Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/36165?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36165?format=api", "vulnerability_id": "VCID-ebnj-xar7-fban", "summary": "A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate user in a place they did not expect. The highest threat from this vulnerability is to confidentiality and integrity.", "aliases": [ { "alias": "CVE-2021-3701" }, { "alias": "GHSA-wwch-cmqr-hhrm" }, { "alias": "PYSEC-2022-43067" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28795?format=api", "purl": "pkg:pypi/ansible-runner@2.1.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible-runner@2.1.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28787?format=api", "purl": "pkg:pypi/ansible-runner@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-156y-36mu-hbbh" }, { "vulnerability": "VCID-2exn-ce4a-tkbs" }, { "vulnerability": "VCID-ebnj-xar7-fban" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible-runner@2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/28788?format=api", "purl": "pkg:pypi/ansible-runner@2.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-156y-36mu-hbbh" }, { "vulnerability": "VCID-2exn-ce4a-tkbs" }, { "vulnerability": "VCID-ebnj-xar7-fban" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible-runner@2.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/28789?format=api", "purl": "pkg:pypi/ansible-runner@2.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-156y-36mu-hbbh" }, { "vulnerability": "VCID-2exn-ce4a-tkbs" }, { "vulnerability": "VCID-ebnj-xar7-fban" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible-runner@2.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/28790?format=api", "purl": "pkg:pypi/ansible-runner@2.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-156y-36mu-hbbh" }, { "vulnerability": "VCID-2exn-ce4a-tkbs" }, { "vulnerability": "VCID-ebnj-xar7-fban" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible-runner@2.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/28791?format=api", "purl": "pkg:pypi/ansible-runner@2.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-156y-36mu-hbbh" }, { "vulnerability": "VCID-2exn-ce4a-tkbs" }, { "vulnerability": "VCID-ebnj-xar7-fban" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible-runner@2.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/28792?format=api", "purl": "pkg:pypi/ansible-runner@2.1.0.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-156y-36mu-hbbh" }, { "vulnerability": "VCID-2exn-ce4a-tkbs" }, { "vulnerability": "VCID-ebnj-xar7-fban" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible-runner@2.1.0.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/28793?format=api", "purl": "pkg:pypi/ansible-runner@2.1.0.0a2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-156y-36mu-hbbh" }, { "vulnerability": "VCID-2exn-ce4a-tkbs" }, { "vulnerability": "VCID-ebnj-xar7-fban" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible-runner@2.1.0.0a2" }, { "url": "http://public2.vulnerablecode.io/api/packages/28794?format=api", "purl": "pkg:pypi/ansible-runner@2.1.0.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-156y-36mu-hbbh" }, { "vulnerability": "VCID-2exn-ce4a-tkbs" }, { "vulnerability": "VCID-ebnj-xar7-fban" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible-runner@2.1.0.0b1" } ], "references": [ { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-3701", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/security/cve/CVE-2021-3701" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977959", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977959" }, { "reference_url": "https://github.com/ansible/ansible-runner/issues/738", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://github.com/ansible/ansible-runner/issues/738" }, { "reference_url": "https://github.com/ansible/ansible-runner/pull/742/commits", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://github.com/ansible/ansible-runner/pull/742/commits" } ], "weaknesses": [], "exploits": [], "severity_range_score": "6.6 - 6.6", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ebnj-xar7-fban" }