Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/35925?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35925?format=api", "vulnerability_id": "VCID-3z5k-pnfu-pbha", "summary": "Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An attacker can add malicious code to the config file of a trained model and attempt to convince users to download and run it. If users run the model, the embedded code will run locally. The issue is fixed in version 2.3.24.", "aliases": [ { "alias": "CVE-2021-43811" }, { "alias": "GHSA-ggmr-44cv-24pm" }, { "alias": "PYSEC-2021-848" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25659?format=api", "purl": "pkg:pypi/sockeye@2.3.24", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@2.3.24" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25595?format=api", "purl": "pkg:pypi/sockeye@1.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/25596?format=api", "purl": "pkg:pypi/sockeye@1.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/25597?format=api", "purl": "pkg:pypi/sockeye@1.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/25598?format=api", "purl": "pkg:pypi/sockeye@1.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/25599?format=api", "purl": "pkg:pypi/sockeye@1.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/25600?format=api", "purl": "pkg:pypi/sockeye@1.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/25601?format=api", "purl": "pkg:pypi/sockeye@1.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/25602?format=api", "purl": "pkg:pypi/sockeye@1.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.10.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/25603?format=api", "purl": "pkg:pypi/sockeye@1.10.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/25604?format=api", "purl": "pkg:pypi/sockeye@1.10.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.10.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/25605?format=api", "purl": "pkg:pypi/sockeye@1.10.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.10.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/25606?format=api", "purl": "pkg:pypi/sockeye@1.13.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.13.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/25607?format=api", "purl": "pkg:pypi/sockeye@1.15.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.15.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/25608?format=api", "purl": "pkg:pypi/sockeye@1.15.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.15.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/25609?format=api", "purl": "pkg:pypi/sockeye@1.15.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.15.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/25610?format=api", "purl": "pkg:pypi/sockeye@1.15.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.15.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/25611?format=api", "purl": "pkg:pypi/sockeye@1.16.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.16.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/25612?format=api", "purl": "pkg:pypi/sockeye@1.16.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.16.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/25613?format=api", "purl": "pkg:pypi/sockeye@1.16.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.16.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/25614?format=api", "purl": "pkg:pypi/sockeye@1.17.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.17.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/25615?format=api", "purl": "pkg:pypi/sockeye@1.17.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.17.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/25616?format=api", "purl": "pkg:pypi/sockeye@1.17.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.17.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/25617?format=api", "purl": "pkg:pypi/sockeye@1.18.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/25618?format=api", "purl": "pkg:pypi/sockeye@1.18.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/25619?format=api", "purl": "pkg:pypi/sockeye@1.18.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/25620?format=api", "purl": "pkg:pypi/sockeye@1.18.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/25621?format=api", "purl": "pkg:pypi/sockeye@1.18.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/25622?format=api", "purl": "pkg:pypi/sockeye@1.18.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/25623?format=api", "purl": "pkg:pypi/sockeye@1.18.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/25624?format=api", "purl": "pkg:pypi/sockeye@1.18.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/25625?format=api", "purl": "pkg:pypi/sockeye@1.18.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/25626?format=api", "purl": "pkg:pypi/sockeye@1.18.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/25627?format=api", "purl": "pkg:pypi/sockeye@1.18.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/25628?format=api", "purl": "pkg:pypi/sockeye@1.18.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/25629?format=api", "purl": "pkg:pypi/sockeye@1.18.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/25630?format=api", "purl": "pkg:pypi/sockeye@1.18.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.28" }, { "url": "http://public2.vulnerablecode.io/api/packages/25631?format=api", "purl": "pkg:pypi/sockeye@1.18.