoPrint/OctoPrint/commit/1729d167b4ae4a5835bbc7211b92c6828b1c4125
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T20:27:59Z/
url https://github.com/OctoPrint/OctoPrint/commit/1729d167b4ae4a5835bbc7211b92c6828b1c4125
3
reference_url https://github.com/OctoPrint/OctoPrint/releases/tag/1.10.0rc1
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T20:27:59Z/
url https://github.com/OctoPrint/OctoPrint/releases/tag/1.10.0rc1
4
reference_url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-5626-pw9c-hmjr
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T20:27:59Z/
url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-5626-pw9c-hmjr
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-29.yaml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-29.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23637
reference_id CVE-2024-23637
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-23637
7
reference_url https://github.com/advisories/GHSA-5626-pw9c-hmjr
reference_id GHSA-5626-pw9c-hmjr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5626-pw9c-hmjr
fixed_packages
0
url pkg:pypi/octoprint@1.10.0rc1
purl pkg:pypi/octoprint@1.10.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42qc-rtxt-b7an
1
vulnerability VCID-4rdu-2qdw-skgk
2
vulnerability VCID-8egf-pvr4-ekb2
3
vulnerability VCID-r59d-6zpd-vkaa
4
vulnerability VCID-y76e-1rfg-sqa2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.0rc1
aliases CVE-2024-23637, GHSA-5626-pw9c-hmjr, PYSEC-2024-29
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ehrz-5ved-sbba
8
url VCID-esc4-ussb-wycb
vulnerability_id VCID-esc4-ussb-wycb
summary Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3607
reference_id
reference_type
scores
0
value 0.00218
scoring_system epss
scoring_elements 0.44478
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3607
1
reference_url https://github.com/octoprint/octoprint
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/octoprint/octoprint
2
reference_url https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e
reference_id
reference_type
scores
0
value 6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
2
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-09T14:47:28Z/
url https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-42975.yaml
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-42975.yaml
4
reference_url https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11
reference_id
reference_type
scores
0
value 6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
2
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-09T14:47:28Z/
url https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3607
reference_id CVE-2022-3607
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3607
6
reference_url https://github.com/advisories/GHSA-rj5f-vm79-5j84
reference_id GHSA-rj5f-vm79-5j84
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rj5f-vm79-5j84
fixed_packages
0
url pkg:pypi/octoprint@1.8.3
purl pkg:pypi/octoprint@1.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42qc-rtxt-b7an
1
vulnerability VCID-4rdu-2qdw-skgk
2
vulnerability VCID-8egf-pvr4-ekb2
3
vulnerability VCID-a6rx-nu7r-tfhb
4
vulnerability VCID-ehrz-5ved-sbba
5
vulnerability VCID-r59d-6zpd-vkaa
6
vulnerability VCID-y76e-1rfg-sqa2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3
aliases CVE-2022-3607, GHSA-rj5f-vm79-5j84, PYSEC-2022-42975
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-esc4-ussb-wycb
9
url VCID-kjta-w4nw-2ybr
vulnerability_id VCID-kjta-w4nw-2ybr
summary Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3068
reference_id
reference_type
scores
0
value 0.0015
scoring_system epss
scoring_elements 0.35218
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3068
1
reference_url https://github.com/octoprint/octoprint
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/octoprint/octoprint
2
reference_url https://github.com/octoprint/octoprint/commit/ef95ef1c101b79394f134e8fce000e6bae046571
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:21:49Z/
url https://github.com/octoprint/octoprint/commit/ef95ef1c101b79394f134e8fce000e6bae046571
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-283.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-283.yaml
4
reference_url https://huntr.dev/bounties/f45c24cb-9104-4c6e-a9e1-5c7e75e83884
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:21:49Z/
url https://huntr.dev/bounties/f45c24cb-9104-4c6e-a9e1-5c7e75e83884
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3068
reference_id CVE-2022-3068
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3068
6
reference_url https://github.com/advisories/GHSA-2p75-q37p-f852
reference_id GHSA-2p75-q37p-f852
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2p75-q37p-f852
fixed_packages
0
url pkg:pypi/octoprint@1.8.3
