Lookup for vulnerable packages by Package URL.
| Purl | pkg:pypi/asyncua@0.9.14 |
|---|
| Type | pypi |
|---|
| Namespace | |
|---|
| Name | asyncua |
|---|
| Version | 0.9.14 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | true |
|---|
| Next_non_vulnerable_version | 0.9.96 |
|---|
| Latest_non_vulnerable_version | 0.9.96 |
|---|
| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-4cw3-mdxr-dkfk |
| vulnerability_id |
VCID-4cw3-mdxr-dkfk |
| summary |
Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication.
**Note:**
This issue is a result of missing checks for services that require an active session. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-26150, GHSA-2894-qcqf-g23g, PYSEC-2023-189
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4cw3-mdxr-dkfk |
|
| 1 |
| url |
VCID-eem1-7deb-vuhf |
| vulnerability_id |
VCID-eem1-7deb-vuhf |
| summary |
Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-26151, GHSA-gfvq-mxw3-mfq3, PYSEC-2023-190
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eem1-7deb-vuhf |
|
|
|---|
| Fixing_vulnerabilities |
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:pypi/asyncua@0.9.14 |
|---|