Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/35140?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35140?format=api", "vulnerability_id": "VCID-u7bd-sut3-9ud7", "summary": "An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A \"Load YAML\" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.", "aliases": [ { "alias": "CVE-2017-16618" }, { "alias": "GHSA-ccmq-qvcp-5mrm" }, { "alias": "PYSEC-2017-22" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/10485?format=api", "purl": "pkg:pypi/owlmixin@2.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@2.0.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/10449?format=api", "purl": "pkg:pypi/owlmixin@1.0.0b3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@1.0.0b3" }, { "url": "http://public2.vulnerablecode.io/api/packages/10450?format=api", "purl": "pkg:pypi/owlmixin@1.0.0b4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@1.0.0b4" }, { "url": "http://public2.vulnerablecode.io/api/packages/10451?format=api", "purl": "pkg:pypi/owlmixin@1.0.0b6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@1.0.0b6" }, { "url": "http://public2.vulnerablecode.io/api/packages/10452?format=api", "purl": "pkg:pypi/owlmixin@1.0.0b7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@1.0.0b7" }, { "url": "http://public2.vulnerablecode.io/api/packages/10453?format=api", "purl": "pkg:pypi/owlmixin@1.0.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@1.0.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/10454?format=api", "purl": "pkg:pypi/owlmixin@1.0.0rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@1.0.0rc2" }, { "url": "http://public2.vulnerablecode.io/api/packages/10455?format=api", "purl": "pkg:pypi/owlmixin@1.0.0rc3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@1.0.0rc3" }, { "url": "http://public2.vulnerablecode.io/api/packages/10456?format=api", "purl": "pkg:pypi/owlmixin@1.0.0rc4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@1.0.0rc4" }, { "url": "http://public2.vulnerablecode.io/api/packages/10457?format=api", "purl": "pkg:pypi/owlmixin@1.0.0rc5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@1.0.0rc5" }, { "url": "http://public2.vulnerablecode.io/api/packages/10458?format=api", "purl": "pkg:pypi/owlmixin@1.0.0rc6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@1.0.0rc6" }, { "url": "http://public2.vulnerablecode.io/api/packages/10459?format=api", "purl": "pkg:pypi/owlmixin@1.0.0rc7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@1.0.0rc7" }, { "url": "http://public2.vulnerablecode.io/api/packages/10460?format=api", "purl": "pkg:pypi/owlmixin@1.0.0rc8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@1.0.0rc8" }, { "url": "http://public2.vulnerablecode.io/api/packages/10461?format=api", "purl": "pkg:pypi/owlmixin@1.0.0rc9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@1.0.0rc9" }, { "url": "http://public2.vulnerablecode.io/api/packages/10462?format=api", "purl": "pkg:pypi/owlmixin@1.0.0rc10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@1.0.0rc10" }, { "url": "http://public2.vulnerablecode.io/api/packages/10463?format=api", "purl": "pkg:pypi/owlmixin@1.0.0rc11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@1.0.0rc11" }, { "url": "http://public2.vulnerablecode.io/api/packages/10464?format=api", "purl": "pkg:pypi/owlmixin@1.0.0rc12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@1.0.0rc12" }, { "url": "http://public2.vulnerablecode.io/api/packages/10465?format=api", "purl": "pkg:pypi/owlmixin@1.0.0rc13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@1.0.0rc13" }, { "url": "http://public2.vulnerablecode.io/api/packages/10466?format=api", "purl": "pkg:pypi/owlmixin@1.0.0rc14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@1.0.0rc14" }, { "url": "http://public2.vulnerablecode.io/api/packages/10467?format=api", "purl": "pkg:pypi/owlmixin@1.0.0rc15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@1.0.0rc15" }, { "url": "http://public2.vulnerablecode.io/api/packages/10468?format=api", "purl": "pkg:pypi/owlmixin@1.0.0rc16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@1.0.0rc16" }, { "url": "http://public2.vulnerablecode.io/api/packages/10469?format=api", "purl": "pkg:pypi/owlmixin@1.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@1.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/10470?format=api", "purl": "pkg:pypi/owlmixin@1.