Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/35615?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35615?format=api", "vulnerability_id": "VCID-m2sw-ms1a-zkb5", "summary": "Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata (i.e. by a person-in-the-middle attack) culminating in a version which has not been correctly signed to control the trust chain for future updates. This is fixed in version 0.12 and newer.", "aliases": [ { "alias": "CVE-2020-15163" }, { "alias": "GHSA-f8mr-jv2c-v8mg" }, { "alias": "PYSEC-2020-145" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/14823?format=api", "purl": "pkg:pypi/tuf@0.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6tgx-mpvy-63ab" }, { "vulnerability": "VCID-px54-yh8d-5bbc" }, { "vulnerability": "VCID-q9jt-smnw-s3h9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tuf@0.12.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/14811?format=api", "purl": "pkg:pypi/tuf@0.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6tgx-mpvy-63ab" }, { "vulnerability": "VCID-m2sw-ms1a-zkb5" }, { "vulnerability": "VCID-px54-yh8d-5bbc" }, { "vulnerability": "VCID-q9jt-smnw-s3h9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tuf@0.10.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/14812?format=api", "purl": "pkg:pypi/tuf@0.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6tgx-mpvy-63ab" }, { "vulnerability": "VCID-m2sw-ms1a-zkb5" }, { "vulnerability": "VCID-px54-yh8d-5bbc" }, { "vulnerability": "VCID-q9jt-smnw-s3h9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tuf@0.10.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/14813?format=api", "purl": "pkg:pypi/tuf@0.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6tgx-mpvy-63ab" }, { "vulnerability": "VCID-m2sw-ms1a-zkb5" }, { "vulnerability": "VCID-px54-yh8d-5bbc" }, { "vulnerability": "VCID-q9jt-smnw-s3h9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tuf@0.10.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/14815?format=api", "purl": "pkg:pypi/tuf@0.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6tgx-mpvy-63ab" }, { "vulnerability": "VCID-m2sw-ms1a-zkb5" }, { "vulnerability": "VCID-px54-yh8d-5bbc" }, { "vulnerability": "VCID-q9jt-smnw-s3h9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tuf@0.11.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/14816?format=api", "purl": "pkg:pypi/tuf@0.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6tgx-mpvy-63ab" }, { "vulnerability": "VCID-m2sw-ms1a-zkb5" }, { "vulnerability": "VCID-px54-yh8d-5bbc" }, { "vulnerability": "VCID-q9jt-smnw-s3h9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tuf@0.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/14817?format=api", "purl": "pkg:pypi/tuf@0.11.2.dev1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6tgx-mpvy-63ab" }, { "vulnerability": "VCID-m2sw-ms1a-zkb5" }, { "vulnerability": "VCID-px54-yh8d-5bbc" }, { "vulnerability": "VCID-q9jt-smnw-s3h9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tuf@0.11.2.dev1" }, { "url": "http://public2.vulnerablecode.io/api/packages/14818?format=api", "purl": "pkg:pypi/tuf@0.11.2.dev2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6tgx-mpvy-63ab" }, { "vulnerability": "VCID-m2sw-ms1a-zkb5" }, { "vulnerability": "VCID-px54-yh8d-5bbc" }, { "vulnerability": "VCID-q9jt-smnw-s3h9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tuf@0.11.2.dev2" }, { "url": "http://public2.vulnerablecode.io/api/packages/14819?format=api", "purl": "pkg:pypi/tuf@0.11.2.dev3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6tgx-mpvy-63ab" }, { "vulnerability": "VCID-m2sw-ms1a-zkb5" }, { "vulnerability": "VCID-px54-yh8d-5bbc" }, { "vulnerability": "VCID-q9jt-smnw-s3h9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tuf@0.11.2.dev3" }, { "url": "http://public2.vulnerablecode.io/api/packages/14814?format=api", "purl": "pkg:pypi/tuf@0.11.dev0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6tgx-mpvy-63ab" }, { "vulnerability": "VCID-m2sw-ms1a-zkb5" }, { "vulnerability": "VCID-px54-yh8d-5bbc" }, { "vulnerability": "VCID-q9jt-smnw-s3h9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tuf@0.11.dev0" }, { "url": "http://public2.vulnerablecode.io/api/packages/14820?format=api", "purl": "pkg:pypi/tuf@0.12.dev0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6tgx-mpvy-63ab" }, { "vulnerability": "VCID-m2sw-ms1a-zkb5" }, { "vulnerability": "VCID-px54-yh8d-5bbc" }, { "vulnerability": "VCID-q9jt-smnw-s3h9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tuf@0.12.dev0" }, { "url": "http://public2.vulnerablecode.io/api/packages/14821?format=api", "purl": "pkg:pypi/tuf@0.12.dev1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6tgx-mpvy-63ab" }, { "vulnerability": "VCID-m2sw-ms1a-zkb5" }, { "vulnerability": "VCID-px54-yh8d-5bbc" }, { "vulnerability": "VCID-q9jt-smnw-s3h9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tuf@0.12.dev1" }, { "url": "http://public2.vulnerablecode.io/api/packages/14822?format=api", "purl": "pkg:pypi/tuf@0.12.dev2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6tgx-mpvy-63ab" }, { "vulnerability": "VCID-m2sw-ms1a-zkb5" }, { "vulnerability": "VCID-px54-yh8d-5bbc" }, { "vulnerability": "VCID-q9jt-smnw-s3h9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tuf@0.12.dev2" }, { "url": "http://public2.vulnerablecode.io/api/packages/14808?format=api", "purl": "pkg:pypi/tuf@0.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6tgx-mpvy-63ab" }, { "vulnerability": "VCID-m2sw-ms1a-zkb5" }, { "vulnerability": "VCID-px54-yh8d-5bbc" }, { "vulnerability": "VCID-q9jt-smnw-s3h9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tuf@0.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/14809?format=api", "purl": "pkg:pypi/tuf@0.9.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6tgx-mpvy-63ab" }, { "vulnerability": "VCID-m2sw-ms1a-zkb5" }, { "vulnerability": "VCID-px54-yh8d-5bbc" }, { "vulnerability": "VCID-q9jt-smnw-s3h9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tuf@0.9.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/14810?format=api", "purl": "pkg:pypi/tuf@0.9.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6tgx-mpvy-63ab" }, { "vulnerability": "VCID-m2sw-ms1a-zkb5" }, { "vulnerability": "VCID-px54-yh8d-5bbc" }, { "vulnerability": "VCID-q9jt-smnw-s3h9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/tuf@0.9.9" } ], "references": [ { "reference_url": "https://github.com/theupdateframework/tuf/commit/3d342e648fbacdf43a13d7ba8886aaaf07334af7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/theupdateframework/tuf/commit/3d342e648fbacdf43a13d7ba8886aaaf07334af7" }, { "reference_url": "https://github.com/theupdateframework/tuf/pull/885", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/theupdateframework/tuf/pull/885" }, { "reference_url": "https://github.com/theupdateframework/tuf/releases/tag/v0.12.0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/theupdateframework/tuf/releases/tag/v0.12.0" }, { "reference_url": "https://github.com/theupdateframework/tuf/security/advisories/GHSA-f8mr-jv2c-v8mg", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/theupdateframework/tuf/security/advisories/GHSA-f8mr-jv2c-v8mg" }, { "reference_url": "https://pypi.org/project/tuf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://pypi.org/project/tuf" } ], "weaknesses": [], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m2sw-ms1a-zkb5" }