Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/36536?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36536?format=api", "vulnerability_id": "VCID-mjxu-t247-c7ey", "summary": "borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. A flaw in the cryptographic authentication scheme in borgbackup allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires an attacker to be able to: 1. insert files (with no additional headers) into backups and 2. gain write access to the repository. This vulnerability does not disclose plaintext to the attacker, nor does it affect the authenticity of existing archives. Creating plausible fake archives may be feasible for empty or small archives, but is unlikely for large archives. The issue has been fixed in borgbackup 1.2.5. Users are advised to upgrade. Additionally to installing the fixed code, users must follow the upgrade procedure as documented in the change log. Data loss after being attacked can be avoided by reviewing the archives (timestamp and contents valid and as expected) after any \"borg check --repair\" and before \"borg prune\". There are no known workarounds for this vulnerability.", "aliases": [ { "alias": "CVE-2023-36811" }, { "alias": "GHSA-8fjr-hghr-4m99" }, { "alias": "PYSEC-2023-164" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35509?format=api", "purl": "pkg:pypi/borgbackup@1.2.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.5" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35441?format=api", "purl": "pkg:pypi/borgbackup@0.23.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@0.23.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/35442?format=api", "purl": "pkg:pypi/borgbackup@0.24.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@0.24.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/35443?format=api", "purl": "pkg:pypi/borgbackup@0.25.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@0.25.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/35444?format=api", "purl": "pkg:pypi/borgbackup@0.26.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@0.26.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/35445?format=api", "purl": "pkg:pypi/borgbackup@0.26.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@0.26.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35446?format=api", "purl": "pkg:pypi/borgbackup@0.27.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@0.27.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/35447?format=api", "purl": "pkg:pypi/borgbackup@0.28.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@0.28.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/35448?format=api", "purl": "pkg:pypi/borgbackup@0.28.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@0.28.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35449?format=api", "purl": "pkg:pypi/borgbackup@0.28.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@0.28.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35450?format=api", "purl": "pkg:pypi/borgbackup@0.29.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@0.29.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/35451?format=api", "purl": "pkg:pypi/borgbackup@0.30.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@0.30.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/35452?format=api", "purl": "pkg:pypi/borgbackup@0.30.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@0.30.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35453?format=api", "purl": "pkg:pypi/borgbackup@1.0.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35454?format=api", "purl": "pkg:pypi/borgbackup@1.0.0rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.0rc2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35455?format=api", "purl": "pkg:pypi/borgbackup@1.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/35456?format=api", "purl": "pkg:pypi/borgbackup@1.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35457?format=api", "purl": "pkg:pypi/borgbackup@1.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35458?format=api", "purl": "pkg:pypi/borgbackup@1.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/35459?format=api", "purl": "pkg:pypi/borgbackup@1.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/35460?format=api", "purl": "pkg:pypi/borgbackup@1.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/35461?format=api", "purl": "pkg:pypi/borgbackup@1.0.6rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.6rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35462?format=api", "purl": "pkg:pypi/borgbackup@1.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/35463?format=api", "purl": "pkg:pypi/borgbackup@1.0.7rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.7rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35464?format=api", "purl": "pkg:pypi/borgbackup@1.0.7rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.7rc2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35465?format=api", "purl": "pkg:pypi/borgbackup@1.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/35466?format=api", "purl": "pkg:pypi/borgbackup@1.0.8rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.8rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35467?format=api", "purl": "pkg:pypi/borgbackup@1.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/35468?format=api", "purl": "pkg:pypi/borgbackup@1.0.9rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.9rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35469?format=api", "purl": "pkg:pypi/borgbackup@1.