Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/35200?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35200?format=api", "vulnerability_id": "VCID-881t-fv6t-ybaw", "summary": "diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive.", "aliases": [ { "alias": "CVE-2017-0359" }, { "alias": "GHSA-8p5c-f328-9fvv" }, { "alias": "PYSEC-2018-83" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11310?format=api", "purl": "pkg:pypi/diffoscope@76", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@76" }, { "url": "http://public2.vulnerablecode.io/api/packages/11311?format=api", "purl": "pkg:pypi/diffoscope@77", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@77" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11277?format=api", "purl": "pkg:pypi/diffoscope@39", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@39" }, { "url": "http://public2.vulnerablecode.io/api/packages/11278?format=api", "purl": "pkg:pypi/diffoscope@40", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@40" }, { "url": "http://public2.vulnerablecode.io/api/packages/11279?format=api", "purl": "pkg:pypi/diffoscope@41", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@41" }, { "url": "http://public2.vulnerablecode.io/api/packages/11280?format=api", "purl": "pkg:pypi/diffoscope@42", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@42" }, { "url": "http://public2.vulnerablecode.io/api/packages/11281?format=api", "purl": "pkg:pypi/diffoscope@43", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@43" }, { "url": "http://public2.vulnerablecode.io/api/packages/11282?format=api", "purl": "pkg:pypi/diffoscope@44", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@44" }, { "url": "http://public2.vulnerablecode.io/api/packages/11283?format=api", "purl": "pkg:pypi/diffoscope@45", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@45" }, { "url": "http://public2.vulnerablecode.io/api/packages/11284?format=api", "purl": "pkg:pypi/diffoscope@46", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@46" }, { "url": "http://public2.vulnerablecode.io/api/packages/11285?format=api", "purl": "pkg:pypi/diffoscope@47", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@47" }, { "url": "http://public2.vulnerablecode.io/api/packages/11286?format=api", "purl": "pkg:pypi/diffoscope@48", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@48" }, { "url": "http://public2.vulnerablecode.io/api/packages/11287?format=api", "purl": "pkg:pypi/diffoscope@49", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@49" }, { "url": "http://public2.vulnerablecode.io/api/packages/11288?format=api", "purl": "pkg:pypi/diffoscope@51", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@51" }, { "url": "http://public2.vulnerablecode.io/api/packages/11289?format=api", "purl": "pkg:pypi/diffoscope@52", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@52" }, { "url": "http://public2.vulnerablecode.io/api/packages/11290?format=api", "purl": "pkg:pypi/diffoscope@54", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@54" }, { "url": "http://public2.vulnerablecode.io/api/packages/11291?format=api", "purl": "pkg:pypi/diffoscope@55", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@55" }, { "url": "http://public2.vulnerablecode.io/api/packages/11292?format=api", "purl": "pkg:pypi/diffoscope@56", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@56" }, { "url": "http://public2.vulnerablecode.io/api/packages/11293?format=api", "purl": "pkg:pypi/diffoscope@59", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@59" }, { "url": "http://public2.vulnerablecode.io/api/packages/11294?format=api", "purl": "pkg:pypi/diffoscope@60", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@60" }, { "url": "http://public2.vulnerablecode.io/api/packages/11295?format=api", "purl": "pkg:pypi/diffoscope@61", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@61" }, { "url": "http://public2.vulnerablecode.io/api/packages/11296?format=api", "purl": "pkg:pypi/diffoscope@62", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@62" }, { "url": "http://public2.vulnerablecode.io/api/packages/11297?format=api", "purl": "pkg:pypi/diffoscope@63", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@63" }, { "url": "http://public2.vulnerablecode.io/api/packages/11298?format=api", "purl": "pkg:pypi/diffoscope@64", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@64" }, { "url": "http://public2.vulnerablecode.io/api/packages/11299?format=api", "purl": "pkg:pypi/diffoscope@65", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@65" }, { "url": "http://public2.vulnerablecode.io/api/packages/11300?format=api", "purl": "pkg:pypi/diffoscope@66", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@66" }, { "url": "http://public2.vulnerablecode.io/api/packages/11301?format=api", "purl": "pkg:pypi/diffoscope@67", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@67" }, { "url": "http://public2.vulnerablecode.io/api/packages/11302?format=api", "purl": "pkg:pypi/diffoscope@68", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@68" }, { "url": "http://public2.vulnerablecode.io/api/packages/11303?format=api", "purl": "pkg:pypi/diffoscope@69", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@69" }, { "url": "http://public2.vulnerablecode.io/api/packages/11304?format=api", "purl": "pkg:pypi/diffoscope@70", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@70" }, { "url": "http://public2.vulnerablecode.io/api/packages/11305?format=api", "purl": "pkg:pypi/diffoscope@71", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@71" }, { "url": "http://public2.vulnerablecode.io/api/packages/11306?format=api", "purl": "pkg:pypi/diffoscope@72", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@72" }, { "url": "http://public2.vulnerablecode.io/api/packages/11307?format=api", "purl": "pkg:pypi/diffoscope@73", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@73" }, { "url": "http://public2.vulnerablecode.io/api/packages/11308?format=api", "purl": "pkg:pypi/diffoscope@74", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@74" }, { "url": "http://public2.vulnerablecode.io/api/packages/11309?format=api", "purl": "pkg:pypi/diffoscope@75", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@75" }, { "url": "http://public2.vulnerablecode.io/api/packages/11310?format=api", "purl": "pkg:pypi/diffoscope@76", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-881t-fv6t-ybaw" }, { "vulnerability": "VCID-c5n9-pffj-dqaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/diffoscope@76" } ], "references": [ { "reference_url": "https://bugs.debian.org/854723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/854723" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854723" }, { "reference_url": "https://github.com/advisories/GHSA-8p5c-f328-9fvv", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8p5c-f328-9fvv" }, { "reference_url": "https://github.com/anthraxx/diffoscope", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/anthraxx/diffoscope" }, { "reference_url": "https://github.com/anthraxx/diffoscope/commit/632a40828a54b399787c25e7fa243f732aef7e05", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/anthraxx/diffoscope/commit/632a40828a54b399787c25e7fa243f732aef7e05" }, { "reference_url": "https://github.com/anthraxx/diffoscope/commit/f379d1f611dbd5d361e12b732e07c8aee45ff226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/anthraxx/diffoscope/commit/f379d1f611dbd5d361e12b732e07c8aee45ff226" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/diffoscope/PYSEC-2018-83.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/diffoscope/PYSEC-2018-83.yaml" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2017-0359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security-tracker.debian.org/tracker/CVE-2017-0359" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0359", "reference_id": "CVE-2017-0359", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0359" } ], "weaknesses": [ { "cwe_id": 22, "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "description": "The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-881t-fv6t-ybaw" }