Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/slixmpp@1.4.0
Typepypi
Namespace
Nameslixmpp
Version1.4.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.8.3
Latest_non_vulnerable_version1.8.3
Affected_by_vulnerabilities
0
url VCID-61dw-bszt-7be4
vulnerability_id VCID-61dw-bszt-7be4
summary slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of default access model that can result in all of the contacts of the victim can see private data having been published to a PEP node. This attack appears to be exploitable if the user of this library publishes any private data on PEP, the node isn't configured to be private. This vulnerability appears to have been fixed in commit 7cd73b594e8122dddf847953fcfc85ab4d316416 which is included in slixmpp 1.4.2.
references
0
reference_url https://github.com/poezio/slixmpp
reference_id
reference_type
scores
url https://github.com/poezio/slixmpp
1
reference_url https://github.com/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416
reference_id
reference_type
scores
url https://github.com/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/slixmpp/PYSEC-2019-121.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/slixmpp/PYSEC-2019-121.yaml
3
reference_url https://lab.louiz.org/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416
reference_id
reference_type
scores
url https://lab.louiz.org/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GKBXN7EAAR7ENEZUBKV6C6MP6QBXYTWT
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GKBXN7EAAR7ENEZUBKV6C6MP6QBXYTWT
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GKBXN7EAAR7ENEZUBKV6C6MP6QBXYTWT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GKBXN7EAAR7ENEZUBKV6C6MP6QBXYTWT/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIBP4LD2V4TBJSLZXDUAGQMD6CUI2TZR
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIBP4LD2V4TBJSLZXDUAGQMD6CUI2TZR
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIBP4LD2V4TBJSLZXDUAGQMD6CUI2TZR/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIBP4LD2V4TBJSLZXDUAGQMD6CUI2TZR/
8
reference_url https://xmpp.org/extensions/xep-0223.html#howitworks
reference_id
reference_type
scores
url https://xmpp.org/extensions/xep-0223.html#howitworks
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1000021
reference_id CVE-2019-1000021
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-1000021
10
reference_url https://github.com/advisories/GHSA-4g62-mfwx-4q48
reference_id GHSA-4g62-mfwx-4q48
reference_type
scores
url https://github.com/advisories/GHSA-4g62-mfwx-4q48
fixed_packages
0
url pkg:pypi/slixmpp@1.4.2
purl pkg:pypi/slixmpp@1.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-get1-2fht-u7bu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/slixmpp@1.4.2
aliases CVE-2019-1000021, GHSA-4g62-mfwx-4q48, PYSEC-2019-121
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-61dw-bszt-7be4
1
url VCID-get1-2fht-u7bu
vulnerability_id VCID-get1-2fht-u7bu
summary Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.
references
0
reference_url https://github.com/poezio/slixmpp/commits/master/slixmpp/xmlstream/xmlstream.py
reference_id
reference_type
scores
url https://github.com/poezio/slixmpp/commits/master/slixmpp/xmlstream/xmlstream.py
1
reference_url https://github.com/poezio/slixmpp/tags
reference_id
reference_type
scores
url https://github.com/poezio/slixmpp/tags
2
reference_url https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801f0aa7fa
reference_id
reference_type
scores
url https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801f0aa7fa
3
reference_url https://lab.louiz.org/poezio/slixmpp/-/commits/master
reference_id
reference_type
scores
url https://lab.louiz.org/poezio/slixmpp/-/commits/master
fixed_packages
0
url pkg:pypi/slixmpp@1.8.3
purl pkg:pypi/slixmpp@1.8.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/slixmpp@1.8.3
aliases CVE-2022-45197, PYSEC-2022-43013
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-get1-2fht-u7bu
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/slixmpp@1.4.0