Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/7016?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7016?format=api", "vulnerability_id": "VCID-3snn-k8cb-xbfe", "summary": "The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.", "aliases": [ { "alias": "CVE-2006-4684" }, { "alias": "GHSA-hm8g-jxjj-gfm3" }, { "alias": "PYSEC-2006-8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60637?format=api", "purl": "pkg:pypi/zope2@2.8.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.8.9" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60635?format=api", "purl": "pkg:pypi/zope2@2.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3snn-k8cb-xbfe" }, { "vulnerability": "VCID-peee-y3c2-13bu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/60636?format=api", "purl": "pkg:pypi/zope2@2.7.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3snn-k8cb-xbfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.7.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/55138?format=api", "purl": "pkg:pypi/zope2@2.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3bcn-9b2a-zqcm" }, { "vulnerability": "VCID-3snn-k8cb-xbfe" }, { "vulnerability": "VCID-peee-y3c2-13bu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.8.0" } ], "references": [ { "reference_url": "http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-4684", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00785", "scoring_system": "epss", "scoring_elements": "0.74072", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-4684" }, { "reference_url": "http://secunia.com/advisories/21947", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/21947" }, { "reference_url": "http://secunia.com/advisories/21953", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/21953" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2006-8.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2006-8.yaml" }, { "reference_url": "https://github.com/zopefoundation/Zope", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/zopefoundation/Zope" }, { "reference_url": "http://www.debian.org/security/2006/dsa-1176", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2006/dsa-1176" }, { "reference_url": "http://www.securityfocus.com/bid/20022", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/20022" }, { "reference_url": "http://www.vupen.com/english/advisories/2006/3653", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2006/3653" }, { "reference_url": "http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4684", "reference_id": "CVE-2006-4684", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4684" }, { "reference_url": "https://github.com/advisories/GHSA-hm8g-jxjj-gfm3", "reference_id": "GHSA-hm8g-jxjj-gfm3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hm8g-jxjj-gfm3" } ], "weaknesses": [ { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3snn-k8cb-xbfe" }