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.35" }, { "url": "http://public2.vulnerablecode.io/api/packages/25632?format=api", "purl": "pkg:pypi/sockeye@1.18.41", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.41" }, { "url": "http://public2.vulnerablecode.io/api/packages/25633?format=api", "purl": "pkg:pypi/sockeye@1.18.47", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.47" }, { "url": "http://public2.vulnerablecode.io/api/packages/25634?format=api", "purl": "pkg:pypi/sockeye@1.18.54", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.54" }, { "url": "http://public2.vulnerablecode.io/api/packages/25635?format=api", "purl": "pkg:pypi/sockeye@1.18.56", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.56" }, { "url": "http://public2.vulnerablecode.io/api/packages/25636?format=api", "purl": "pkg:pypi/sockeye@1.18.57", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.57" }, { "url": "http://public2.vulnerablecode.io/api/packages/25637?format=api", "purl": "pkg:pypi/sockeye@1.18.61", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.61" }, { "url": "http://public2.vulnerablecode.io/api/packages/25638?format=api", "purl": "pkg:pypi/sockeye@1.18.67", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.67" }, { "url": "http://public2.vulnerablecode.io/api/packages/25639?format=api", "purl": "pkg:pypi/sockeye@1.18.72", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.72" }, { "url": "http://public2.vulnerablecode.io/api/packages/25640?format=api", "purl": "pkg:pypi/sockeye@1.18.78", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.78" }, { "url": "http://public2.vulnerablecode.io/api/packages/25641?format=api", "purl": "pkg:pypi/sockeye@1.18.85", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.85" }, { "url": "http://public2.vulnerablecode.io/api/packages/25642?format=api", "purl": "pkg:pypi/sockeye@1.18.92", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.92" }, { "url": "http://public2.vulnerablecode.io/api/packages/25643?format=api", "purl": "pkg:pypi/sockeye@1.18.93", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.93" }, { "url": "http://public2.vulnerablecode.io/api/packages/25644?format=api", "purl": "pkg:pypi/sockeye@1.18.97", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.97" }, { "url": "http://public2.vulnerablecode.io/api/packages/25645?format=api", "purl": "pkg:pypi/sockeye@1.18.106", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@1.18.106" }, { "url": "http://public2.vulnerablecode.io/api/packages/25646?format=api", "purl": "pkg:pypi/sockeye@2.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@2.1.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/25647?format=api", "purl": "pkg:pypi/sockeye@2.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@2.1.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/25648?format=api", "purl": "pkg:pypi/sockeye@2.1.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@2.1.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/25649?format=api", "purl": "pkg:pypi/sockeye@2.1.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@2.1.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/25650?format=api", "purl": "pkg:pypi/sockeye@2.1.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@2.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/25651?format=api", "purl": "pkg:pypi/sockeye@2.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@2.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/25652?format=api", "purl": "pkg:pypi/sockeye@2.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@2.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/25653?format=api", "purl": "pkg:pypi/sockeye@2.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@2.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/25654?format=api", "purl": "pkg:pypi/sockeye@2.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@2.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/25655?format=api", "purl": "pkg:pypi/sockeye@2.3.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@2.3.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/25656?format=api", "purl": "pkg:pypi/sockeye@2.3.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@2.3.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/25657?format=api", "purl": "pkg:pypi/sockeye@2.3.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@2.3.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/25658?format=api", "purl": "pkg:pypi/sockeye@2.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3z5k-pnfu-pbha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/sockeye@2.3.22" } ], "references": [ { "reference_url": "https://github.com/awslabs/sockeye", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/awslabs/sockeye" }, { "reference_url": "https://github.com/awslabs/sockeye/pull/964", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/awslabs/sockeye/pull/964" }, { "reference_url": "https://github.com/awslabs/sockeye/releases/tag/2.3.24", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/awslabs/sockeye/releases/tag/2.3.24" }, { "reference_url": "https://github.com/awslabs/sockeye/security/advisories/GHSA-ggmr-44cv-24pm", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/awslabs/sockeye/security/advisories/GHSA-ggmr-44cv-24pm" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/sockeye/PYSEC-2021-848.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/sockeye/PYSEC-2021-848.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43811", "reference_id": "CVE-2021-43811", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43811" }, { "reference_url": "https://github.com/advisories/GHSA-ggmr-44cv-24pm", "reference_id": "GHSA-ggmr-44cv-24pm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ggmr-44cv-24pm" } ], "weaknesses": [ { "cwe_id": 94, "name": "Improper Control of Generation of Code ('Code Injection')", "description": "The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3z5k-pnfu-pbha" }