Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/44255?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44255?format=api", "vulnerability_id": "VCID-4jpp-1y1j-pub1", "summary": "Command Injection in Apache Airflow and Apache Airflow MySQL Provider\nImproper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.", "aliases": [ { "alias": "CVE-2023-22884" }, { "alias": "GHSA-c732-xvv8-g94c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31974?format=api", "purl": "pkg:pypi/apache-airflow@2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xr2-w3hk-auck" }, { "vulnerability": "VCID-3h3z-bfsc-jqax" }, { "vulnerability": "VCID-4ga6-4111-dyc9" }, { "vulnerability": "VCID-56eq-awhd-d3fr" }, { "vulnerability": "VCID-5cpd-kjpb-ekhv" }, { "vulnerability": "VCID-5zmy-2ape-7qfa" }, { "vulnerability": "VCID-6vg9-hu9u-q7c3" }, { "vulnerability": "VCID-71hr-1ews-9qa6" }, { "vulnerability": "VCID-835a-arqz-g7h7" }, { "vulnerability": "VCID-91n6-evww-zybp" }, { "vulnerability": "VCID-98yf-mvnw-d3b4" }, { "vulnerability": "VCID-a64u-53x6-dfge" }, { "vulnerability": "VCID-amac-hqnj-xfgz" }, { "vulnerability": "VCID-b3w3-h9cm-ufgm" }, { "vulnerability": "VCID-cahz-4dy7-bbe9" }, { "vulnerability": "VCID-csqr-pdvv-gfbh" }, { "vulnerability": "VCID-dh4r-77xc-cbas" }, { "vulnerability": "VCID-ez45-qkb4-xkba" }, { "vulnerability": "VCID-fbjk-2uvy-mqfc" }, { "vulnerability": "VCID-h6sp-398p-pbeg" }, { "vulnerability": "VCID-hah6-e5fc-juc5" }, { "vulnerability": "VCID-hy75-nfg7-zfae" }, { "vulnerability": "VCID-j86y-n37n-n7ft" }, { "vulnerability": "VCID-mcbu-b45m-k3ck" }, { "vulnerability": "VCID-njyy-ywer-x7bf" }, { "vulnerability": "VCID-pypb-cezm-rkb2" }, { "vulnerability": "VCID-q4rb-1yt3-rqdk" }, { "vulnerability": "VCID-qmpd-946c-gqbc" }, { "vulnerability": "VCID-ryct-uaw3-fyfc" }, { "vulnerability": "VCID-suwt-h1ze-mydu" }, { "vulnerability": "VCID-t3ap-dzfp-1bd6" }, { "vulnerability": "VCID-t476-g5u5-1yeh" }, { "vulnerability": "VCID-u5wv-47m4-8yd6" }, { "vulnerability": "VCID-x9ns-34nt-gfer" }, { "vulnerability": "VCID-xh7u-8ze6-cqhk" }, { "vulnerability": "VCID-ydhm-m8vh-mber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/63665?format=api", "purl": "pkg:pypi/apache-airflow-providers-mysql@4.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-mysql@4.0.0" } ], "affected_packages": [], "references": [ { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/pull/28811", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/28811" }, { "reference_url": "https://lists.apache.org/thread/0l0j3nt0t7fzrcjl2ch0jgj6c58kxs5h", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/0l0j3nt0t7fzrcjl2ch0jgj6c58kxs5h" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22884", "reference_id": "CVE-2023-22884", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22884" }, { "reference_url": "https://github.com/advisories/GHSA-c732-xvv8-g94c", "reference_id": "GHSA-c732-xvv8-g94c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-c732-xvv8-g94c" } ], "weaknesses": [ { "cwe_id": 77, "name": "Improper Neutralization of Special Elements used in a Command ('Command Injection')", "description": "The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4jpp-1y1j-pub1" }