Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-49pa-4aeh-uuer

Summary An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability.

Aliases

alias	CVE-2017-2809

alias	GHSA-c2w9-48qc-qpj4

alias	PYSEC-2017-5

Fixed_packages

url pkg:pypi/ansible@1.1

purl pkg:pypi/ansible@1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-24vk-y12h-nbau

vulnerability	VCID-257n-yc2z-hfe8

vulnerability	VCID-3jxq-kxnz-6bfh

vulnerability	VCID-4331-d5yy-uybc

vulnerability	VCID-46yu-yqv4-1ugb

vulnerability	VCID-49gh-wgmc-mfew

vulnerability	VCID-5mcc-gtrr-j3e4

vulnerability	VCID-5r2p-dxtk-pkas

vulnerability	VCID-664v-ms96-jfd2

vulnerability	VCID-6hdk-ywcn-4qe4

vulnerability	VCID-6smx-ju23-8qes

vulnerability	VCID-6swz-79ue-bbef

vulnerability	VCID-7f2g-zz9p-sufc

vulnerability	VCID-7v54-buz9-8bbu

vulnerability	VCID-826d-vdw1-dbaj

vulnerability	VCID-95kg-bk3s-g7gx

vulnerability	VCID-a1as-vf3m-ukev

vulnerability	VCID-a7rr-4bvy-7yh9

vulnerability	VCID-axds-bd49-fbdj

vulnerability	VCID-b423-t4kx-eqbq

vulnerability	VCID-b8cv-v25q-1kh3

vulnerability	VCID-bmq3-uckn-tfhk

vulnerability	VCID-brft-snn6-guc8

vulnerability	VCID-d3nw-dz41-wfg2

vulnerability	VCID-d8by-xxm3-xkhb

vulnerability	VCID-duwt-5mk2-8kbf

vulnerability	VCID-ekyn-s6c7-pqbs

vulnerability	VCID-enwa-2cfn-5uab

vulnerability	VCID-fqqe-j2g8-k3gr

vulnerability	VCID-hyr1-b223-bkef

vulnerability	VCID-j4px-r23h-9kb7

vulnerability	VCID-ja3g-kwep-7yhr

vulnerability	VCID-kgjy-7kdy-c3cg

vulnerability	VCID-kzey-xd5m-j7bu

vulnerability	VCID-m87b-eb5y-8ydf

vulnerability	VCID-mcmb-z5r5-4ug8

vulnerability	VCID-n2b8-e8fa-2ue1

vulnerability	VCID-nn62-vxhh-zfcs

vulnerability	VCID-nx86-xnct-afbs

vulnerability	VCID-p6cz-c9ah-c7cp

vulnerability	VCID-pntx-wfhx-p3aa

vulnerability	VCID-qbws-64b9-83fc

vulnerability	VCID-qpsu-er16-a7dc

vulnerability	VCID-qtt6-8kf8-1fbt

vulnerability	VCID-rarq-tdjt-hff3

vulnerability	VCID-rc9e-eprg-pfdg

vulnerability	VCID-rgk8-k53p-gkft

vulnerability	VCID-rnub-zmb6-5yhw

vulnerability	VCID-s2w1-fedq-ckes

vulnerability	VCID-sn3p-chty-aqen

vulnerability	VCID-tfhg-gzz2-7qc5

vulnerability	VCID-u1pn-s2ug-nucg

vulnerability	VCID-uvca-5e2n-pqew

vulnerability	VCID-vtec-237j-1ua2

vulnerability	VCID-xk7s-y611-mffc

vulnerability	VCID-xn7b-vz2e-6qdh

vulnerability	VCID-zcmk-4k97-kkd9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.1

url	pkg:pypi/ansible-vault@1.0.5
purl	pkg:pypi/ansible-vault@1.0.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/ansible-vault@1.0.5

Affected_packages

url pkg:pypi/ansible@1.0

purl pkg:pypi/ansible@1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-24vk-y12h-nbau

