{"url":"http://public2.vulnerablecode.io/api/packages/64407?format=json","purl":"pkg:pypi/octoprint@1.4.0rc4","type":"pypi","namespace":"","name":"octoprint","version":"1.4.0rc4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.11.6","latest_non_vulnerable_version":"1.11.6","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52630?format=json","vulnerability_id":"VCID-2cub-qe27-8ydg","summary":"OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the `autologinLocal` option is enabled within `config.yaml`, even if they come from networks that are not configured as `localNetworks`, spoofing their IP via the `X-Forwarded-For` header. If autologin is not enabled, this vulnerability does not have any impact. The vulnerability has been patched in version 1.10.1. Until the patch has been applied, OctoPrint administrators who have autologin enabled on their instances should disable it and/or to make the instance inaccessible from potentially hostile networks like the internet.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32977","reference_id":"","reference_type":"","scores":[{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36333","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32977"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-237.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-237.yaml"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/5afbec8d23508edc25b0f1bdef1620580136add4","reference_id":"5afbec8d23508edc25b0f1bdef1620580136add4","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-15T13:21:43Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/5afbec8d23508edc25b0f1bdef1620580136add4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32977","reference_id":"CVE-2024-32977","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32977"},{"reference_url":"https://github.com/advisories/GHSA-2vjq-hg5w-5gm7","reference_id":"GHSA-2vjq-hg5w-5gm7","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2vjq-hg5w-5gm7"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-2vjq-hg5w-5gm7","reference_id":"GHSA-2vjq-hg5w-5gm7","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-15T13:21:43Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-2vjq-hg5w-5gm7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31061?format=json","purl":"pkg:pypi/octoprint@1.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-49na-ptq4-q7ba"},{"vulnerability":"VCID-g8tn-vs5n-47a7"},{"vulnerability":"VCID-r446-why1-fubb"},{"vulnerability":"VCID-tb48-kg2g-rkds"},{"vulnerability":"VCID-u3bq-5gbm-dyhz"},{"vulnerability":"VCID-ukky-hd4w-dffm"},{"vulnerability":"VCID-vpq4-7mh6-duhr"},{"vulnerability":"VCID-za3r-74rm-bkfe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.1"}],"aliases":["CVE-2024-32977","GHSA-2vjq-hg5w-5gm7","PYSEC-2024-237"],"risk_score":4.2,"exploitability":"0.5","weighted_severity":"8.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2cub-qe27-8ydg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66999?format=json","vulnerability_id":"VCID-49na-ptq4-q7ba","summary":"OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a (theoretical) timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the first mismatched character during API key validation, rather than a cryptographical method with static runtime regardless of the point of mismatch, an attacker with network based access to an affected OctoPrint could extract API keys valid on the instance by measuring the response times of the denied access responses and guess an API key character by character. The vulnerability is patched in version 1.11.6. The likelihood of this attack actually working is highly dependent on the network's latency, noise and similar parameters. An actual proof of concept was not achieved so far. Still, as always administrators are advised to not expose their OctoPrint instance on hostile networks, especially not on the public Internet.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23892","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03057","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23892"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.11.6","reference_id":"1.11.6","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T19:13:25Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.11.6"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/249fd80ab01bc4b7dabedff768230a0fb5d01a8c","reference_id":"249fd80ab01bc4b7dabedff768230a0fb5d01a8c","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T19:13:25Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/249fd80ab01bc4b7dabedff768230a0fb5d01a8c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23892","reference_id":"CVE-2026-23892","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23892"},{"reference_url":"https://github.com/advisories/GHSA-xg4x-w2j3-57h6","reference_id":"GHSA-xg4x-w2j3-57h6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xg4x-w2j3-57h6"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-xg4x-w2j3-57h6","reference_id":"GHSA-xg4x-w2j3-57h6","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T19:13:25Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-xg4x-w2j3-57h6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38211?format=json","purl":"pkg:pypi/octoprint@1.11.