{"url":"http://public2.vulnerablecode.io/api/packages/63199?format=json","purl":"pkg:pypi/ipsilon@1.2.1","type":"pypi","namespace":"","name":"ipsilon","version":"1.2.1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.0.2","latest_non_vulnerable_version":"2.0.2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43969?format=json","vulnerability_id":"VCID-j7c7-5cjw-wqf9","summary":"Session Fixation\nA vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a \"SAML2 multi-session vulnerability.\"","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2809.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-2809.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2809","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2809"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1392829","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1392829"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638"},{"reference_url":"https://ipsilon-project.org/release/2.1.0.html","reference_id":"","reference_type":"","scores":[],"url":"https://ipsilon-project.org/release/2.1.0.html"},{"reference_url":"https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c","reference_id":"","reference_type":"","scores":[],"url":"https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c"},{"reference_url":"http://www.securityfocus.com/bid/94439","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94439"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2016-8638","reference_id":"CVE-2016-8638","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2016-8638"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8638","reference_id":"CVE-2016-8638","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8638"},{"reference_url":"https://ipsilon-project.org/advisory/CVE-2016-8638.txt","reference_id":"CVE-2016-8638.TXT","reference_type":"","scores":[],"url":"https://ipsilon-project.org/advisory/CVE-2016-8638.txt"},{"reference_url":"https://github.com/advisories/GHSA-376m-3rm2-9jm6","reference_id":"GHSA-376m-3rm2-9jm6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-376m-3rm2-9jm6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63201?format=json","purl":"pkg:pypi/ipsilon@1.0.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@1.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/63202?format=json","purl":"pkg:pypi/ipsilon@1.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@1.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/63199?format=json","purl":"pkg:pypi/ipsilon@1.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@1.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/63200?format=json","purl":"pkg:pypi/ipsilon@2.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@2.0.2"}],"aliases":["CVE-2016-8638","GHSA-376m-3rm2-9jm6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j7c7-5cjw-wqf9"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@1.2.1"}