purl pkg:pypi/octoprint@1.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42qc-rtxt-b7an
1
vulnerability VCID-4rdu-2qdw-skgk
2
vulnerability VCID-8egf-pvr4-ekb2
3
vulnerability VCID-a6rx-nu7r-tfhb
4
vulnerability VCID-ehrz-5ved-sbba
5
vulnerability VCID-r59d-6zpd-vkaa
6
vulnerability VCID-y76e-1rfg-sqa2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3
aliases CVE-2022-3068, GHSA-2p75-q37p-f852, PYSEC-2022-283
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kjta-w4nw-2ybr
10
url VCID-pwxz-emyt-rfbm
vulnerability_id VCID-pwxz-emyt-rfbm
summary Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2872
reference_id
reference_type
scores
0
value 0.00223
scoring_system epss
scoring_elements 0.44942
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2872
1
reference_url https://github.com/octoprint/octoprint
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/octoprint/octoprint
2
reference_url https://github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
2
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:26:52Z/
url https://github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-286.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-286.yaml
4
reference_url https://huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
2
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:26:52Z/
url https://huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2872
reference_id CVE-2022-2872
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2872
6
reference_url https://github.com/advisories/GHSA-49wm-4fp6-h59c
reference_id GHSA-49wm-4fp6-h59c
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-49wm-4fp6-h59c
fixed_packages
0
url pkg:pypi/octoprint@1.8.3
purl pkg:pypi/octoprint@1.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42qc-rtxt-b7an
1
vulnerability VCID-4rdu-2qdw-skgk
2
vulnerability VCID-8egf-pvr4-ekb2
3
vulnerability VCID-a6rx-nu7r-tfhb
4
vulnerability VCID-ehrz-5ved-sbba
5
vulnerability VCID-r59d-6zpd-vkaa
6
vulnerability VCID-y76e-1rfg-sqa2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3
aliases CVE-2022-2872, GHSA-49wm-4fp6-h59c, PYSEC-2022-286
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pwxz-emyt-rfbm
11
url VCID-r59d-6zpd-vkaa
vulnerability_id VCID-r59d-6zpd-vkaa
summary OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through the "Test" button included in the web interface will execute JavaScript code in the victims browser when attempting to render the snapshot image. An attacker who successfully talked a victim with admin rights into performing a snapshot test with such a crafted URL could use this to retrieve or modify sensitive configuration settings, interrupt prints or otherwise interact with the OctoPrint instance in a malicious way. The vulnerability is patched in version 1.10.0rc3. OctoPrint administrators are strongly advised to thoroughly vet who has admin access to their installation and what settings they modify based on instructions by strangers.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28237
reference_id
reference_type
scores
0
value 0.00487
scoring_system epss
scoring_elements 0.65752
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28237
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://github.com/OctoPrint/OctoPrint/commit/779894c1bc6478332d14bc9ed1006df1354eb517
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
2
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-02T15:19:13Z/
url https://github.com/OctoPrint/OctoPrint/commit/779894c1bc6478332d14bc9ed1006df1354eb517
3
reference_url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-x7mf-wrh9-r76c
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
2
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-02T15:19:13Z/
url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-x7mf-wrh9-r76c
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-179.yaml
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-179.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28237
reference_id CVE-2024-28237
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28237
6
reference_url https://github.com/advisories/GHSA-x7mf-wrh9-r76c
reference_id GHSA-x7mf-wrh9-r76c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x7mf-wrh9-r76c
fixed_packages
0
url pkg:pypi/octoprint@1.10.0rc3
purl pkg:pypi/octoprint@1.10.0rc3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42qc-rtxt-b7an
1
vulnerability VCID-4rdu-2qdw-skgk
2
vulnerability VCID-8egf-pvr4-ekb2
3
vulnerability VCID-r59d-6zpd-vkaa
4
vulnerability VCID-y76e-1rfg-sqa2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.0rc3
1
url pkg:pypi/octoprint@1.10.0
purl pkg:pypi/octoprint@1.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42qc-rtxt-b7an
1
vulnerability VCID-4rdu-2qdw-skgk
2
vulnerability VCID-8egf-pvr4-ekb2
3
