Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/9164?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/9164?format=api", "purl": "pkg:pypi/tripleo-heat-templates@0.8.7", "type": "pypi", "namespace": "", "name": "tripleo-heat-templates", "version": "0.8.7", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "8.0.3", "latest_non_vulnerable_version": "8.0.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34985?format=api", "vulnerability_id": "VCID-nv7k-zxyu-e3fz", "summary": "The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2650", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2650" }, { "reference_url": "https://bugs.launchpad.net/tripleo/+bug/1516027", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.launchpad.net/tripleo/+bug/1516027" }, { "reference_url": "https://github.com/openstack/tripleo-heat-templates", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openstack/tripleo-heat-templates" }, { "reference_url": "https://github.com/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c" }, { "reference_url": "https://github.com/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tripleo-heat-templates/PYSEC-2016-35.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tripleo-heat-templates/PYSEC-2016-35.yaml" }, { "reference_url": "https://opendev.org/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://opendev.org/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c" }, { "reference_url": "https://opendev.org/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42", "reference_id": "", "reference_type": "", "scores": [], "url": "https://opendev.org/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5303", "reference_id": "CVE-2015-5303", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5303" }, { "reference_url": "https://github.com/advisories/GHSA-m94p-8942-pm49", "reference_id": "GHSA-m94p-8942-pm49", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m94p-8942-pm49" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9166?format=api", "purl": "pkg:pypi/tripleo-heat-templates@0.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vxt7-kug2-nkbh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/11679?format=api", "purl": "pkg:pypi/tripleo-heat-templates@0.8.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vxt7-kug2-nkbh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.10" } ], "aliases": [ "CVE-2015-5303", "GHSA-m94p-8942-pm49", "PYSEC-2016-35" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nv7k-zxyu-e3fz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35241?format=api", "vulnerability_id": "VCID-vxt7-kug2-nkbh", "summary": "A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2214" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10898" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11764?format=api", "purl": "pkg:pypi/tripleo-heat-templates@8.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@8.0.3" } ], "aliases": [ "CVE-2018-10898", "PYSEC-2018-102" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vxt7-kug2-nkbh" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34996?format=api", "vulnerability_id": "VCID-p48m-hmsy-n3d3", "summary": "The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1862", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1862" }, { "reference_url": "https://bugs.launchpad.net/tripleo/+bug/1494896", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.launchpad.net/tripleo/+bug/1494896" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1261697", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1261697" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tripleo-heat-templates/PYSEC-2016-34.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tripleo-heat-templates/PYSEC-2016-34.yaml" }, { "reference_url": "https://git.openstack.org/cgit/openstack/tripleo-heat-templates", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.openstack.org/cgit/openstack/tripleo-heat-templates" }, { "reference_url": "https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=1730d95acdbee7c7bbcfe1eba8a48ef2b0cc1476", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=1730d95acdbee7c7bbcfe1eba8a48ef2b0cc1476" }, { "reference_url": "https://launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch", "reference_id": "", "reference_type": "", "scores": [], "url": "https://launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch" }, { "reference_url": "https://review.openstack.org/226541", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.openstack.org/226541" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-5271", "reference_id": "CVE-2015-5271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2015-5271" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5271", "reference_id": "CVE-2015-5271", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5271" }, { "reference_url": "https://github.com/advisories/GHSA-8936-44gw-7664", "reference_id": "GHSA-8936-44gw-7664", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8936-44gw-7664" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9164?format=api", "purl": "pkg:pypi/tripleo-heat-templates@0.8.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nv7k-zxyu-e3fz" }, { "vulnerability": "VCID-vxt7-kug2-nkbh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.7" } ], "aliases": [ "CVE-2015-5271", "GHSA-8936-44gw-7664", "PYSEC-2016-34" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p48m-hmsy-n3d3" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.7" }