Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/36883?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36883?format=api", "vulnerability_id": "VCID-s699-9pwv-k3ek", "summary": "OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's open_local_file method allows an authenticated user with adequate permissions to download any .txt via the ScreensController#show on the web server COSMOS is running on (depending on the file permissions). This vulnerability is fixed in 5.19.0.", "aliases": [ { "alias": "CVE-2024-46977" }, { "alias": "GHSA-8jxr-mccc-mwg8" }, { "alias": "PYSEC-2024-101" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43559?format=api", "purl": "pkg:pypi/openc3@5.19.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b83-e5m9-efhj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.19.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43537?format=api", "purl": "pkg:pypi/openc3@0.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b83-e5m9-efhj" }, { "vulnerability": "VCID-m4c7-smwp-dkdq" }, { "vulnerability": "VCID-s699-9pwv-k3ek" }, { "vulnerability": "VCID-yesy-u1x3-mugs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@0.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/43538?format=api", "purl": "pkg:pypi/openc3@5.9.2b0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b83-e5m9-efhj" }, { "vulnerability": "VCID-m4c7-smwp-dkdq" }, { "vulnerability": "VCID-s699-9pwv-k3ek" }, { "vulnerability": "VCID-yesy-u1x3-mugs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.9.2b0" }, { "url": "http://public2.vulnerablecode.io/api/packages/43539?format=api", "purl": "pkg:pypi/openc3@5.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b83-e5m9-efhj" }, { "vulnerability": "VCID-m4c7-smwp-dkdq" }, { "vulnerability": "VCID-s699-9pwv-k3ek" }, { "vulnerability": "VCID-yesy-u1x3-mugs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.10.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/43540?format=api", "purl": "pkg:pypi/openc3@5.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b83-e5m9-efhj" }, { "vulnerability": "VCID-m4c7-smwp-dkdq" }, { "vulnerability": "VCID-s699-9pwv-k3ek" }, { "vulnerability": "VCID-yesy-u1x3-mugs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.10.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/43541?format=api", "purl": "pkg:pypi/openc3@5.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b83-e5m9-efhj" }, { "vulnerability": "VCID-m4c7-smwp-dkdq" }, { "vulnerability": "VCID-s699-9pwv-k3ek" }, { "vulnerability": "VCID-yesy-u1x3-mugs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.11.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/43542?format=api", "purl": "pkg:pypi/openc3@5.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b83-e5m9-efhj" }, { "vulnerability": "VCID-m4c7-smwp-dkdq" }, { "vulnerability": "VCID-s699-9pwv-k3ek" }, { "vulnerability": "VCID-yesy-u1x3-mugs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/43543?format=api", "purl": "pkg:pypi/openc3@5.11.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b83-e5m9-efhj" }, { "vulnerability": "VCID-m4c7-smwp-dkdq" }, { "vulnerability": "VCID-s699-9pwv-k3ek" }, { "vulnerability": "VCID-yesy-u1x3-mugs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.11.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/43544?format=api", "purl": "pkg:pypi/openc3@5.11.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b83-e5m9-efhj" }, { "vulnerability": "VCID-m4c7-smwp-dkdq" }, { "vulnerability": "VCID-s699-9pwv-k3ek" }, { "vulnerability": "VCID-yesy-u1x3-mugs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.11.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/43545?format=api", "purl": "pkg:pypi/openc3@5.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b83-e5m9-efhj" }, { "vulnerability": "VCID-m4c7-smwp-dkdq" }, { "vulnerability": "VCID-s699-9pwv-k3ek" }, { "vulnerability": "VCID-yesy-u1x3-mugs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.12.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/43546?format=api", "purl": "pkg:pypi/openc3@5.13.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b83-e5m9-efhj" }, { "vulnerability": "VCID-m4c7-smwp-dkdq" }, { "vulnerability": "VCID-s699-9pwv-k3ek" }, { "vulnerability": "VCID-yesy-u1x3-mugs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.13.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/43547?format=api", "purl": "pkg:pypi/openc3@5.14.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b83-e5m9-efhj" }, { "vulnerability": "VCID-m4c7-smwp-dkdq" }, { "vulnerability": "VCID-s699-9pwv-k3ek" }, { "vulnerability": "VCID-yesy-u1x3-mugs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.14.