Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/43969?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43969?format=api", "vulnerability_id": "VCID-j7c7-5cjw-wqf9", "summary": "Session Fixation\nA vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a \"SAML2 multi-session vulnerability.\"", "aliases": [ { "alias": "CVE-2016-8638" }, { "alias": "GHSA-376m-3rm2-9jm6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63201?format=api", "purl": "pkg:pypi/ipsilon@1.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@1.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/63202?format=api", "purl": "pkg:pypi/ipsilon@1.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@1.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/63199?format=api", "purl": "pkg:pypi/ipsilon@1.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@1.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/63200?format=api", "purl": "pkg:pypi/ipsilon@2.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@2.0.2" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63195?format=api", "purl": "pkg:pypi/ipsilon@1.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-j7c7-5cjw-wqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@1.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/63196?format=api", "purl": "pkg:pypi/ipsilon@1.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-j7c7-5cjw-wqf9" }, { "vulnerability": "VCID-uw3a-jsez-xffk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@1.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/63197?format=api", "purl": "pkg:pypi/ipsilon@1.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-j7c7-5cjw-wqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@1.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/63198?format=api", "purl": "pkg:pypi/ipsilon@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-j7c7-5cjw-wqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@2.0.0" } ], "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2809.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-2809.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2809" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1392829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1392829" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638" }, { "reference_url": "https://ipsilon-project.org/release/2.1.0.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://ipsilon-project.org/release/2.1.0.html" }, { "reference_url": "https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c" }, { "reference_url": "http://www.securityfocus.com/bid/94439", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94439" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2016-8638", "reference_id": "CVE-2016-8638", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2016-8638" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8638", "reference_id": "CVE-2016-8638", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8638" }, { "reference_url": "https://ipsilon-project.org/advisory/CVE-2016-8638.txt", "reference_id": "CVE-2016-8638.TXT", "reference_type": "", "scores": [], "url": "https://ipsilon-project.org/advisory/CVE-2016-8638.txt" }, { "reference_url": "https://github.com/advisories/GHSA-376m-3rm2-9jm6", "reference_id": "GHSA-376m-3rm2-9jm6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-376m-3rm2-9jm6" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 384, "name": "Session Fixation", "description": "Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j7c7-5cjw-wqf9" }