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.6"}],"aliases":["CVE-2026-23892","GHSA-xg4x-w2j3-57h6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-49na-ptq4-q7ba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210408?format=json","vulnerability_id":"VCID-5ytr-t8pp-e3h2","summary":"OctoPrint API Error Messages vulnerable to XSS","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32561","reference_id":"","reference_type":"","scores":[{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.54312","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32561"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2021-30.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2021-30.yaml"},{"reference_url":"https://octoprint.org/blog/2021/04/27/new-release-1.6.0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://octoprint.org/blog/2021/04/27/new-release-1.6.0"},{"reference_url":"https://octoprint.org/blog/2021/04/27/new-release-1.6.0/","reference_id":"","reference_type":"","scores":[],"url":"https://octoprint.org/blog/2021/04/27/new-release-1.6.0/"},{"reference_url":"https://www.brzozowski.io","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.brzozowski.io"},{"reference_url":"https://www.brzozowski.io/web-applications/2021/05/11/the-insecure-story-of-octoprint.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.brzozowski.io/web-applications/2021/05/11/the-insecure-story-of-octoprint.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32561","reference_id":"CVE-2021-32561","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32561"},{"reference_url":"https://github.com/advisories/GHSA-vcx4-fpmp-mvv6","reference_id":"GHSA-vcx4-fpmp-mvv6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vcx4-fpmp-mvv6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23346?format=json","purl":"pkg:pypi/octoprint@1.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cub-qe27-8ydg"},{"vulnerability":"VCID-49na-ptq4-q7ba"},{"vulnerability":"VCID-6r5c-xsnz-kkhb"},{"vulnerability":"VCID-99k3-bt7y-m7az"},{"vulnerability":"VCID-cvmz-xqx7-t3df"},{"vulnerability":"VCID-eumt-k6wn-3kcq"},{"vulnerability":"VCID-fwx5-necc-t7ch"},{"vulnerability":"VCID-g8tn-vs5n-47a7"},{"vulnerability":"VCID-m9k6-9ft6-9kdf"},{"vulnerability":"VCID-nsb4-79pr-67eu"},{"vulnerability":"VCID-pnme-vesu-8khw"},{"vulnerability":"VCID-r446-why1-fubb"},{"vulnerability":"VCID-tb48-kg2g-rkds"},{"vulnerability":"VCID-u3bq-5gbm-dyhz"},{"vulnerability":"VCID-ukky-hd4w-dffm"},{"vulnerability":"VCID-vpq4-7mh6-duhr"},{"vulnerability":"VCID-wkhk-mjja-fuhm"},{"vulnerability":"VCID-xnex-jd9w-ruaz"},{"vulnerability":"VCID-za3r-74rm-bkfe"},{"vulnerability":"VCID-ze38-9vap-5yc1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.6.0"}],"aliases":["CVE-2021-32561","GHSA-vcx4-fpmp-mvv6","PYSEC-2021-30"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ytr-t8pp-e3h2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/147209?format=json","vulnerability_id":"VCID-6r5c-xsnz-kkhb","summary":"OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract data managed by OctoPrint, or manipulate data managed by OctoPrint, as well as execute arbitrary commands with the rights of the OctoPrint process on the server system. OctoPrint versions from 1.9.3 onward have been patched. Administrators of OctoPrint instances are advised to make sure they can trust all other administrators on their instance and to also not blindly configure arbitrary GCODE scripts found online or provided to them by third parties.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41047","reference_id":"","reference_type":"","scores":[{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34317","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41047"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2023-195.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2023-195.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41047","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41047"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.9.3","reference_id":"1.9.3","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T16:43:52Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.9.3"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/d0072cff894509c77e243d6562245ad3079e17db","reference_id":"d0072cff894509c77e243d6562245ad3079e17db","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T16:43:52Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/d0072cff894509c77e243d6562245ad3079e17db"},{"reference_url":"https://github.com/advisories/GHSA-fwfg-vprh-97ph","reference_id":"GHSA-fwfg-vprh-97ph","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fwfg-vprh-97ph"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-fwfg-vprh-97ph","reference_id":"GHSA-fwfg-vprh-97ph","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T16:43:52Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-fwfg-vprh-97ph"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28661?format=json","purl":"pkg:pypi/octoprint@1.