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/43548?format=api", "purl": "pkg:pypi/openc3@5.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b83-e5m9-efhj" }, { "vulnerability": "VCID-m4c7-smwp-dkdq" }, { "vulnerability": "VCID-s699-9pwv-k3ek" }, { "vulnerability": "VCID-yesy-u1x3-mugs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.14.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/43549?format=api", "purl": "pkg:pypi/openc3@5.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b83-e5m9-efhj" }, { "vulnerability": "VCID-m4c7-smwp-dkdq" }, { "vulnerability": "VCID-s699-9pwv-k3ek" }, { "vulnerability": "VCID-yesy-u1x3-mugs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.14.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/43550?format=api", "purl": "pkg:pypi/openc3@5.15.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b83-e5m9-efhj" }, { "vulnerability": "VCID-m4c7-smwp-dkdq" }, { "vulnerability": "VCID-s699-9pwv-k3ek" }, { "vulnerability": "VCID-yesy-u1x3-mugs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.15.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/43551?format=api", "purl": "pkg:pypi/openc3@5.15.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b83-e5m9-efhj" }, { "vulnerability": "VCID-m4c7-smwp-dkdq" }, { "vulnerability": "VCID-s699-9pwv-k3ek" }, { "vulnerability": "VCID-yesy-u1x3-mugs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.15.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/43552?format=api", "purl": "pkg:pypi/openc3@5.15.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b83-e5m9-efhj" }, { "vulnerability": "VCID-m4c7-smwp-dkdq" }, { "vulnerability": "VCID-s699-9pwv-k3ek" }, { "vulnerability": "VCID-yesy-u1x3-mugs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.15.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/43553?format=api", "purl": "pkg:pypi/openc3@5.16.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b83-e5m9-efhj" }, { "vulnerability": "VCID-m4c7-smwp-dkdq" }, { "vulnerability": "VCID-s699-9pwv-k3ek" }, { "vulnerability": "VCID-yesy-u1x3-mugs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.16.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/43554?format=api", "purl": "pkg:pypi/openc3@5.16.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b83-e5m9-efhj" }, { "vulnerability": "VCID-m4c7-smwp-dkdq" }, { "vulnerability": "VCID-s699-9pwv-k3ek" }, { "vulnerability": "VCID-yesy-u1x3-mugs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.16.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/43555?format=api", "purl": "pkg:pypi/openc3@5.16.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b83-e5m9-efhj" }, { "vulnerability": "VCID-m4c7-smwp-dkdq" }, { "vulnerability": "VCID-s699-9pwv-k3ek" }, { "vulnerability": "VCID-yesy-u1x3-mugs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.16.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/43556?format=api", "purl": "pkg:pypi/openc3@5.17.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b83-e5m9-efhj" }, { "vulnerability": "VCID-m4c7-smwp-dkdq" }, { "vulnerability": "VCID-s699-9pwv-k3ek" }, { "vulnerability": "VCID-yesy-u1x3-mugs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.17.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/43557?format=api", "purl": "pkg:pypi/openc3@5.17.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b83-e5m9-efhj" }, { "vulnerability": "VCID-m4c7-smwp-dkdq" }, { "vulnerability": "VCID-s699-9pwv-k3ek" }, { "vulnerability": "VCID-yesy-u1x3-mugs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.17.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/43558?format=api", "purl": "pkg:pypi/openc3@5.18.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b83-e5m9-efhj" }, { "vulnerability": "VCID-m4c7-smwp-dkdq" }, { "vulnerability": "VCID-s699-9pwv-k3ek" }, { "vulnerability": "VCID-yesy-u1x3-mugs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.18.0" } ], "references": [ { "reference_url": "https://github.com/OpenC3/cosmos/commit/a34e61aea5a465f0ab3e57d833ae7ff4cafd710b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://github.com/OpenC3/cosmos/commit/a34e61aea5a465f0ab3e57d833ae7ff4cafd710b" }, { "reference_url": "https://github.com/OpenC3/cosmos/security/advisories/GHSA-8jxr-mccc-mwg8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://github.com/OpenC3/cosmos/security/advisories/GHSA-8jxr-mccc-mwg8" } ], "weaknesses": [], "exploits": [], "severity_range_score": "6.5 - 6.5", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s699-9pwv-k3ek" }