Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/36471?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36471?format=api", "vulnerability_id": "VCID-4vpr-rcq6-2ubz", "summary": "Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). The use of Python's marshal module to handle unchecked input in a public method on `PortalFolder` objects can lead to an unauthenticated denial of service and crash situation. The code in question is exposed by all portal software built on top of `Products.CMFCore`, such as Plone. All deployments are vulnerable. The code has been fixed in `Products.CMFCore` version 3.2.", "aliases": [ { "alias": "CVE-2023-36814" }, { "alias": "GHSA-4hpj-8rhv-9x87" }, { "alias": "PYSEC-2023-113" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34342?format=api", "purl": "pkg:pypi/products-cmfcore@3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/65880?format=api", "purl": "pkg:pypi/products.cmfcore@2.7.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/65879?format=api", "purl": "pkg:pypi/products.cmfcore@3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@3.2" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34292?format=api", "purl": "pkg:pypi/products-cmfcore@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/34293?format=api", "purl": "pkg:pypi/products-cmfcore@2.1.2b0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.1.2b0" }, { "url": "http://public2.vulnerablecode.io/api/packages/34294?format=api", "purl": "pkg:pypi/products-cmfcore@2.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/34295?format=api", "purl": "pkg:pypi/products-cmfcore@2.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/34296?format=api", "purl": "pkg:pypi/products-cmfcore@2.2.0a0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.2.0a0" }, { "url": "http://public2.vulnerablecode.io/api/packages/34297?format=api", "purl": "pkg:pypi/products-cmfcore@2.2.0b0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.2.0b0" }, { "url": "http://public2.vulnerablecode.io/api/packages/34298?format=api", "purl": "pkg:pypi/products-cmfcore@2.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/34299?format=api", "purl": "pkg:pypi/products-cmfcore@2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/34300?format=api", "purl": "pkg:pypi/products-cmfcore@2.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/34301?format=api", "purl": "pkg:pypi/products-cmfcore@2.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/34302?format=api", "purl": "pkg:pypi/products-cmfcore@2.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/34303?format=api", "purl": "pkg:pypi/products-cmfcore@2.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/34304?format=api", "purl": "pkg:pypi/products-cmfcore@2.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/34305?format=api", "purl": "pkg:pypi/products-cmfcore@2.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.2.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/34306?format=api", "purl": "pkg:pypi/products-cmfcore@2.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/34307?format=api", "purl": "pkg:pypi/products-cmfcore@2.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/34308?format=api", "purl": "pkg:pypi/products-cmfcore@2.2.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.2.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/34309?format=api", "purl": "pkg:pypi/products-cmfcore@2.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/34310?format=api", "purl": "pkg:pypi/products-cmfcore@2.2.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.2.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/34311?format=api", "purl": "pkg:pypi/products-cmfcore@2.2.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.2.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/34312?format=api", "purl": "pkg:pypi/products-cmfcore@2.3.0b0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.3.0b0" }, { "url": "http://public2.vulnerablecode.io/api/packages/34313?format=api", "purl": "pkg:pypi/products-cmfcore@2.3.0b2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.3.0b2" }, { "url": "http://public2.vulnerablecode.io/api/packages/34314?format=api", "purl": "pkg:pypi/products-cmfcore@2.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/34315?format=api", "purl": "pkg:pypi/products-cmfcore@2.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/34316?format=api", "purl": "pkg:pypi/products-cmfcore@2.4.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.4.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/34317?format=api", "purl": "pkg:pypi/products-cmfcore@2.4.0b2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.4.0b2" }, { "url": "http://public2.vulnerablecode.io/api/packages/34318?format=api", "purl": "pkg:pypi/products-cmfcore@2.4.0b3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.4.0b3" }, { "url": "http://public2.vulnerablecode.io/api/packages/34319?format=api", "purl": "pkg:pypi/products-cmfcore@2.4.0b4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.4.0b4" }, { "url": "http://public2.vulnerablecode.io/api/packages/34320?format=api", "purl": "pkg:pypi/products-cmfcore@2.4.0b5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.4.0b5" }, { "url": "http://public2.vulnerablecode.io/api/packages/34321?format=api", "purl": "pkg:pypi/products-cmfcore@2.4.0b6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.4.0b6" }, { "url": "http://public2.vulnerablecode.io/api/packages/34322?format=api", "purl": "pkg:pypi/products-cmfcore@2.4.0b7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.4.0b7" }, { "url": "http://public2.vulnerablecode.io/api/packages/34323?format=api", "purl": "pkg:pypi/products-cmfcore@2.4.0b8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.4.0b8" }, { "url": "http://public2.vulnerablecode.io/api/packages/34324?format=api", "purl": "pkg:pypi/products-cmfcore@2.