vulnerability VCID-y76e-1rfg-sqa2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.0
aliases CVE-2024-28237, GHSA-x7mf-wrh9-r76c, PYSEC-2024-179
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r59d-6zpd-vkaa
12
url VCID-s69a-p1yc-fkdt
vulnerability_id VCID-s69a-p1yc-fkdt
summary Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1430
reference_id
reference_type
scores
0
value 0.00444
scoring_system epss
scoring_elements 0.6364
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1430
1
reference_url https://github.com/advisories/GHSA-x7r7-wmj8-vv5g
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-x7r7-wmj8-vv5g
2
reference_url https://github.com/octoprint/octoprint
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/octoprint/octoprint
3
reference_url https://github.com/octoprint/octoprint/commit/8087528e4a7ddd15c7d95ff662deb5ef7de90045
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/octoprint/octoprint/commit/8087528e4a7ddd15c7d95ff662deb5ef7de90045
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-200.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-200.yaml
5
reference_url https://huntr.dev/bounties/0cd30d71-1e32-4a0b-b4c3-faaa1907b541
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/0cd30d71-1e32-4a0b-b4c3-faaa1907b541
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1430
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1430
fixed_packages
0
url pkg:pypi/octoprint@1.8.0
purl pkg:pypi/octoprint@1.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42qc-rtxt-b7an
1
vulnerability VCID-4rdu-2qdw-skgk
2
vulnerability VCID-72nd-8ydv-zyaz
3
vulnerability VCID-8egf-pvr4-ekb2
4
vulnerability VCID-94gj-qvwx-m7c1
5
vulnerability VCID-a6rx-nu7r-tfhb
6
vulnerability VCID-ehrz-5ved-sbba
7
vulnerability VCID-esc4-ussb-wycb
8
vulnerability VCID-kjta-w4nw-2ybr
9
vulnerability VCID-pwxz-emyt-rfbm
10
vulnerability VCID-r59d-6zpd-vkaa
11
vulnerability VCID-y76e-1rfg-sqa2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.0
aliases CVE-2022-1430, GHSA-x7r7-wmj8-vv5g, PYSEC-2022-200
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s69a-p1yc-fkdt
13
url VCID-y76e-1rfg-sqa2
vulnerability_id VCID-y76e-1rfg-sqa2
summary OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog. An attacker who successfully talked a victim into clicking on a specially crafted login link, or a malicious app running on a victim's computer triggering the application key workflow with specially crafted parameters and then redirecting the victim to the related standalone confirmation dialog could use this to retrieve or modify sensitive configuration settings, interrupt prints or otherwise interact with the OctoPrint instance in a malicious way. The above mentioned specific vulnerabilities of the login dialog and the standalone application key confirmation dialog have been patched in the bugfix release 1.10.3 by individual escaping of the detected locations. A global change throughout all of OctoPrint's templating system with the upcoming 1.11.0 release will handle this further, switching to globally enforced automatic escaping and thus reducing the attack surface in general. The latter will also improve the security of third party plugins. During a transition period, third party plugins will be able to opt into the automatic escaping. With OctoPrint 1.13.0, automatic escaping will be switched over to be enforced even for third party plugins, unless they explicitly opt-out.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-49377
reference_id
reference_type
scores
0
value 0.00335
scoring_system epss
scoring_elements 0.56607
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-49377
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://github.com/OctoPrint/OctoPrint/commit/b8a6b0a75202edac3bb142a8e4f9041a0b6825bf
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint/commit/b8a6b0a75202edac3bb142a8e4f9041a0b6825bf
3
reference_url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-xvxq-g8hw-fx4g
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-05T19:01:15Z/
url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-xvxq-g8hw-fx4g
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-201.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-201.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-49377
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-49377
fixed_packages
0
url pkg:pypi/octoprint@1.10.3
purl pkg:pypi/octoprint@1.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8egf-pvr4-ekb2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.3
aliases CVE-2024-49377, GHSA-xvxq-g8hw-fx4g, PYSEC-2024-201
risk_score 2.8
exploitability 0.5
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y76e-1rfg-sqa2
Fixing_vulnerabilities
Risk_score4.2
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.7.0