{"url":"http://public2.vulnerablecode.io/api/packages/20634?format=json","purl":"pkg:pypi/octoprint@1.6.0rc3","type":"pypi","namespace":"","name":"octoprint","version":"1.6.0rc3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.11.0","latest_non_vulnerable_version":"1.11.6","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9259?format=json","vulnerability_id":"VCID-42qc-rtxt-b7an","summary":"OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user's or - if the victim has admin permissions - the global API key without having to reauthenticate by re-entering the user account's password. An attacker could use a stolen API key to access OctoPrint through its API, or disrupt workflows depending on the API key they deleted. This vulnerability will be patched in version 1.10.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51493","reference_id":"","reference_type":"","scores":[{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27797","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51493"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/9bc80d782d72881b16e20873dcd0b8314324c70c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint/commit/9bc80d782d72881b16e20873dcd0b8314324c70c"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-cc6x-8cc7-9953","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-05T19:01:40Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-cc6x-8cc7-9953"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-202.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-202.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51493","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51493"},{"reference_url":"https://github.com/advisories/GHSA-cc6x-8cc7-9953","reference_id":"GHSA-cc6x-8cc7-9953","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cc6x-8cc7-9953"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42694?format=json","purl":"pkg:pypi/octoprint@1.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8egf-pvr4-ekb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.3"}],"aliases":["CVE-2024-51493","GHSA-cc6x-8cc7-9953","PYSEC-2024-202"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-42qc-rtxt-b7an"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9126?format=json","vulnerability_id":"VCID-4rdu-2qdw-skgk","summary":"OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the `autologinLocal` option is enabled within `config.yaml`, even if they come from networks that are not configured as `localNetworks`, spoofing their IP via the `X-Forwarded-For` header. If autologin is not enabled, this vulnerability does not have any impact. The vulnerability has been patched in version 1.10.1. Until the patch has been applied, OctoPrint administrators who have autologin enabled on their instances should disable it and/or to make the instance inaccessible from potentially hostile networks like the internet.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32977","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.3062","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32977"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/5afbec8d23508edc25b0f1bdef1620580136add4","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-15T13:21:43Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/5afbec8d23508edc25b0f1bdef1620580136add4"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-2vjq-hg5w-5gm7","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-15T13:21:43Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-2vjq-hg5w-5gm7"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-237.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-237.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32977","reference_id":"CVE-2024-32977","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32977"},{"reference_url":"https://github.com/advisories/GHSA-2vjq-hg5w-5gm7","reference_id":"GHSA-2vjq-hg5w-5gm7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2vjq-hg5w-5gm7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39924?format=json","purl":"pkg:pypi/octoprint@1.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42qc-rtxt-b7an"},{"vulnerability":"VCID-8egf-pvr4-ekb2"},{"vulnerability":"VCID-y76e-1rfg-sqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.1"}],"aliases":["CVE-2024-32977","GHSA-2vjq-hg5w-5gm7","PYSEC-2024-237"],"risk_score":4.2,"exploitability":"0.5","weighted_severity":"8.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4rdu-2qdw-skgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8519?format=json","vulnerability_id":"VCID-72nd-8ydv-zyaz","summary":"If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2888","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14987","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2888"},{"reference_url":"https://github.com/octoprint/octoprint","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint"},{"reference_url":"https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:05Z/"}],"url":"https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-282.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-282.yaml"},{"reference_url":"https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:05Z/"}],"url":"https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2888","reference_id":"CVE-2022-2888","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2888"},{"reference_url":"https://github.com/advisories/GHSA-937f-qh3w-6g87","reference_id":"GHSA-937f-qh3w-6g87","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-937f-qh3w-6g87"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27561?format=json","purl":"pkg:pypi/octoprint@1.