Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/35747?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35747?format=api", "vulnerability_id": "VCID-rcr6-m1qq-dfad", "summary": "Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an open redirect vulnerability. A maliciously crafted link to the login form and login functionality could redirect the browser to a different website. The problem has been fixed in version 2.6.1. Depending on how you have installed Products.PluggableAuthService, you should change the buildout version pin to `2.6.1` and re-run the buildout, or if you used `pip` simply do `pip install \"Products.PluggableAuthService>=2.6.1\".", "aliases": [ { "alias": "CVE-2021-21337" }, { "alias": "GHSA-p44j-xrqg-4xrr" }, { "alias": "PYSEC-2021-45" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20264?format=api", "purl": "pkg:pypi/products-pluggableauthservice@2.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.6.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20219?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.5.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/20220?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.5.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.5.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20221?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/20222?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.5.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/20223?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.5.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/20224?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/20225?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20226?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.6.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/20227?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/20228?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/20229?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.6.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.6.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/20230?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.7.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.7.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20231?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.7.0b2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.7.0b2" }, { "url": "http://public2.vulnerablecode.io/api/packages/20232?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/20233?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20234?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/20235?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.7.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/20236?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/20237?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/20238?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.7.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.7.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/20239?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.7.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.7.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/20240?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.7.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.7.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/20241?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/20242?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/20243?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.10.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/20244?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.11.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/20245?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20246?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.11.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.11.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/20247?format=api", "purl": "pkg:pypi/products-pluggableauthservice@1.11.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.11.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/20248?format=api", "purl": "pkg:pypi/products-pluggableauthservice@2.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20249?format=api", "purl": "pkg:pypi/products-pluggableauthservice@2.0b2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.0b2" }, { "url": "http://public2.vulnerablecode.io/api/packages/20250?format=api", "purl": "pkg:pypi/products-pluggableauthservice@2.0b3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.0b3" }, { "url": "http://public2.vulnerablecode.io/api/packages/20251?format=api", "purl": "pkg:pypi/products-pluggableauthservice@2.0b4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.0b4" }, { "url": "http://public2.vulnerablecode.io/api/packages/20252?format=api", "purl": "pkg:pypi/products-pluggableauthservice@2.0b5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.0b5" }, { "url": "http://public2.vulnerablecode.io/api/packages/20253?format=api", "purl": "pkg:pypi/products-pluggableauthservice@2.0b6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.0b6" }, { "url": "http://public2.vulnerablecode.io/api/packages/20254?format=api", "purl": "pkg:pypi/products-pluggableauthservice@2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/20255?format=api", "purl": "pkg:pypi/products-pluggableauthservice@2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20256?format=api", "purl": "pkg:pypi/products-pluggableauthservice@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20257?format=api", "purl": "pkg:pypi/products-pluggableauthservice@2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/20258?format=api", "purl": "pkg:pypi/products-pluggableauthservice@2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20259?format=api", "purl": "pkg:pypi/products-pluggableauthservice@2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/20260?format=api", "purl": "pkg:pypi/products-pluggableauthservice@2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/20261?format=api", "purl": "pkg:pypi/products-pluggableauthservice@2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/20262?format=api", "purl": "pkg:pypi/products-pluggableauthservice@2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q8ef-gy9e-ykfb" }, { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20263?format=api", "purl": "pkg:pypi/products-pluggableauthservice@2.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-rcr6-m1qq-dfad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.6.0" } ], "references": [ { "reference_url": "https://github.com/zopefoundation/Products.PluggableAuthService/commit/7eead067898852ebd3e0f143bc51295928528dfa", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/zopefoundation/Products.PluggableAuthService/commit/7eead067898852ebd3e0f143bc51295928528dfa" }, { "reference_url": "https://github.com/zopefoundation/Products.PluggableAuthService/security/advisories/GHSA-p44j-xrqg-4xrr", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/zopefoundation/Products.PluggableAuthService/security/advisories/GHSA-p44j-xrqg-4xrr" }, { "reference_url": "https://pypi.org/project/Products.PluggableAuthService/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://pypi.org/project/Products.PluggableAuthService/" } ], "weaknesses": [], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rcr6-m1qq-dfad" }