Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/9452?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/9452?format=api", "purl": "pkg:pypi/moin@1.9.8", "type": "pypi", "namespace": "", "name": "moin", "version": "1.9.8", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.9.11", "latest_non_vulnerable_version": "1.9.11", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35009?format=api", "vulnerability_id": "VCID-1kv8-4wn6-yydy", "summary": "MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation or crafted URL\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=fckdialog&dialog=attachment (via page name) component.", "references": [ { "reference_url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3715", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3715" }, { "reference_url": "http://www.securityfocus.com/bid/94259", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94259" }, { "reference_url": "http://www.ubuntu.com/usn/USN-3137-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-3137-1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9453?format=api", "purl": "pkg:pypi/moin@1.9.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2yaq-3m4p-q3bu" }, { "vulnerability": "VCID-4fn8-ab2r-23dk" }, { "vulnerability": "VCID-kjqq-u9hy-5yda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.9" } ], "aliases": [ "CVE-2016-7146", "PYSEC-2016-30" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1kv8-4wn6-yydy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35671?format=api", "vulnerability_id": "VCID-2yaq-3m4p-q3bu", "summary": "MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.", "references": [ { "reference_url": "https://advisory.checkmarx.net/advisory/CX-2020-4285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://advisory.checkmarx.net/advisory/CX-2020-4285" }, { "reference_url": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2" }, { "reference_url": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11" }, { "reference_url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18962?format=api", "purl": "pkg:pypi/moin@1.9.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.11" } ], "aliases": [ "CVE-2020-15275", "GHSA-4q96-6xhq-ff43", "PYSEC-2020-241" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2yaq-3m4p-q3bu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35273?format=api", "vulnerability_id": "VCID-4fn8-ab2r-23dk", "summary": "Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html" }, { "reference_url": "http://moinmo.in/SecurityFixes", "reference_id": "", "reference_type": "", "scores": [], "url": "http://moinmo.in/SecurityFixes" }, { "reference_url": "https://github.com/advisories/GHSA-42fp-4hm3-j8r7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-42fp-4hm3-j8r7" }, { "reference_url": "https://github.com/moinwiki/moin-1.9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moinwiki/moin-1.9" }, { "reference_url": "https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2018-47.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2018-47.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html" }, { "reference_url": "https://usn.ubuntu.com/3794-1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3794-1" }, { "reference_url": "https://usn.ubuntu.com/3794-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3794-1/" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4318", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4318" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5934", "reference_id": "CVE-2017-5934", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5934" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12310?format=api", "purl": "pkg:pypi/moin@1.9.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2yaq-3m4p-q3bu" }, { "vulnerability": "VCID-kjqq-u9hy-5yda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.10" } ], "aliases": [ "CVE-2017-5934", "GHSA-42fp-4hm3-j8r7", "PYSEC-2018-47" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4fn8-ab2r-23dk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35010?format=api", "vulnerability_id": "VCID-5hn2-1bvq-jfdh", "summary": "MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=AttachFile (via page name) component.", "references": [ { "reference_url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3715", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3715" }, { "reference_url": "http://www.securityfocus.com/bid/94259", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94259" }, { "reference_url": "http://www.ubuntu.com/usn/USN-3137-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-3137-1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9453?format=api", "purl": "pkg:pypi/moin@1.9.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2yaq-3m4p-q3bu" }, { "vulnerability": "VCID-4fn8-ab2r-23dk" }, { "vulnerability": "VCID-kjqq-u9hy-5yda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.9" } ], "aliases": [ "CVE-2016-7148", "PYSEC-2016-31" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5hn2-1bvq-jfdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35670?format=api", "vulnerability_id": "VCID-kjqq-u9hy-5yda", "summary": "The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.", "references": [ { "reference_url": "http://moinmo.in/SecurityFixes", "reference_id": "", "reference_type": "", "scores": [], "url": "http://moinmo.in/SecurityFixes" }, { "reference_url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4787" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18962?format=api", "purl": "pkg:pypi/moin@1.9.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.11" } ], "aliases": [ "CVE-2020-25074", "GHSA-52q8-877j-gghq", "PYSEC-2020-67" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kjqq-u9hy-5yda" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35019?format=api", "vulnerability_id": "VCID-tkp3-e758-suhx", "summary": "Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "https://moinmo.in/SecurityFixes", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moinmo.in/SecurityFixes" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3715", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3715" }, { "reference_url": "http://www.securityfocus.com/bid/94501", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94501" }, { "reference_url": "http://www.ubuntu.com/usn/USN-3137-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-3137-1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9452?format=api", "purl": "pkg:pypi/moin@1.9.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kv8-4wn6-yydy" }, { "vulnerability": "VCID-2yaq-3m4p-q3bu" }, { "vulnerability": "VCID-4fn8-ab2r-23dk" }, { "vulnerability": "VCID-5hn2-1bvq-jfdh" }, { "vulnerability": "VCID-kjqq-u9hy-5yda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.8" } ], "aliases": [ "CVE-2016-9119", "PYSEC-2017-20" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tkp3-e758-suhx" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.8" }