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42qc-rtxt-b7an"},{"vulnerability":"VCID-4rdu-2qdw-skgk"},{"vulnerability":"VCID-8egf-pvr4-ekb2"},{"vulnerability":"VCID-a6rx-nu7r-tfhb"},{"vulnerability":"VCID-ehrz-5ved-sbba"},{"vulnerability":"VCID-r59d-6zpd-vkaa"},{"vulnerability":"VCID-y76e-1rfg-sqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3"}],"aliases":["CVE-2022-2888","GHSA-937f-qh3w-6g87","PYSEC-2022-282"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-72nd-8ydv-zyaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9385?format=json","vulnerability_id":"VCID-8egf-pvr4-ekb2","summary":"OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential future modifications to the codebase that might incorrectly rely on the vulnerable internal functions for authentication checks, leading to security vulnerabilities. This issue has been patched in version 1.11.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32788","reference_id":"","reference_type":"","scores":[{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24854","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32788"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/41ff431014edfa18ca1a01897b10463934dc7fc2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T19:56:38Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/41ff431014edfa18ca1a01897b10463934dc7fc2"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-qw93-h6pf-226x","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T19:56:38Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-qw93-h6pf-226x"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2025-56.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2025-56.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32788","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32788"},{"reference_url":"https://github.com/advisories/GHSA-qw93-h6pf-226x","reference_id":"GHSA-qw93-h6pf-226x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qw93-h6pf-226x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43919?format=json","purl":"pkg:pypi/octoprint@1.11.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.0"}],"aliases":["CVE-2025-32788","GHSA-qw93-h6pf-226x","PYSEC-2025-56"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8egf-pvr4-ekb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8449?format=json","vulnerability_id":"VCID-94gj-qvwx-m7c1","summary":"Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2930","reference_id":"","reference_type":"","scores":[{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30902","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2930"},{"reference_url":"https://github.com/octoprint/octoprint","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint"},{"reference_url":"https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-43142.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-43142.yaml"},{"reference_url":"https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2930","reference_id":"CVE-2022-2930","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2930"},{"reference_url":"https://github.com/advisories/GHSA-39gf-864w-pxw4","reference_id":"GHSA-39gf-864w-pxw4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-39gf-864w-pxw4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27561?format=json","purl":"pkg:pypi/octoprint@1.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42qc-rtxt-b7an"},{"vulnerability":"VCID-4rdu-2qdw-skgk"},{"vulnerability":"VCID-8egf-pvr4-ekb2"},{"vulnerability":"VCID-a6rx-nu7r-tfhb"},{"vulnerability":"VCID-ehrz-5ved-sbba"},{"vulnerability":"VCID-r59d-6zpd-vkaa"},{"vulnerability":"VCID-y76e-1rfg-sqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3"}],"aliases":["CVE-2022-2930","GHSA-39gf-864w-pxw4","PYSEC-2022-43142"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-94gj-qvwx-m7c1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8901?format=json","vulnerability_id":"VCID-a6rx-nu7r-tfhb","summary":"OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract data managed by OctoPrint, or manipulate data managed by OctoPrint, as well as execute arbitrary commands with the rights of the OctoPrint process on the server system. OctoPrint versions from 1.9.3 onward have been patched. Administrators of OctoPrint instances are advised to make sure they can trust all other administrators on their instance and to also not blindly configure arbitrary GCODE scripts found online or provided to them by third parties.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41047","reference_id":"","reference_type":"","scores":[{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34253","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41047"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/d0072cff894509c77e243d6562245ad3079e17db","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T16:43:52Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/d0072cff894509c77e243d6562245ad3079e17db"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.9.3","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T16:43:52Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.9.3"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-fwfg-vprh-97ph","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T16:43:52Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-fwfg-vprh-97ph"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2023-195.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2023-195.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41047","reference_id":"CVE-2023-41047","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41047"},{"reference_url":"https://github.com/advisories/GHSA-fwfg-vprh-97ph","reference_id":"GHSA-fwfg-vprh-97ph","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fwfg-vprh-97ph"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35193?format=json","purl":"pkg:pypi/octoprint@1.