vulnerability	VCID-257n-yc2z-hfe8

vulnerability	VCID-3jxq-kxnz-6bfh

vulnerability	VCID-4331-d5yy-uybc

vulnerability	VCID-46yu-yqv4-1ugb

vulnerability	VCID-49gh-wgmc-mfew

vulnerability	VCID-49pa-4aeh-uuer

vulnerability	VCID-5mcc-gtrr-j3e4

vulnerability	VCID-5r2p-dxtk-pkas

vulnerability	VCID-664v-ms96-jfd2

vulnerability	VCID-6hdk-ywcn-4qe4

vulnerability	VCID-6smx-ju23-8qes

vulnerability	VCID-6swz-79ue-bbef

vulnerability	VCID-7f2g-zz9p-sufc

vulnerability	VCID-7v54-buz9-8bbu

vulnerability	VCID-826d-vdw1-dbaj

vulnerability	VCID-95kg-bk3s-g7gx

vulnerability	VCID-a1as-vf3m-ukev

vulnerability	VCID-a7rr-4bvy-7yh9

vulnerability	VCID-axds-bd49-fbdj

vulnerability	VCID-b423-t4kx-eqbq

vulnerability	VCID-b8cv-v25q-1kh3

vulnerability	VCID-bmq3-uckn-tfhk

vulnerability	VCID-brft-snn6-guc8

vulnerability	VCID-d3nw-dz41-wfg2

vulnerability	VCID-d8by-xxm3-xkhb

vulnerability	VCID-duwt-5mk2-8kbf

vulnerability	VCID-ekyn-s6c7-pqbs

vulnerability	VCID-enwa-2cfn-5uab

vulnerability	VCID-fqqe-j2g8-k3gr

vulnerability	VCID-hyr1-b223-bkef

vulnerability	VCID-j4px-r23h-9kb7

vulnerability	VCID-ja3g-kwep-7yhr

vulnerability	VCID-kgjy-7kdy-c3cg

vulnerability	VCID-kzey-xd5m-j7bu

vulnerability	VCID-m87b-eb5y-8ydf

vulnerability	VCID-mcmb-z5r5-4ug8

vulnerability	VCID-n2b8-e8fa-2ue1

vulnerability	VCID-nn62-vxhh-zfcs

vulnerability	VCID-nx86-xnct-afbs

vulnerability	VCID-p6cz-c9ah-c7cp

vulnerability	VCID-pntx-wfhx-p3aa

vulnerability	VCID-qbws-64b9-83fc

vulnerability	VCID-qpsu-er16-a7dc

vulnerability	VCID-qtt6-8kf8-1fbt

vulnerability	VCID-rarq-tdjt-hff3

vulnerability	VCID-rc9e-eprg-pfdg

vulnerability	VCID-rgk8-k53p-gkft

vulnerability	VCID-rnub-zmb6-5yhw

vulnerability	VCID-s2w1-fedq-ckes

vulnerability	VCID-sn3p-chty-aqen

vulnerability	VCID-tfhg-gzz2-7qc5

vulnerability	VCID-u1pn-s2ug-nucg

vulnerability	VCID-uvca-5e2n-pqew

vulnerability	VCID-vtec-237j-1ua2

vulnerability	VCID-xk7s-y611-mffc

vulnerability	VCID-xn7b-vz2e-6qdh

vulnerability	VCID-zcmk-4k97-kkd9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.0

url pkg:pypi/ansible-vault@1.0.0

purl pkg:pypi/ansible-vault@1.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-49pa-4aeh-uuer

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible-vault@1.0.0

url pkg:pypi/ansible-vault@1.0.1

purl pkg:pypi/ansible-vault@1.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-49pa-4aeh-uuer

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible-vault@1.0.1

url pkg:pypi/ansible-vault@1.0.2

purl pkg:pypi/ansible-vault@1.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-49pa-4aeh-uuer

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible-vault@1.0.2

url pkg:pypi/ansible-vault@1.0.3

purl pkg:pypi/ansible-vault@1.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-49pa-4aeh-uuer

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible-vault@1.0.3

url pkg:pypi/ansible-vault@1.0.4

purl pkg:pypi/ansible-vault@1.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-49pa-4aeh-uuer

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible-vault@1.0.4

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2809

reference_id

reference_type

scores

value	0.00465
scoring_system	epss
scoring_elements	0.64679
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2809

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/ansible-vault/PYSEC-2017-5.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/ansible-vault/PYSEC-2017-5.yaml

reference_url

https://github.com/tomoh1r/ansible-vault

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/tomoh1r/ansible-vault

reference_url

https://github.com/tomoh1r/ansible-vault/blob/v1.0.5/CHANGES.txt

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/tomoh1r/ansible-vault/blob/v1.0.5/CHANGES.txt

reference_url

https://github.com/tomoh1r/ansible-vault/commit/3f8f659ef443ab870bb19f95d43543470168ae04

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/tomoh1r/ansible-vault/commit/3f8f659ef443ab870bb19f95d43543470168ae04

reference_url

https://github.com/tomoh1r/ansible-vault/issues/4

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/tomoh1r/ansible-vault/issues/4

reference_url

https://web.archive.org/web/20171206173637/http://www.securityfocus.com/bid/100824

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20171206173637/http://www.securityfocus.com/bid/100824

reference_url

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0305

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0305

reference_url	http://www.securityfocus.com/bid/100824
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100824

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-2809

reference_id

CVE-2017-2809

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2809

reference_url

https://github.com/advisories/GHSA-c2w9-48qc-qpj4

reference_id

GHSA-c2w9-48qc-qpj4

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-c2w9-48qc-qpj4

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	94
name	Improper Control of Generation of Code ('Code Injection')
description	The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

cwe_id	78
name	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description	The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-49pa-4aeh-uuer

Vulnerability Instance