Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/35905?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35905?format=api", "vulnerability_id": "VCID-txay-fuwz-2uca", "summary": "EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of the product. As a workaround, users can remove the `MD5` hashing function from the file `hashing.py`.", "aliases": [ { "alias": "CVE-2021-39182" }, { "alias": "GHSA-35m5-8cvj-8783" }, { "alias": "PYSEC-2021-385" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/24892?format=api", "purl": "pkg:pypi/enrocrypt@1.1.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/enrocrypt@1.1.4" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/24880?format=api", "purl": "pkg:pypi/enrocrypt@1.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-txay-fuwz-2uca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/enrocrypt@1.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/24881?format=api", "purl": "pkg:pypi/enrocrypt@1.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-txay-fuwz-2uca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/enrocrypt@1.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/24882?format=api", "purl": "pkg:pypi/enrocrypt@1.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-txay-fuwz-2uca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/enrocrypt@1.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/24883?format=api", "purl": "pkg:pypi/enrocrypt@1.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-txay-fuwz-2uca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/enrocrypt@1.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/24884?format=api", "purl": "pkg:pypi/enrocrypt@1.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-txay-fuwz-2uca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/enrocrypt@1.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/24885?format=api", "purl": "pkg:pypi/enrocrypt@1.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-txay-fuwz-2uca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/enrocrypt@1.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/24886?format=api", "purl": "pkg:pypi/enrocrypt@1.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-txay-fuwz-2uca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/enrocrypt@1.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/24887?format=api", "purl": "pkg:pypi/enrocrypt@1.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-txay-fuwz-2uca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/enrocrypt@1.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/24888?format=api", "purl": "pkg:pypi/enrocrypt@1.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-txay-fuwz-2uca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/enrocrypt@1.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/24889?format=api", "purl": "pkg:pypi/enrocrypt@1.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-txay-fuwz-2uca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/enrocrypt@1.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/24890?format=api", "purl": "pkg:pypi/enrocrypt@1.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-txay-fuwz-2uca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/enrocrypt@1.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/24891?format=api", "purl": "pkg:pypi/enrocrypt@1.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-txay-fuwz-2uca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/enrocrypt@1.1.3" } ], "references": [ { "reference_url": "https://github.com/Morgan-Phoenix/EnroCrypt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/Morgan-Phoenix/EnroCrypt" }, { "reference_url": "https://github.com/Morgan-Phoenix/EnroCrypt/commit/e652d56ac60eadfc26489ab83927af13a9b9d8ce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/Morgan-Phoenix/EnroCrypt/commit/e652d56ac60eadfc26489ab83927af13a9b9d8ce" }, { "reference_url": "https://github.com/Morgan-Phoenix/EnroCrypt/security/advisories/GHSA-35m5-8cvj-8783", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/Morgan-Phoenix/EnroCrypt/security/advisories/GHSA-35m5-8cvj-8783" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/enrocrypt/PYSEC-2021-385.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/enrocrypt/PYSEC-2021-385.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39182", "reference_id": "CVE-2021-39182", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39182" }, { "reference_url": "https://github.com/advisories/GHSA-35m5-8cvj-8783", "reference_id": "GHSA-35m5-8cvj-8783", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-35m5-8cvj-8783" } ], "weaknesses": [ { "cwe_id": 326, "name": "Inadequate Encryption Strength", "description": "The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required." }, { "cwe_id": 327, "name": "Use of a Broken or Risky Cryptographic Algorithm", "description": "The product uses a broken or risky cryptographic algorithm or protocol." }, { "cwe_id": 328, "name": "Use of Weak Hash", "description": "The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack)." }, { "cwe_id": 916, "name": "Use of Password Hash With Insufficient Computational Effort", "description": "The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-txay-fuwz-2uca" }