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/35470?format=api", "purl": "pkg:pypi/borgbackup@1.0.10rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.10rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35471?format=api", "purl": "pkg:pypi/borgbackup@1.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/35472?format=api", "purl": "pkg:pypi/borgbackup@1.0.11rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.11rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35473?format=api", "purl": "pkg:pypi/borgbackup@1.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/35474?format=api", "purl": "pkg:pypi/borgbackup@1.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/35475?format=api", "purl": "pkg:pypi/borgbackup@1.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/10654?format=api", "purl": "pkg:pypi/borgbackup@1.1.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" }, { "vulnerability": "VCID-qdvb-wvcj-6uem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/10655?format=api", "purl": "pkg:pypi/borgbackup@1.1.0b2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" }, { "vulnerability": "VCID-qdvb-wvcj-6uem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.0b2" }, { "url": "http://public2.vulnerablecode.io/api/packages/10656?format=api", "purl": "pkg:pypi/borgbackup@1.1.0b3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" }, { "vulnerability": "VCID-qdvb-wvcj-6uem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.0b3" }, { "url": "http://public2.vulnerablecode.io/api/packages/10657?format=api", "purl": "pkg:pypi/borgbackup@1.1.0b4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" }, { "vulnerability": "VCID-qdvb-wvcj-6uem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.0b4" }, { "url": "http://public2.vulnerablecode.io/api/packages/10658?format=api", "purl": "pkg:pypi/borgbackup@1.1.0b5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" }, { "vulnerability": "VCID-qdvb-wvcj-6uem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.0b5" }, { "url": "http://public2.vulnerablecode.io/api/packages/10659?format=api", "purl": "pkg:pypi/borgbackup@1.1.0b6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" }, { "vulnerability": "VCID-qdvb-wvcj-6uem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.0b6" }, { "url": "http://public2.vulnerablecode.io/api/packages/10660?format=api", "purl": "pkg:pypi/borgbackup@1.1.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" }, { "vulnerability": "VCID-qdvb-wvcj-6uem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/10661?format=api", "purl": "pkg:pypi/borgbackup@1.1.0rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" }, { "vulnerability": "VCID-qdvb-wvcj-6uem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.0rc2" }, { "url": "http://public2.vulnerablecode.io/api/packages/10662?format=api", "purl": "pkg:pypi/borgbackup@1.1.0rc3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" }, { "vulnerability": "VCID-qdvb-wvcj-6uem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.0rc3" }, { "url": "http://public2.vulnerablecode.io/api/packages/10663?format=api", "purl": "pkg:pypi/borgbackup@1.1.0rc4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" }, { "vulnerability": "VCID-qdvb-wvcj-6uem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.0rc4" }, { "url": "http://public2.vulnerablecode.io/api/packages/10664?format=api", "purl": "pkg:pypi/borgbackup@1.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" }, { "vulnerability": "VCID-qdvb-wvcj-6uem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/10665?format=api", "purl": "pkg:pypi/borgbackup@1.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" }, { "vulnerability": "VCID-qdvb-wvcj-6uem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/10666?format=api", "purl": "pkg:pypi/borgbackup@1.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" }, { "vulnerability": "VCID-qdvb-wvcj-6uem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/10667?format=api", "purl": "pkg:pypi/borgbackup@1.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/35476?format=api", "purl": "pkg:pypi/borgbackup@1.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/35477?format=api", "purl": "pkg:pypi/borgbackup@1.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/35478?format=api", "purl": "pkg:pypi/borgbackup@1.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/35479?format=api", "purl": "pkg:pypi/borgbackup@1.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/35480?format=api", "purl": "pkg:pypi/borgbackup@1.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/35481?format=api", "purl": "pkg:pypi/borgbackup@1.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/35482?format=api", "purl": "pkg:pypi/borgbackup@1.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/35483?format=api", "purl": "pkg:pypi/borgbackup@1.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/35484?format=api", "purl": "pkg:pypi/borgbackup@1.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/35485?format=api", "purl": "pkg:pypi/borgbackup@1.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/35486?format=api", "purl": "pkg:pypi/borgbackup@1.1.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/35487?format=api", "purl": "pkg:pypi/borgbackup@1.1.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/35488?format=api", "purl": "pkg:pypi/borgbackup@1.1.