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cub-qe27-8ydg"},{"vulnerability":"VCID-49na-ptq4-q7ba"},{"vulnerability":"VCID-cvmz-xqx7-t3df"},{"vulnerability":"VCID-g8tn-vs5n-47a7"},{"vulnerability":"VCID-r446-why1-fubb"},{"vulnerability":"VCID-tb48-kg2g-rkds"},{"vulnerability":"VCID-u3bq-5gbm-dyhz"},{"vulnerability":"VCID-ukky-hd4w-dffm"},{"vulnerability":"VCID-vpq4-7mh6-duhr"},{"vulnerability":"VCID-wkhk-mjja-fuhm"},{"vulnerability":"VCID-za3r-74rm-bkfe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.9.3"}],"aliases":["CVE-2023-41047","GHSA-fwfg-vprh-97ph","PYSEC-2023-195"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6r5c-xsnz-kkhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/174833?format=json","vulnerability_id":"VCID-99k3-bt7y-m7az","summary":"Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3068","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35293","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3068"},{"reference_url":"https://github.com/octoprint/octoprint","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-283.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-283.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3068","reference_id":"CVE-2022-3068","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3068"},{"reference_url":"https://github.com/octoprint/octoprint/commit/ef95ef1c101b79394f134e8fce000e6bae046571","reference_id":"ef95ef1c101b79394f134e8fce000e6bae046571","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:21:49Z/"}],"url":"https://github.com/octoprint/octoprint/commit/ef95ef1c101b79394f134e8fce000e6bae046571"},{"reference_url":"https://huntr.dev/bounties/f45c24cb-9104-4c6e-a9e1-5c7e75e83884","reference_id":"f45c24cb-9104-4c6e-a9e1-5c7e75e83884","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:21:49Z/"}],"url":"https://huntr.dev/bounties/f45c24cb-9104-4c6e-a9e1-5c7e75e83884"},{"reference_url":"https://github.com/advisories/GHSA-2p75-q37p-f852","reference_id":"GHSA-2p75-q37p-f852","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2p75-q37p-f852"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25835?format=json","purl":"pkg:pypi/octoprint@1.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cub-qe27-8ydg"},{"vulnerability":"VCID-49na-ptq4-q7ba"},{"vulnerability":"VCID-6r5c-xsnz-kkhb"},{"vulnerability":"VCID-cvmz-xqx7-t3df"},{"vulnerability":"VCID-g8tn-vs5n-47a7"},{"vulnerability":"VCID-r446-why1-fubb"},{"vulnerability":"VCID-tb48-kg2g-rkds"},{"vulnerability":"VCID-u3bq-5gbm-dyhz"},{"vulnerability":"VCID-ukky-hd4w-dffm"},{"vulnerability":"VCID-vpq4-7mh6-duhr"},{"vulnerability":"VCID-wkhk-mjja-fuhm"},{"vulnerability":"VCID-za3r-74rm-bkfe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3"}],"aliases":["CVE-2022-3068","GHSA-2p75-q37p-f852","PYSEC-2022-283"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-99k3-bt7y-m7az"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39721?format=json","vulnerability_id":"VCID-cvmz-xqx7-t3df","summary":"OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through the \"Test\" button included in the web interface will execute JavaScript code in the victims browser when attempting to render the snapshot image. An attacker who successfully talked a victim with admin rights into performing a snapshot test with such a crafted URL could use this to retrieve or modify sensitive configuration settings, interrupt prints or otherwise interact with the OctoPrint instance in a malicious way. The vulnerability is patched in version 1.10.0rc3. OctoPrint administrators are strongly advised to thoroughly vet who has admin access to their installation and what settings they modify based on instructions by strangers.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28237","reference_id":"","reference_type":"","scores":[{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65902","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28237"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-179.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-179.yaml"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/779894c1bc6478332d14bc9ed1006df1354eb517","reference_id":"779894c1bc6478332d14bc9ed1006df1354eb517","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-02T15:19:13Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/779894c1bc6478332d14bc9ed1006df1354eb517"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28237","reference_id":"CVE-2024-28237","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28237"},{"reference_url":"https://github.com/advisories/GHSA-x7mf-wrh9-r76c","reference_id":"GHSA-x7mf-wrh9-r76c","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x7mf-wrh9-r76c"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-x7mf-wrh9-r76c","reference_id":"GHSA-x7mf-wrh9-r76c","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-02T15:19:13Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-x7mf-wrh9-r76c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29885?format=json","purl":"pkg:pypi/octoprint@1.10.0rc3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cub-qe27-8ydg"},{"vulnerability":"VCID-49na-ptq4-q7ba"},{"vulnerability":"VCID-cvmz-xqx7-t3df"},{"vulnerability":"VCID-g8tn-vs5n-47a7"},{"vulnerability":"VCID-r446-why1-fubb"},{"vulnerability":"VCID-tb48-kg2g-rkds"},{"vulnerability":"VCID-u3bq-5gbm-dyhz"},{"vulnerability":"VCID-ukky-hd4w-dffm"},{"vulnerability":"VCID-vpq4-7mh6-duhr"},{"vulnerability":"VCID-za3r-74rm-bkfe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.0rc3"},{"url":"http://public2.vulnerablecode.io/api/packages/31060?format=json","purl":"pkg:pypi/octoprint@1.