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42qc-rtxt-b7an"},{"vulnerability":"VCID-4rdu-2qdw-skgk"},{"vulnerability":"VCID-8egf-pvr4-ekb2"},{"vulnerability":"VCID-ehrz-5ved-sbba"},{"vulnerability":"VCID-r59d-6zpd-vkaa"},{"vulnerability":"VCID-y76e-1rfg-sqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.9.3"}],"aliases":["CVE-2023-41047","GHSA-fwfg-vprh-97ph","PYSEC-2023-195"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a6rx-nu7r-tfhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8376?format=json","vulnerability_id":"VCID-bbaq-8mvf-fbfy","summary":"Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1432","reference_id":"","reference_type":"","scores":[{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63171","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1432"},{"reference_url":"https://github.com/advisories/GHSA-h8pc-j334-jjhm","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h8pc-j334-jjhm"},{"reference_url":"https://github.com/octoprint/octoprint","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint"},{"reference_url":"https://github.com/octoprint/octoprint/commit/6d259d7e6f5b0de9a1c762831537a386e53978d3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint/commit/6d259d7e6f5b0de9a1c762831537a386e53978d3"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-201.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-201.yaml"},{"reference_url":"https://huntr.dev/bounties/cb545c63-a3c1-4d57-8f06-e4593ab389bf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/cb545c63-a3c1-4d57-8f06-e4593ab389bf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1432","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1432"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26519?format=json","purl":"pkg:pypi/octoprint@1.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42qc-rtxt-b7an"},{"vulnerability":"VCID-4rdu-2qdw-skgk"},{"vulnerability":"VCID-72nd-8ydv-zyaz"},{"vulnerability":"VCID-8egf-pvr4-ekb2"},{"vulnerability":"VCID-94gj-qvwx-m7c1"},{"vulnerability":"VCID-a6rx-nu7r-tfhb"},{"vulnerability":"VCID-ehrz-5ved-sbba"},{"vulnerability":"VCID-esc4-ussb-wycb"},{"vulnerability":"VCID-kjta-w4nw-2ybr"},{"vulnerability":"VCID-pwxz-emyt-rfbm"},{"vulnerability":"VCID-r59d-6zpd-vkaa"},{"vulnerability":"VCID-y76e-1rfg-sqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.0"}],"aliases":["CVE-2022-1432","GHSA-h8pc-j334-jjhm","PYSEC-2022-201"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bbaq-8mvf-fbfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9048?format=json","vulnerability_id":"VCID-ehrz-5ved-sbba","summary":"OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an admin account might use this to lock out actual admins from their OctoPrint instance. The vulnerability will be patched in version 1.10.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23637","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10048","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23637"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/1729d167b4ae4a5835bbc7211b92c6828b1c4125","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T20:27:59Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/1729d167b4ae4a5835bbc7211b92c6828b1c4125"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.10.0rc1","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T20:27:59Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.10.0rc1"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-5626-pw9c-hmjr","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T20:27:59Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-5626-pw9c-hmjr"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-29.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-29.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23637","reference_id":"CVE-2024-23637","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23637"},{"reference_url":"https://github.com/advisories/GHSA-5626-pw9c-hmjr","reference_id":"GHSA-5626-pw9c-hmjr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5626-pw9c-hmjr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38104?format=json","purl":"pkg:pypi/octoprint@1.10.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42qc-rtxt-b7an"},{"vulnerability":"VCID-4rdu-2qdw-skgk"},{"vulnerability":"VCID-8egf-pvr4-ekb2"},{"vulnerability":"VCID-r59d-6zpd-vkaa"},{"vulnerability":"VCID-y76e-1rfg-sqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.0rc1"}],"aliases":["CVE-2024-23637","GHSA-5626-pw9c-hmjr","PYSEC-2024-29"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ehrz-5ved-sbba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8567?format=json","vulnerability_id":"VCID-esc4-ussb-wycb","summary":"Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3607","reference_id":"","reference_type":"","scores":[{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44478","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3607"},{"reference_url":"https://github.com/octoprint/octoprint","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint"},{"reference_url":"https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-09T14:47:28Z/"}],"url":"https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-42975.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-42975.yaml"},{"reference_url":"https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-09T14:47:28Z/"}],"url":"https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3607","reference_id":"CVE-2022-3607","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3607"},{"reference_url":"https://github.com/advisories/GHSA-rj5f-vm79-5j84","reference_id":"GHSA-rj5f-vm79-5j84","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rj5f-vm79-5j84"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27561?format=json","purl":"pkg:pypi/octoprint@1.