Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/35288?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35288?format=api", "vulnerability_id": "VCID-b7zr-zrzn-w3ej", "summary": "The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but it contains in the header the current session of the user. This session could then be stolen by a man-in-the-middle.", "aliases": [ { "alias": "CVE-2018-19443" }, { "alias": "GHSA-32w7-9whp-cjp9" }, { "alias": "PYSEC-2018-77" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12505?format=api", "purl": "pkg:pypi/tryton@5.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ptr-cub3-3yeq" }, { "vulnerability": "VCID-te21-ks2b-dfhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tryton@5.0.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12504?format=api", "purl": "pkg:pypi/tryton@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ptr-cub3-3yeq" }, { "vulnerability": "VCID-b7zr-zrzn-w3ej" }, { "vulnerability": "VCID-te21-ks2b-dfhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tryton@5.0.0" } ], "references": [ { "reference_url": "https://bugs.tryton.org/issue7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.tryton.org/issue7792" }, { "reference_url": "https://discuss.tryton.org/t/security-release-for-issue7792/830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://discuss.tryton.org/t/security-release-for-issue7792/830" }, { "reference_url": "https://github.com/advisories/GHSA-32w7-9whp-cjp9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-32w7-9whp-cjp9" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/tryton/PYSEC-2018-77.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tryton/PYSEC-2018-77.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19443", "reference_id": "CVE-2018-19443", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19443" } ], "weaknesses": [ { "cwe_id": 384, "name": "Session Fixation", "description": "Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b7zr-zrzn-w3ej" }