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cub-qe27-8ydg"},{"vulnerability":"VCID-49na-ptq4-q7ba"},{"vulnerability":"VCID-g8tn-vs5n-47a7"},{"vulnerability":"VCID-r446-why1-fubb"},{"vulnerability":"VCID-tb48-kg2g-rkds"},{"vulnerability":"VCID-u3bq-5gbm-dyhz"},{"vulnerability":"VCID-ukky-hd4w-dffm"},{"vulnerability":"VCID-vpq4-7mh6-duhr"},{"vulnerability":"VCID-za3r-74rm-bkfe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.0"}],"aliases":["CVE-2024-28237","GHSA-x7mf-wrh9-r76c","PYSEC-2024-179"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cvmz-xqx7-t3df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/174438?format=json","vulnerability_id":"VCID-eumt-k6wn-3kcq","summary":"Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2872","reference_id":"","reference_type":"","scores":[{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45029","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2872"},{"reference_url":"https://github.com/octoprint/octoprint","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-286.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-286.yaml"},{"reference_url":"https://github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0","reference_id":"3e3c11811e216fb371a33e28412df83f9701e5b0","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:26:52Z/"}],"url":"https://github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0"},{"reference_url":"https://huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56","reference_id":"b966c74d-6f3f-49fe-b40a-eaf25e362c56","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:26:52Z/"}],"url":"https://huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2872","reference_id":"CVE-2022-2872","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2872"},{"reference_url":"https://github.com/advisories/GHSA-49wm-4fp6-h59c","reference_id":"GHSA-49wm-4fp6-h59c","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-49wm-4fp6-h59c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25835?format=json","purl":"pkg:pypi/octoprint@1.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cub-qe27-8ydg"},{"vulnerability":"VCID-49na-ptq4-q7ba"},{"vulnerability":"VCID-6r5c-xsnz-kkhb"},{"vulnerability":"VCID-cvmz-xqx7-t3df"},{"vulnerability":"VCID-g8tn-vs5n-47a7"},{"vulnerability":"VCID-r446-why1-fubb"},{"vulnerability":"VCID-tb48-kg2g-rkds"},{"vulnerability":"VCID-u3bq-5gbm-dyhz"},{"vulnerability":"VCID-ukky-hd4w-dffm"},{"vulnerability":"VCID-vpq4-7mh6-duhr"},{"vulnerability":"VCID-wkhk-mjja-fuhm"},{"vulnerability":"VCID-za3r-74rm-bkfe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3"}],"aliases":["CVE-2022-2872","GHSA-49wm-4fp6-h59c","PYSEC-2022-286"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eumt-k6wn-3kcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211196?format=json","vulnerability_id":"VCID-fwx5-necc-t7ch","summary":"OctoPrint does not have rate limiting on the login page","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2822","reference_id":"","reference_type":"","scores":[{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51444","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2822"},{"reference_url":"https://github.com/octoprint/octoprint","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint"},{"reference_url":"https://github.com/octoprint/octoprint/commit/82c892ba40b3741d1b7711d949e56af64f5bc2de","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint/commit/82c892ba40b3741d1b7711d949e56af64f5bc2de"},{"reference_url":"https://huntr.dev/bounties/6369f355-e6ef-4469-af75-0f6ff00cde3d","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/6369f355-e6ef-4469-af75-0f6ff00cde3d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2822","reference_id":"CVE-2022-2822","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2822"},{"reference_url":"https://github.com/advisories/GHSA-5w5x-q9p5-9qg3","reference_id":"GHSA-5w5x-q9p5-9qg3","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5w5x-q9p5-9qg3"}],"fixed_packages":[],"aliases":["CVE-2022-2822","GHSA-5w5x-q9p5-9qg3"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fwx5-necc-t7ch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38394?format=json","vulnerability_id":"VCID-g8tn-vs5n-47a7","summary":"OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog.  An attacker who successfully talked a victim into clicking on a specially crafted login link, or a malicious app running on a victim's computer triggering the application key workflow with specially crafted parameters and then redirecting the victim to the related standalone confirmation dialog could use this to retrieve or modify sensitive configuration settings, interrupt prints or otherwise interact with the OctoPrint instance in a malicious way. The above mentioned specific vulnerabilities of the login dialog and the standalone application key confirmation dialog have been patched in the bugfix release 1.10.3 by individual escaping of the detected locations. A global change throughout all of OctoPrint's templating system with the upcoming 1.11.0 release will handle this further, switching to globally enforced automatic escaping and thus reducing the attack surface in general. The latter will also improve the security of third party plugins. During a transition period, third party plugins will be able to opt into the automatic escaping. With OctoPrint 1.13.0, automatic escaping will be switched over to be enforced even for third party plugins, unless they explicitly opt-out.