Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/26620?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/26620?format=api", "purl": "pkg:pypi/cobbler@3.3.1", "type": "pypi", "namespace": "", "name": "cobbler", "version": "3.3.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.3.2", "latest_non_vulnerable_version": "3.3.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36056?format=api", "vulnerability_id": "VCID-n8d7-2mjk-wbc8", "summary": "Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.", "references": [ { "reference_url": "https://github.com/advisories/GHSA-mcg6-h362-cmq5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mcg6-h362-cmq5" }, { "reference_url": "https://github.com/cobbler/cobbler", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/cobbler/cobbler" }, { "reference_url": "https://github.com/cobbler/cobbler/commit/9044aa990a94752fa5bd5a24051adde099280bfa", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/cobbler/cobbler/commit/9044aa990a94752fa5bd5a24051adde099280bfa" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2022-177.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2022-177.yaml" }, { "reference_url": "https://huntr.dev/bounties/c458b868-63df-414e-af10-47e3745caa1d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/c458b868-63df-414e-af10-47e3745caa1d" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D4KCNZYBQC2FM5SEEDRQZO4LRZ4ZECMG", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D4KCNZYBQC2FM5SEEDRQZO4LRZ4ZECMG" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D4KCNZYBQC2FM5SEEDRQZO4LRZ4ZECMG/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D4KCNZYBQC2FM5SEEDRQZO4LRZ4ZECMG/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYWYHWVVRUSPCV5SWBOSAMQJQLTSBTKY", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYWYHWVVRUSPCV5SWBOSAMQJQLTSBTKY" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYWYHWVVRUSPCV5SWBOSAMQJQLTSBTKY/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYWYHWVVRUSPCV5SWBOSAMQJQLTSBTKY/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYSHMF6MEIITFAG7EJ3IQKVUN7MDV2XM", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYSHMF6MEIITFAG7EJ3IQKVUN7MDV2XM" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYSHMF6MEIITFAG7EJ3IQKVUN7MDV2XM/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYSHMF6MEIITFAG7EJ3IQKVUN7MDV2XM/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0860", "reference_id": "CVE-2022-0860", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0860" }, { "reference_url": "https://github.com/cobbler/cobbler/security/advisories/GHSA-mcg6-h362-cmq5", "reference_id": "GHSA-mcg6-h362-cmq5", "reference_type": "", "scores": [], "url": "https://github.com/cobbler/cobbler/security/advisories/GHSA-mcg6-h362-cmq5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26967?format=api", "purl": "pkg:pypi/cobbler@3.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cobbler@3.3.2" } ], "aliases": [ "CVE-2022-0860", "GHSA-mcg6-h362-cmq5", "PYSEC-2022-177" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n8d7-2mjk-wbc8" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36036?format=api", "vulnerability_id": "VCID-gxpd-rmnn-67cm", "summary": "An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it's trivial to obtain the plaintext string. The settings.yaml file contains secrets such as the hashed default password.", "references": [ { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=1193671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1193671" }, { "reference_url": "https://github.com/advisories/GHSA-5946-mpw5-pqxx", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5946-mpw5-pqxx" }, { "reference_url": "https://github.com/cobbler/cobbler", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/cobbler/cobbler" }, { "reference_url": "https://github.com/cobbler/cobbler/commit/10b2112db83fedfc391e900edfedc2b4e507d3f7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/cobbler/cobbler/commit/10b2112db83fedfc391e900edfedc2b4e507d3f7" }, { "reference_url": "https://github.com/cobbler/cobbler/pull/2945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/cobbler/cobbler/pull/2945" }, { "reference_url": "https://github.com/cobbler/cobbler/releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/cobbler/cobbler/releases" }, { "reference_url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.1" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2022-38.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2022-38.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2022/02/18/3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.openwall.com/lists/oss-security/2022/02/18/3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45083", "reference_id": "CVE-2021-45083", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45083" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26620?format=api", "purl": "pkg:pypi/cobbler@3.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n8d7-2mjk-wbc8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cobbler@3.3.1" } ], "aliases": [ "CVE-2021-45083", "GHSA-5946-mpw5-pqxx", "PYSEC-2022-38" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gxpd-rmnn-67cm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36035?format=api", "vulnerability_id": "VCID-nrb3-t9dq-x7hw", "summary": "An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the \"#from MODULE import\" substring. (Only lines beginning with #import are blocked.)", "references": [ { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=1193678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1193678" }, { "reference_url": "https://github.com/advisories/GHSA-6cm4-gm85-972c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6cm4-gm85-972c" }, { "reference_url": "https://github.com/cobbler/cobbler/pull/2945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/cobbler/cobbler/pull/2945" }, { "reference_url": "https://github.com/cobbler/cobbler/releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/cobbler/cobbler/releases" }, { "reference_url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45082", "reference_id": "CVE-2021-45082", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45082" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26620?format=api", "purl": "pkg:pypi/cobbler@3.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n8d7-2mjk-wbc8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cobbler@3.3.1" } ], "aliases": [ "CVE-2021-45082", "GHSA-6cm4-gm85-972c", "PYSEC-2022-37" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nrb3-t9dq-x7hw" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cobbler@3.3.1" }