Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/43110?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43110?format=api", "vulnerability_id": "VCID-j96m-4je1-yqdc", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nDirectory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via \"..\" (dot dot) sequences in a patch file.", "aliases": [ { "alias": "CVE-2008-2942" }, { "alias": "GHSA-v2gw-x5jf-pgwv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8818?format=api", "purl": "pkg:pypi/mercurial@1.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16q8-up17-hkd7" }, { "vulnerability": "VCID-1w83-uq69-skeb" }, { "vulnerability": "VCID-2996-7bgv-eqdv" }, { "vulnerability": "VCID-6an9-ych8-zqcy" }, { "vulnerability": "VCID-71pc-96mg-ufbt" }, { "vulnerability": "VCID-b7rg-cd13-aygs" }, { "vulnerability": "VCID-dybb-af3z-zbce" }, { "vulnerability": "VCID-ex2f-cn1w-y7h5" }, { "vulnerability": "VCID-h8ah-p1pj-3bc3" }, { "vulnerability": "VCID-knzd-ju2a-hbe5" }, { "vulnerability": "VCID-n9rd-9dpp-t3cc" }, { "vulnerability": "VCID-q5zm-xfyx-u7bn" }, { "vulnerability": "VCID-tsye-4m91-6ba1" }, { "vulnerability": "VCID-utkv-unr7-c3dq" }, { "vulnerability": "VCID-zcq8-8axd-q3eg" }, { "vulnerability": "VCID-zs6r-e6qt-bfbu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@1.0.2" } ], "affected_packages": [], "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html" }, { "reference_url": "http://secunia.com/advisories/31108", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31108" }, { "reference_url": "http://secunia.com/advisories/31110", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31110" }, { "reference_url": "http://secunia.com/advisories/31167", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31167" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200807-09.xml", "reference_id": "", "reference_type": "", "scores": [], "url": "http://security.gentoo.org/glsa/glsa-200807-09.xml" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43551", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43551" }, { "reference_url": "https://issues.rpath.com/browse/RPL-2633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://issues.rpath.com/browse/RPL-2633" }, { "reference_url": "http://wiki.rpath.com/Advisories:rPSA-2008-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0211" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2008/06/30/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2008/06/30/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2008/07/01/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2008/07/01/1" }, { "reference_url": "http://www.securityfocus.com/archive/1/493881/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/493881/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/30072", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/30072" }, { "reference_url": "http://www.selenic.com/hg/rev/87c704ac92d4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.selenic.com/hg/rev/87c704ac92d4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2942", "reference_id": "CVE-2008-2942", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2942" }, { "reference_url": "https://github.com/advisories/GHSA-v2gw-x5jf-pgwv", "reference_id": "GHSA-v2gw-x5jf-pgwv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v2gw-x5jf-pgwv" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 22, "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "description": "The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j96m-4je1-yqdc" }