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42qc-rtxt-b7an"},{"vulnerability":"VCID-4rdu-2qdw-skgk"},{"vulnerability":"VCID-8egf-pvr4-ekb2"},{"vulnerability":"VCID-a6rx-nu7r-tfhb"},{"vulnerability":"VCID-ehrz-5ved-sbba"},{"vulnerability":"VCID-r59d-6zpd-vkaa"},{"vulnerability":"VCID-y76e-1rfg-sqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3"}],"aliases":["CVE-2022-3607","GHSA-rj5f-vm79-5j84","PYSEC-2022-42975"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-esc4-ussb-wycb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8520?format=json","vulnerability_id":"VCID-kjta-w4nw-2ybr","summary":"Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3068","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35218","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3068"},{"reference_url":"https://github.com/octoprint/octoprint","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint"},{"reference_url":"https://github.com/octoprint/octoprint/commit/ef95ef1c101b79394f134e8fce000e6bae046571","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:21:49Z/"}],"url":"https://github.com/octoprint/octoprint/commit/ef95ef1c101b79394f134e8fce000e6bae046571"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-283.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-283.yaml"},{"reference_url":"https://huntr.dev/bounties/f45c24cb-9104-4c6e-a9e1-5c7e75e83884","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:21:49Z/"}],"url":"https://huntr.dev/bounties/f45c24cb-9104-4c6e-a9e1-5c7e75e83884"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3068","reference_id":"CVE-2022-3068","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3068"},{"reference_url":"https://github.com/advisories/GHSA-2p75-q37p-f852","reference_id":"GHSA-2p75-q37p-f852","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2p75-q37p-f852"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27561?format=json","purl":"pkg:pypi/octoprint@1.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42qc-rtxt-b7an"},{"vulnerability":"VCID-4rdu-2qdw-skgk"},{"vulnerability":"VCID-8egf-pvr4-ekb2"},{"vulnerability":"VCID-a6rx-nu7r-tfhb"},{"vulnerability":"VCID-ehrz-5ved-sbba"},{"vulnerability":"VCID-r59d-6zpd-vkaa"},{"vulnerability":"VCID-y76e-1rfg-sqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3"}],"aliases":["CVE-2022-3068","GHSA-2p75-q37p-f852","PYSEC-2022-283"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kjta-w4nw-2ybr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8518?format=json","vulnerability_id":"VCID-pwxz-emyt-rfbm","summary":"Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2872","reference_id":"","reference_type":"","scores":[{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44942","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2872"},{"reference_url":"https://github.com/octoprint/octoprint","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint"},{"reference_url":"https://github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:26:52Z/"}],"url":"https://github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-286.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-286.yaml"},{"reference_url":"https://huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:26:52Z/"}],"url":"https://huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2872","reference_id":"CVE-2022-2872","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2872"},{"reference_url":"https://github.com/advisories/GHSA-49wm-4fp6-h59c","reference_id":"GHSA-49wm-4fp6-h59c","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-49wm-4fp6-h59c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27561?format=json","purl":"pkg:pypi/octoprint@1.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42qc-rtxt-b7an"},{"vulnerability":"VCID-4rdu-2qdw-skgk"},{"vulnerability":"VCID-8egf-pvr4-ekb2"},{"vulnerability":"VCID-a6rx-nu7r-tfhb"},{"vulnerability":"VCID-ehrz-5ved-sbba"},{"vulnerability":"VCID-r59d-6zpd-vkaa"},{"vulnerability":"VCID-y76e-1rfg-sqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3"}],"aliases":["CVE-2022-2872","GHSA-49wm-4fp6-h59c","PYSEC-2022-286"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pwxz-emyt-rfbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9090?format=json","vulnerability_id":"VCID-r59d-6zpd-vkaa","summary":"OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through the \"Test\" button included in the web interface will execute JavaScript code in the victims browser when attempting to render the snapshot image. An attacker who successfully talked a victim with admin rights into performing a snapshot test with such a crafted URL could use this to retrieve or modify sensitive configuration settings, interrupt prints or otherwise interact with the OctoPrint instance in a malicious way. The vulnerability is patched in version 1.10.0rc3. OctoPrint administrators are strongly advised to thoroughly vet who has admin access to their installation and what settings they modify based on instructions by strangers.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28237","reference_id":"","reference_type":"","scores":[{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65752","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28237"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/779894c1bc6478332d14bc9ed1006df1354eb517","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-02T15:19:13Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/779894c1bc6478332d14bc9ed1006df1354eb517"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-x7mf-wrh9-r76c","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-02T15:19:13Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-x7mf-wrh9-r76c"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-179.