{"url":"http://public2.vulnerablecode.io/api/packages/18958?format=json","purl":"pkg:pypi/locust@1.2.3","type":"pypi","namespace":"","name":"locust","version":"1.2.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.3.2","latest_non_vulnerable_version":"1.3.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35668?format=json","vulnerability_id":"VCID-4nyk-dyzz-yfeu","summary":"A stored cross-site scripting (XSS) vulnerability affects the Web UI in Locust before 1.3.2, if the installation violates the usage expectations by exposing this UI to outside users.","references":[{"reference_url":"https://docs.locust.io/en/stable/changelog.html","reference_id":"","reference_type":"","scores":[],"url":"https://docs.locust.io/en/stable/changelog.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18961?format=json","purl":"pkg:pypi/locust@1.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/locust@1.3.2"}],"aliases":["CVE-2020-28364","PYSEC-2020-60"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4nyk-dyzz-yfeu"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/locust@1.2.3"}