Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/217854?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217854?format=api", "vulnerability_id": "VCID-xswq-weua-9kf3", "summary": "A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.", "aliases": [ { "alias": "PYSEC-2020-182" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15634?format=api", "purl": "pkg:pypi/ecdsa@0.13.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j17-6g6g-v7d5" }, { "vulnerability": "VCID-ztuw-fdt8-5yg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.13.3" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56251?format=api", "purl": "pkg:pypi/ecdsa@0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j17-6g6g-v7d5" }, { "vulnerability": "VCID-gnxv-va34-k7e3" }, { "vulnerability": "VCID-kr78-wcmg-qbda" }, { "vulnerability": "VCID-nwue-pe6q-dqax" }, { "vulnerability": "VCID-xswq-weua-9kf3" }, { "vulnerability": "VCID-ztuw-fdt8-5yg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/56252?format=api", "purl": "pkg:pypi/ecdsa@0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j17-6g6g-v7d5" }, { "vulnerability": "VCID-gnxv-va34-k7e3" }, { "vulnerability": "VCID-kr78-wcmg-qbda" }, { "vulnerability": "VCID-nwue-pe6q-dqax" }, { "vulnerability": "VCID-xswq-weua-9kf3" }, { "vulnerability": "VCID-ztuw-fdt8-5yg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/56253?format=api", "purl": "pkg:pypi/ecdsa@0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j17-6g6g-v7d5" }, { "vulnerability": "VCID-gnxv-va34-k7e3" }, { "vulnerability": "VCID-kr78-wcmg-qbda" }, { "vulnerability": "VCID-nwue-pe6q-dqax" }, { "vulnerability": "VCID-xswq-weua-9kf3" }, { "vulnerability": "VCID-ztuw-fdt8-5yg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/56254?format=api", "purl": "pkg:pypi/ecdsa@0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j17-6g6g-v7d5" }, { "vulnerability": "VCID-gnxv-va34-k7e3" }, { "vulnerability": "VCID-kr78-wcmg-qbda" }, { "vulnerability": "VCID-nwue-pe6q-dqax" }, { "vulnerability": "VCID-xswq-weua-9kf3" }, { "vulnerability": "VCID-ztuw-fdt8-5yg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/56255?format=api", "purl": "pkg:pypi/ecdsa@0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j17-6g6g-v7d5" }, { "vulnerability": "VCID-gnxv-va34-k7e3" }, { "vulnerability": "VCID-kr78-wcmg-qbda" }, { "vulnerability": "VCID-nwue-pe6q-dqax" }, { "vulnerability": "VCID-xswq-weua-9kf3" }, { "vulnerability": "VCID-ztuw-fdt8-5yg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/56256?format=api", "purl": "pkg:pypi/ecdsa@0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j17-6g6g-v7d5" }, { "vulnerability": "VCID-gnxv-va34-k7e3" }, { "vulnerability": "VCID-kr78-wcmg-qbda" }, { "vulnerability": "VCID-nwue-pe6q-dqax" }, { "vulnerability": "VCID-xswq-weua-9kf3" }, { "vulnerability": "VCID-ztuw-fdt8-5yg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/56257?format=api", "purl": "pkg:pypi/ecdsa@0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j17-6g6g-v7d5" }, { "vulnerability": "VCID-gnxv-va34-k7e3" }, { "vulnerability": "VCID-kr78-wcmg-qbda" }, { "vulnerability": "VCID-nwue-pe6q-dqax" }, { "vulnerability": "VCID-xswq-weua-9kf3" }, { "vulnerability": "VCID-ztuw-fdt8-5yg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/56258?format=api", "purl": "pkg:pypi/ecdsa@0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j17-6g6g-v7d5" }, { "vulnerability": "VCID-gnxv-va34-k7e3" }, { "vulnerability": "VCID-kr78-wcmg-qbda" }, { "vulnerability": "VCID-nwue-pe6q-dqax" }, { "vulnerability": "VCID-xswq-weua-9kf3" }, { "vulnerability": "VCID-ztuw-fdt8-5yg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/56259?format=api", "purl": "pkg:pypi/ecdsa@0.13.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j17-6g6g-v7d5" }, { "vulnerability": "VCID-gnxv-va34-k7e3" }, { "vulnerability": "VCID-kr78-wcmg-qbda" }, { "vulnerability": "VCID-nwue-pe6q-dqax" }, { "vulnerability": "VCID-xswq-weua-9kf3" }, { "vulnerability": "VCID-ztuw-fdt8-5yg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.13.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/56260?format=api", "purl": "pkg:pypi/ecdsa@0.13.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j17-6g6g-v7d5" }, { "vulnerability": "VCID-gnxv-va34-k7e3" }, { "vulnerability": "VCID-kr78-wcmg-qbda" }, { "vulnerability": "VCID-nwue-pe6q-dqax" }, { "vulnerability": "VCID-xswq-weua-9kf3" }, { "vulnerability": "VCID-ztuw-fdt8-5yg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.13.2" } ], "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14859", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14859" }, { "reference_url": "https://github.com/warner/python-ecdsa/issues/114", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/warner/python-ecdsa/issues/114" }, { "reference_url": "https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3" }, { "reference_url": "https://pypi.org/project/ecdsa/0.13.3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://pypi.org/project/ecdsa/0.13.3/" } ], "weaknesses": [], "exploits": [], "severity_range_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xswq-weua-9kf3" }