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/34325?format=api", "purl": "pkg:pypi/products-cmfcore@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/34326?format=api", "purl": "pkg:pypi/products-cmfcore@2.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/34327?format=api", "purl": "pkg:pypi/products-cmfcore@2.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/34328?format=api", "purl": "pkg:pypi/products-cmfcore@2.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/34329?format=api", "purl": "pkg:pypi/products-cmfcore@2.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.4.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:pypi/products-cmfcore@2.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/34331?format=api", "purl": "pkg:pypi/products-cmfcore@2.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/34332?format=api", "purl": "pkg:pypi/products-cmfcore@2.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/34333?format=api", "purl": "pkg:pypi/products-cmfcore@2.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/34334?format=api", "purl": "pkg:pypi/products-cmfcore@2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/34335?format=api", "purl": "pkg:pypi/products-cmfcore@2.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.5.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/34336?format=api", "purl": "pkg:pypi/products-cmfcore@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/34337?format=api", "purl": "pkg:pypi/products-cmfcore@2.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.5.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/34338?format=api", "purl": "pkg:pypi/products-cmfcore@2.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/34339?format=api", "purl": "pkg:pypi/products-cmfcore@2.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/472842?format=api", "purl": "pkg:pypi/products-cmfcore@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@2.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/34340?format=api", "purl": "pkg:pypi/products-cmfcore@3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/34341?format=api", "purl": "pkg:pypi/products-cmfcore@3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products-cmfcore@3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/213111?format=api", "purl": "pkg:pypi/products.cmfcore@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/213112?format=api", "purl": "pkg:pypi/products.cmfcore@2.1.2-beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.1.2-beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/213113?format=api", "purl": "pkg:pypi/products.cmfcore@2.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/213114?format=api", "purl": "pkg:pypi/products.cmfcore@2.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/213115?format=api", "purl": "pkg:pypi/products.cmfcore@2.2.0-alpha", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.2.0-alpha" }, { "url": "http://public2.vulnerablecode.io/api/packages/213116?format=api", "purl": "pkg:pypi/products.cmfcore@2.2.0-beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.2.0-beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/213117?format=api", "purl": "pkg:pypi/products.cmfcore@2.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/213118?format=api", "purl": "pkg:pypi/products.cmfcore@2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/213119?format=api", "purl": "pkg:pypi/products.cmfcore@2.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/213120?format=api", "purl": "pkg:pypi/products.cmfcore@2.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/213121?format=api", "purl": "pkg:pypi/products.cmfcore@2.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/213122?format=api", "purl": "pkg:pypi/products.cmfcore@2.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/213123?format=api", "purl": "pkg:pypi/products.cmfcore@2.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/213124?format=api", "purl": "pkg:pypi/products.cmfcore@2.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.2.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/213125?format=api", "purl": "pkg:pypi/products.cmfcore@2.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/213126?format=api", "purl": "pkg:pypi/products.cmfcore@2.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/213127?format=api", "purl": "pkg:pypi/products.cmfcore@2.2.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.2.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/213128?format=api", "purl": "pkg:pypi/products.cmfcore@2.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/213129?format=api", "purl": "pkg:pypi/products.cmfcore@2.2.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.2.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/304913?format=api", "purl": "pkg:pypi/products.cmfcore@2.2.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.2.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/213130?format=api", "purl": "pkg:pypi/products.cmfcore@2.3.0-beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.3.0-beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/213131?format=api", "purl": "pkg:pypi/products.cmfcore@2.3.0-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.3.0-beta2" }, { "url": "http://public2.vulnerablecode.io/api/packages/213132?format=api", "purl": "pkg:pypi/products.cmfcore@2.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/54173?format=api", "purl": "pkg:pypi/products.cmfcore@2.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/304914?format=api", "purl": "pkg:pypi/products.cmfcore@2.4.