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/35489?format=api", "purl": "pkg:pypi/borgbackup@1.1.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/35490?format=api", "purl": "pkg:pypi/borgbackup@1.1.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/35491?format=api", "purl": "pkg:pypi/borgbackup@1.2.0a2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0a2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35492?format=api", "purl": "pkg:pypi/borgbackup@1.2.0a3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0a3" }, { "url": "http://public2.vulnerablecode.io/api/packages/35493?format=api", "purl": "pkg:pypi/borgbackup@1.2.0a4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0a4" }, { "url": "http://public2.vulnerablecode.io/api/packages/35494?format=api", "purl": "pkg:pypi/borgbackup@1.2.0a5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0a5" }, { "url": "http://public2.vulnerablecode.io/api/packages/35495?format=api", "purl": "pkg:pypi/borgbackup@1.2.0a6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0a6" }, { "url": "http://public2.vulnerablecode.io/api/packages/35496?format=api", "purl": "pkg:pypi/borgbackup@1.2.0a7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0a7" }, { "url": "http://public2.vulnerablecode.io/api/packages/35497?format=api", "purl": "pkg:pypi/borgbackup@1.2.0a8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0a8" }, { "url": "http://public2.vulnerablecode.io/api/packages/35498?format=api", "purl": "pkg:pypi/borgbackup@1.2.0a9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0a9" }, { "url": "http://public2.vulnerablecode.io/api/packages/35499?format=api", "purl": "pkg:pypi/borgbackup@1.2.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35500?format=api", "purl": "pkg:pypi/borgbackup@1.2.0b2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0b2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35501?format=api", "purl": "pkg:pypi/borgbackup@1.2.0b3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0b3" }, { "url": "http://public2.vulnerablecode.io/api/packages/35502?format=api", "purl": "pkg:pypi/borgbackup@1.2.0b4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0b4" }, { "url": "http://public2.vulnerablecode.io/api/packages/35503?format=api", "purl": "pkg:pypi/borgbackup@1.2.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35504?format=api", "purl": "pkg:pypi/borgbackup@1.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/35505?format=api", "purl": "pkg:pypi/borgbackup@1.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35506?format=api", "purl": "pkg:pypi/borgbackup@1.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35507?format=api", "purl": "pkg:pypi/borgbackup@1.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/35508?format=api", "purl": "pkg:pypi/borgbackup@1.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mjxu-t247-c7ey" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.4" } ], "references": [ { "reference_url": "https://github.com/borgbackup/borg", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/borgbackup/borg" }, { "reference_url": "https://github.com/borgbackup/borg/blob/1.2.5-cvedocs/docs/changes.rst#pre-125-archives-spoofing-vulnerability-cve-2023-36811", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://github.com/borgbackup/borg/blob/1.2.5-cvedocs/docs/changes.rst#pre-125-archives-spoofing-vulnerability-cve-2023-36811" }, { "reference_url": "https://github.com/borgbackup/borg/blob/1.2.6/docs/changes.rst#pre-125-archives-spoofing-vulnerability-cve-2023-36811", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/borgbackup/borg/blob/1.2.6/docs/changes.rst#pre-125-archives-spoofing-vulnerability-cve-2023-36811" }, { "reference_url": "https://github.com/borgbackup/borg/commit/3eb070191da10c2d3f7bc6484cf3d51c3045f884", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://github.com/borgbackup/borg/commit/3eb070191da10c2d3f7bc6484cf3d51c3045f884" }, { "reference_url": "https://github.com/borgbackup/borg/security/advisories/GHSA-8fjr-hghr-4m99", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://github.com/borgbackup/borg/security/advisories/GHSA-8fjr-hghr-4m99" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/borgbackup/PYSEC-2023-164.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/borgbackup/PYSEC-2023-164.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5Q3OHXERTU547SEQ3YREZXHOCYNLVD63", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5Q3OHXERTU547SEQ3YREZXHOCYNLVD63" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOZDFIYEBIOKSIEAXUJJJFUJTAJ7TF3C", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOZDFIYEBIOKSIEAXUJJJFUJTAJ7TF3C" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUCQSMAWOJBCRGF6XPKEZ2TPGAPNKIWV", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUCQSMAWOJBCRGF6XPKEZ2TPGAPNKIWV" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36811", "reference_id": "CVE-2023-36811", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36811" }, { "reference_url": "https://github.com/advisories/GHSA-8fjr-hghr-4m99", "reference_id": "GHSA-8fjr-hghr-4m99", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8fjr-hghr-4m99" } ], "weaknesses": [ { "cwe_id": 347, "name": "Improper Verification of Cryptographic Signature", "description": "The product does not verify, or incorrectly verifies, the cryptographic signature for data." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "4.7 - 4.7", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mjxu-t247-c7ey" }