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@1.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/10471?format=api", "purl": "pkg:pypi/owlmixin@1.2.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@1.2.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/10472?format=api", "purl": "pkg:pypi/owlmixin@1.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@1.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/10473?format=api", "purl": "pkg:pypi/owlmixin@2.0.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@2.0.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/10474?format=api", "purl": "pkg:pypi/owlmixin@2.0.0a2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@2.0.0a2" }, { "url": "http://public2.vulnerablecode.io/api/packages/10475?format=api", "purl": "pkg:pypi/owlmixin@2.0.0a3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@2.0.0a3" }, { "url": "http://public2.vulnerablecode.io/api/packages/10476?format=api", "purl": "pkg:pypi/owlmixin@2.0.0a4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@2.0.0a4" }, { "url": "http://public2.vulnerablecode.io/api/packages/10477?format=api", "purl": "pkg:pypi/owlmixin@2.0.0a5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@2.0.0a5" }, { "url": "http://public2.vulnerablecode.io/api/packages/10478?format=api", "purl": "pkg:pypi/owlmixin@2.0.0a6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@2.0.0a6" }, { "url": "http://public2.vulnerablecode.io/api/packages/10479?format=api", "purl": "pkg:pypi/owlmixin@2.0.0a7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@2.0.0a7" }, { "url": "http://public2.vulnerablecode.io/api/packages/10480?format=api", "purl": "pkg:pypi/owlmixin@2.0.0a9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@2.0.0a9" }, { "url": "http://public2.vulnerablecode.io/api/packages/10481?format=api", "purl": "pkg:pypi/owlmixin@2.0.0a10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@2.0.0a10" }, { "url": "http://public2.vulnerablecode.io/api/packages/10482?format=api", "purl": "pkg:pypi/owlmixin@2.0.0a11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@2.0.0a11" }, { "url": "http://public2.vulnerablecode.io/api/packages/10483?format=api", "purl": "pkg:pypi/owlmixin@2.0.0a12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@2.0.0a12" }, { "url": "http://public2.vulnerablecode.io/api/packages/10484?format=api", "purl": "pkg:pypi/owlmixin@2.0.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-u7bd-sut3-9ud7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/owlmixin@2.0.0rc1" } ], "references": [ { "reference_url": "https://github.com/advisories/GHSA-ccmq-qvcp-5mrm", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ccmq-qvcp-5mrm" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/owlmixin/PYSEC-2017-22.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/owlmixin/PYSEC-2017-22.yaml" }, { "reference_url": "https://github.com/tadashi-aikawa/owlmixin", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/tadashi-aikawa/owlmixin" }, { "reference_url": "https://github.com/tadashi-aikawa/owlmixin/commit/5d0575303f6df869a515ced4285f24ba721e0d4e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/tadashi-aikawa/owlmixin/commit/5d0575303f6df869a515ced4285f24ba721e0d4e" }, { "reference_url": "https://github.com/tadashi-aikawa/owlmixin/issues/12", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/tadashi-aikawa/owlmixin/issues/12" }, { "reference_url": "https://joel-malwarebenchmark.github.io/blog/2017/11/08/cve-2017-16618-convert-through-owlmixin/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://joel-malwarebenchmark.github.io/blog/2017/11/08/cve-2017-16618-convert-through-owlmixin/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16618", "reference_id": "CVE-2017-16618", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16618" }, { "reference_url": "https://joel-malwarebenchmark.github.io/blog/2017/11/08/cve-2017-16618-convert-through-owlmixin", "reference_id": "CVE-2017-16618-CONVERT-THROUGH-OWLMIXIN", "reference_type": "", "scores": [], "url": "https://joel-malwarebenchmark.github.io/blog/2017/11/08/cve-2017-16618-convert-through-owlmixin" } ], "weaknesses": [ { "cwe_id": 502, "name": "Deserialization of Untrusted Data", "description": "The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u7bd-sut3-9ud7" }