{"url":"http://public2.vulnerablecode.io/api/packages/19513?format=json","purl":"pkg:pypi/clickhouse-driver@0.0.7","type":"pypi","namespace":"","name":"clickhouse-driver","version":"0.0.7","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.1.5","latest_non_vulnerable_version":"0.1.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35703?format=json","vulnerability_id":"VCID-c583-21xs-jqbx","summary":"clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow.","references":[{"reference_url":"https://github.com/advisories/GHSA-vgv5-cxvh-vfxh","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vgv5-cxvh-vfxh"},{"reference_url":"https://github.com/mymarilyn/clickhouse-driver/commit/3e990547e064b8fca916b23a0f7d6fe8c63c7f6b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mymarilyn/clickhouse-driver/commit/3e990547e064b8fca916b23a0f7d6fe8c63c7f6b"},{"reference_url":"https://github.com/mymarilyn/clickhouse-driver/commit/d708ed548e1d6f254ba81a21de8ba543a53b5598","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mymarilyn/clickhouse-driver/commit/d708ed548e1d6f254ba81a21de8ba543a53b5598"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19532?format=json","purl":"pkg:pypi/clickhouse-driver@0.1.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/clickhouse-driver@0.1.5"}],"aliases":["CVE-2020-26759","GHSA-vgv5-cxvh-vfxh","PYSEC-2021-61"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c583-21xs-jqbx"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/clickhouse-driver@0.0.7"}