Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/53608?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53608?format=api", "vulnerability_id": "VCID-fy6y-f41e-8qex", "summary": "Vulnerable OpenSSL included in cryptography wheels\npyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 37.0.0-38.0.3 are vulnerable to a number of security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20221101.txt.\n\nIf you are building cryptography source (\"sdist\") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.", "aliases": [ { "alias": "GHSA-39hc-v87j-747x" }, { "alias": "GMS-2022-6259" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32003?format=api", "purl": "pkg:pypi/cryptography@38.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-4j5v-k162-tfgd" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-u4f5-k68d-wfd1" }, { "vulnerability": "VCID-x2wm-3tk7-wbbv" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@38.0.3" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31994?format=api", "purl": "pkg:pypi/cryptography@37.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-4j5v-k162-tfgd" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-fy6y-f41e-8qex" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-u4f5-k68d-wfd1" }, { "vulnerability": "VCID-x2wm-3tk7-wbbv" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@37.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/31996?format=api", "purl": "pkg:pypi/cryptography@37.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-4j5v-k162-tfgd" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-fy6y-f41e-8qex" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-u4f5-k68d-wfd1" }, { "vulnerability": "VCID-x2wm-3tk7-wbbv" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@37.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31997?format=api", "purl": "pkg:pypi/cryptography@37.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-4j5v-k162-tfgd" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-fy6y-f41e-8qex" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-u4f5-k68d-wfd1" }, { "vulnerability": "VCID-x2wm-3tk7-wbbv" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@37.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/31998?format=api", "purl": "pkg:pypi/cryptography@37.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-4j5v-k162-tfgd" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-fy6y-f41e-8qex" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-u4f5-k68d-wfd1" }, { "vulnerability": "VCID-x2wm-3tk7-wbbv" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@37.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/31999?format=api", "purl": "pkg:pypi/cryptography@37.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-4j5v-k162-tfgd" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-fy6y-f41e-8qex" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-u4f5-k68d-wfd1" }, { "vulnerability": "VCID-x2wm-3tk7-wbbv" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@37.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/32000?format=api", "purl": "pkg:pypi/cryptography@38.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-4j5v-k162-tfgd" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-fy6y-f41e-8qex" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-u4f5-k68d-wfd1" }, { "vulnerability": "VCID-x2wm-3tk7-wbbv" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@38.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/32001?format=api", "purl": "pkg:pypi/cryptography@38.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-4j5v-k162-tfgd" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-fy6y-f41e-8qex" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-u4f5-k68d-wfd1" }, { "vulnerability": "VCID-x2wm-3tk7-wbbv" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@38.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/32002?format=api", "purl": "pkg:pypi/cryptography@38.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-4j5v-k162-tfgd" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-fy6y-f41e-8qex" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-u4f5-k68d-wfd1" }, { "vulnerability": "VCID-x2wm-3tk7-wbbv" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@38.0.2" } ], "references": [ { "reference_url": "https://github.com/pyca/cryptography", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pyca/cryptography" }, { "reference_url": "https://github.com/pyca/cryptography/commit/382e759bcded5773330eeed748c86b213ec618c5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pyca/cryptography/commit/382e759bcded5773330eeed748c86b213ec618c5" }, { "reference_url": "https://github.com/pyca/cryptography/commit/cf2ada625d1188d6cd46396f301b98095da577f7", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pyca/cryptography/commit/cf2ada625d1188d6cd46396f301b98095da577f7" }, { "reference_url": "https://github.com/pyca/cryptography/security/advisories/GHSA-39hc-v87j-747x", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-39hc-v87j-747x" }, { "reference_url": "https://github.com/advisories/GHSA-39hc-v87j-747x", "reference_id": "GHSA-39hc-v87j-747x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-39hc-v87j-747x" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fy6y-f41e-8qex" }