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-179.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28237","reference_id":"CVE-2024-28237","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28237"},{"reference_url":"https://github.com/advisories/GHSA-x7mf-wrh9-r76c","reference_id":"GHSA-x7mf-wrh9-r76c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x7mf-wrh9-r76c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39562?format=json","purl":"pkg:pypi/octoprint@1.10.0rc3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42qc-rtxt-b7an"},{"vulnerability":"VCID-4rdu-2qdw-skgk"},{"vulnerability":"VCID-8egf-pvr4-ekb2"},{"vulnerability":"VCID-r59d-6zpd-vkaa"},{"vulnerability":"VCID-y76e-1rfg-sqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.0rc3"},{"url":"http://public2.vulnerablecode.io/api/packages/39564?format=json","purl":"pkg:pypi/octoprint@1.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42qc-rtxt-b7an"},{"vulnerability":"VCID-4rdu-2qdw-skgk"},{"vulnerability":"VCID-8egf-pvr4-ekb2"},{"vulnerability":"VCID-y76e-1rfg-sqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.0"}],"aliases":["CVE-2024-28237","GHSA-x7mf-wrh9-r76c","PYSEC-2024-179"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r59d-6zpd-vkaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8377?format=json","vulnerability_id":"VCID-s69a-p1yc-fkdt","summary":"Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1430","reference_id":"","reference_type":"","scores":[{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.6364","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1430"},{"reference_url":"https://github.com/advisories/GHSA-x7r7-wmj8-vv5g","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x7r7-wmj8-vv5g"},{"reference_url":"https://github.com/octoprint/octoprint","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint"},{"reference_url":"https://github.com/octoprint/octoprint/commit/8087528e4a7ddd15c7d95ff662deb5ef7de90045","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint/commit/8087528e4a7ddd15c7d95ff662deb5ef7de90045"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-200.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-200.yaml"},{"reference_url":"https://huntr.dev/bounties/0cd30d71-1e32-4a0b-b4c3-faaa1907b541","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/0cd30d71-1e32-4a0b-b4c3-faaa1907b541"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1430","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1430"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26519?format=json","purl":"pkg:pypi/octoprint@1.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42qc-rtxt-b7an"},{"vulnerability":"VCID-4rdu-2qdw-skgk"},{"vulnerability":"VCID-72nd-8ydv-zyaz"},{"vulnerability":"VCID-8egf-pvr4-ekb2"},{"vulnerability":"VCID-94gj-qvwx-m7c1"},{"vulnerability":"VCID-a6rx-nu7r-tfhb"},{"vulnerability":"VCID-ehrz-5ved-sbba"},{"vulnerability":"VCID-esc4-ussb-wycb"},{"vulnerability":"VCID-kjta-w4nw-2ybr"},{"vulnerability":"VCID-pwxz-emyt-rfbm"},{"vulnerability":"VCID-r59d-6zpd-vkaa"},{"vulnerability":"VCID-y76e-1rfg-sqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.0"}],"aliases":["CVE-2022-1430","GHSA-x7r7-wmj8-vv5g","PYSEC-2022-200"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s69a-p1yc-fkdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8091?format=json","vulnerability_id":"VCID-s7hh-6c4x-5baj","summary":"The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not *.log files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32560","reference_id":"","reference_type":"","scores":[{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.5778","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32560"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2021-29.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2021-29.yaml"},{"reference_url":"https://octoprint.org/blog/2021/04/27/new-release-1.6.0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://octoprint.org/blog/2021/04/27/new-release-1.6.0"},{"reference_url":"https://octoprint.org/blog/2021/04/27/new-release-1.6.0/","reference_id":"","reference_type":"","scores":[],"url":"https://octoprint.org/blog/2021/04/27/new-release-1.6.0/"},{"reference_url":"https://www.brzozowski.io","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.brzozowski.io"},{"reference_url":"https://www.brzozowski.io/web-applications/2021/05/11/the-insecure-story-of-octoprint.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.brzozowski.io/web-applications/2021/05/11/the-insecure-story-of-octoprint.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32560","reference_id":"CVE-2021-32560","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32560"},{"reference_url":"https://github.com/advisories/GHSA-x9rq-fjp5-qgm9","reference_id":"GHSA-x9rq-fjp5-qgm9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x9rq-fjp5-qgm9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20635?format=json","purl":"pkg:pypi/octoprint@1.