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.4.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/304915?format=api", "purl": "pkg:pypi/products.cmfcore@2.4.0b2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.4.0b2" }, { "url": "http://public2.vulnerablecode.io/api/packages/304916?format=api", "purl": "pkg:pypi/products.cmfcore@2.4.0b3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.4.0b3" }, { "url": "http://public2.vulnerablecode.io/api/packages/304917?format=api", "purl": "pkg:pypi/products.cmfcore@2.4.0b4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.4.0b4" }, { "url": "http://public2.vulnerablecode.io/api/packages/304918?format=api", "purl": "pkg:pypi/products.cmfcore@2.4.0b5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.4.0b5" }, { "url": "http://public2.vulnerablecode.io/api/packages/304919?format=api", "purl": "pkg:pypi/products.cmfcore@2.4.0b6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.4.0b6" }, { "url": "http://public2.vulnerablecode.io/api/packages/304920?format=api", "purl": "pkg:pypi/products.cmfcore@2.4.0b7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.4.0b7" }, { "url": "http://public2.vulnerablecode.io/api/packages/304921?format=api", "purl": "pkg:pypi/products.cmfcore@2.4.0b8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.4.0b8" }, { "url": "http://public2.vulnerablecode.io/api/packages/304922?format=api", "purl": "pkg:pypi/products.cmfcore@2.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/304923?format=api", "purl": "pkg:pypi/products.cmfcore@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/304924?format=api", "purl": "pkg:pypi/products.cmfcore@2.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/304925?format=api", "purl": "pkg:pypi/products.cmfcore@2.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/304926?format=api", "purl": "pkg:pypi/products.cmfcore@2.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/304927?format=api", "purl": "pkg:pypi/products.cmfcore@2.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.4.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/304928?format=api", "purl": "pkg:pypi/products.cmfcore@2.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/304929?format=api", "purl": "pkg:pypi/products.cmfcore@2.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/304930?format=api", "purl": "pkg:pypi/products.cmfcore@2.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/304931?format=api", "purl": "pkg:pypi/products.cmfcore@2.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/81057?format=api", "purl": "pkg:pypi/products.cmfcore@2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/660747?format=api", "purl": "pkg:pypi/products.cmfcore@2.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.5.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/660748?format=api", "purl": "pkg:pypi/products.cmfcore@2.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/660749?format=api", "purl": "pkg:pypi/products.cmfcore@2.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.5.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/660750?format=api", "purl": "pkg:pypi/products.cmfcore@2.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/660751?format=api", "purl": "pkg:pypi/products.cmfcore@2.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@2.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/65878?format=api", "purl": "pkg:pypi/products.cmfcore@3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/660752?format=api", "purl": "pkg:pypi/products.cmfcore@3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4vpr-rcq6-2ubz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfcore@3.1" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36814", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52773", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52799", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52815", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52809", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36814" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/products-cmfcore/PYSEC-2023-113.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/products-cmfcore/PYSEC-2023-113.yaml" }, { "reference_url": "https://github.com/zopefoundation/Products.CMFCore", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/zopefoundation/Products.CMFCore" }, { "reference_url": "https://github.com/zopefoundation/Products.CMFCore/commit/40f03f43a60f28ca9485c8ef429efef729be54e5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-22T16:42:37Z/" } ], "url": "https://github.com/zopefoundation/Products.CMFCore/commit/40f03f43a60f28ca9485c8ef429efef729be54e5" }, { "reference_url": "https://github.com/zopefoundation/Products.CMFCore/commit/c1847a9042abe7965271fa73762dfe091b576de", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/zopefoundation/Products.CMFCore/commit/c1847a9042abe7965271fa73762dfe091b576de" }, { "reference_url": "https://github.com/zopefoundation/Products.CMFCore/security/advisories/GHSA-4hpj-8rhv-9x87", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-22T16:42:37Z/" } ], "url": "https://github.com/zopefoundation/Products.CMFCore/security/advisories/GHSA-4hpj-8rhv-9x87" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36814", "reference_id": "CVE-2023-36814", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36814" }, { "reference_url": "https://github.com/advisories/GHSA-4hpj-8rhv-9x87", "reference_id": "GHSA-4hpj-8rhv-9x87", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4hpj-8rhv-9x87" } ], "weaknesses": [ { "cwe_id": 770, "name": "Allocation of Resources Without Limits or Throttling", "description": "The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4vpr-rcq6-2ubz" }