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42qc-rtxt-b7an"},{"vulnerability":"VCID-4rdu-2qdw-skgk"},{"vulnerability":"VCID-72nd-8ydv-zyaz"},{"vulnerability":"VCID-8egf-pvr4-ekb2"},{"vulnerability":"VCID-94gj-qvwx-m7c1"},{"vulnerability":"VCID-a6rx-nu7r-tfhb"},{"vulnerability":"VCID-bbaq-8mvf-fbfy"},{"vulnerability":"VCID-ehrz-5ved-sbba"},{"vulnerability":"VCID-esc4-ussb-wycb"},{"vulnerability":"VCID-kjta-w4nw-2ybr"},{"vulnerability":"VCID-pwxz-emyt-rfbm"},{"vulnerability":"VCID-r59d-6zpd-vkaa"},{"vulnerability":"VCID-s69a-p1yc-fkdt"},{"vulnerability":"VCID-y76e-1rfg-sqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.6.0"}],"aliases":["CVE-2021-32560","GHSA-x9rq-fjp5-qgm9","PYSEC-2021-29"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s7hh-6c4x-5baj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8090?format=json","vulnerability_id":"VCID-v9f2-3qjn-6fat","summary":"OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32561","reference_id":"","reference_type":"","scores":[{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.54163","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32561"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2021-30.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2021-30.yaml"},{"reference_url":"https://octoprint.org/blog/2021/04/27/new-release-1.6.0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://octoprint.org/blog/2021/04/27/new-release-1.6.0"},{"reference_url":"https://octoprint.org/blog/2021/04/27/new-release-1.6.0/","reference_id":"","reference_type":"","scores":[],"url":"https://octoprint.org/blog/2021/04/27/new-release-1.6.0/"},{"reference_url":"https://www.brzozowski.io","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.brzozowski.io"},{"reference_url":"https://www.brzozowski.io/web-applications/2021/05/11/the-insecure-story-of-octoprint.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.brzozowski.io/web-applications/2021/05/11/the-insecure-story-of-octoprint.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32561","reference_id":"CVE-2021-32561","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32561"},{"reference_url":"https://github.com/advisories/GHSA-vcx4-fpmp-mvv6","reference_id":"GHSA-vcx4-fpmp-mvv6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vcx4-fpmp-mvv6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20635?format=json","purl":"pkg:pypi/octoprint@1.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42qc-rtxt-b7an"},{"vulnerability":"VCID-4rdu-2qdw-skgk"},{"vulnerability":"VCID-72nd-8ydv-zyaz"},{"vulnerability":"VCID-8egf-pvr4-ekb2"},{"vulnerability":"VCID-94gj-qvwx-m7c1"},{"vulnerability":"VCID-a6rx-nu7r-tfhb"},{"vulnerability":"VCID-bbaq-8mvf-fbfy"},{"vulnerability":"VCID-ehrz-5ved-sbba"},{"vulnerability":"VCID-esc4-ussb-wycb"},{"vulnerability":"VCID-kjta-w4nw-2ybr"},{"vulnerability":"VCID-pwxz-emyt-rfbm"},{"vulnerability":"VCID-r59d-6zpd-vkaa"},{"vulnerability":"VCID-s69a-p1yc-fkdt"},{"vulnerability":"VCID-y76e-1rfg-sqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.6.0"}],"aliases":["CVE-2021-32561","GHSA-vcx4-fpmp-mvv6","PYSEC-2021-30"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v9f2-3qjn-6fat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9258?format=json","vulnerability_id":"VCID-y76e-1rfg-sqa2","summary":"OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog.  An attacker who successfully talked a victim into clicking on a specially crafted login link, or a malicious app running on a victim's computer triggering the application key workflow with specially crafted parameters and then redirecting the victim to the related standalone confirmation dialog could use this to retrieve or modify sensitive configuration settings, interrupt prints or otherwise interact with the OctoPrint instance in a malicious way. The above mentioned specific vulnerabilities of the login dialog and the standalone application key confirmation dialog have been patched in the bugfix release 1.10.3 by individual escaping of the detected locations. A global change throughout all of OctoPrint's templating system with the upcoming 1.11.0 release will handle this further, switching to globally enforced automatic escaping and thus reducing the attack surface in general. The latter will also improve the security of third party plugins. During a transition period, third party plugins will be able to opt into the automatic escaping. With OctoPrint 1.13.0, automatic escaping will be switched over to be enforced even for third party plugins, unless they explicitly opt-out.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-49377","reference_id":"","reference_type":"","scores":[{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56607","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-49377"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/b8a6b0a75202edac3bb142a8e4f9041a0b6825bf","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint/commit/b8a6b0a75202edac3bb142a8e4f9041a0b6825bf"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-xvxq-g8hw-fx4g","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-05T19:01:15Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-xvxq-g8hw-fx4g"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-201.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-201.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49377","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49377"},{"reference_url":"https://github.com/advisories/GHSA-xvxq-g8hw-fx4g","reference_id":"GHSA-xvxq-g8hw-fx4g","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xvxq-g8hw-fx4g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42694?format=json","purl":"pkg:pypi/octoprint@1.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8egf-pvr4-ekb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.3"}],"aliases":["CVE-2024-49377","GHSA-xvxq-g8hw-fx4g","PYSEC-2024-201"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y76e-1rfg-sqa2"}],"fixing_vulnerabilities":[],"risk_score":"4.2","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.6.0rc3"}