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-49377","reference_id":"","reference_type":"","scores":[{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56752","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-49377"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/b8a6b0a75202edac3bb142a8e4f9041a0b6825bf","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint/commit/b8a6b0a75202edac3bb142a8e4f9041a0b6825bf"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-201.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-201.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49377","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49377"},{"reference_url":"https://github.com/advisories/GHSA-xvxq-g8hw-fx4g","reference_id":"GHSA-xvxq-g8hw-fx4g","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xvxq-g8hw-fx4g"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-xvxq-g8hw-fx4g","reference_id":"GHSA-xvxq-g8hw-fx4g","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-05T19:01:15Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-xvxq-g8hw-fx4g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86239?format=json","purl":"pkg:pypi/octoprint@1.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-49na-ptq4-q7ba"},{"vulnerability":"VCID-r446-why1-fubb"},{"vulnerability":"VCID-tb48-kg2g-rkds"},{"vulnerability":"VCID-u3bq-5gbm-dyhz"},{"vulnerability":"VCID-vpq4-7mh6-duhr"},{"vulnerability":"VCID-za3r-74rm-bkfe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.3"}],"aliases":["CVE-2024-49377","GHSA-xvxq-g8hw-fx4g","PYSEC-2024-201"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g8tn-vs5n-47a7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/174566?format=json","vulnerability_id":"VCID-m9k6-9ft6-9kdf","summary":"Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3607","reference_id":"","reference_type":"","scores":[{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44556","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3607"},{"reference_url":"https://github.com/octoprint/octoprint","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-42975.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-42975.yaml"},{"reference_url":"https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11","reference_id":"2d1db3c9-93e8-4902-a55b-5ea53c22aa11","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-09T14:47:28Z/"}],"url":"https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11"},{"reference_url":"https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e","reference_id":"3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-09T14:47:28Z/"}],"url":"https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3607","reference_id":"CVE-2022-3607","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3607"},{"reference_url":"https://github.com/advisories/GHSA-rj5f-vm79-5j84","reference_id":"GHSA-rj5f-vm79-5j84","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rj5f-vm79-5j84"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25835?format=json","purl":"pkg:pypi/octoprint@1.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cub-qe27-8ydg"},{"vulnerability":"VCID-49na-ptq4-q7ba"},{"vulnerability":"VCID-6r5c-xsnz-kkhb"},{"vulnerability":"VCID-cvmz-xqx7-t3df"},{"vulnerability":"VCID-g8tn-vs5n-47a7"},{"vulnerability":"VCID-r446-why1-fubb"},{"vulnerability":"VCID-tb48-kg2g-rkds"},{"vulnerability":"VCID-u3bq-5gbm-dyhz"},{"vulnerability":"VCID-ukky-hd4w-dffm"},{"vulnerability":"VCID-vpq4-7mh6-duhr"},{"vulnerability":"VCID-wkhk-mjja-fuhm"},{"vulnerability":"VCID-za3r-74rm-bkfe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3"}],"aliases":["CVE-2022-3607","GHSA-rj5f-vm79-5j84","PYSEC-2022-42975"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m9k6-9ft6-9kdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211223?format=json","vulnerability_id":"VCID-nsb4-79pr-67eu","summary":"Unverified Password Change in OctoPrint","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2930","reference_id":"","reference_type":"","scores":[{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30822","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2930"},{"reference_url":"https://github.com/octoprint/octoprint","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint"},{"reference_url":"https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-43142.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-43142.yaml"},{"reference_url":"https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2930","reference_id":"CVE-2022-2930","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2930"},{"reference_url":"https://github.com/advisories/GHSA-39gf-864w-pxw4","reference_id":"GHSA-39gf-864w-pxw4","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-39gf-864w-pxw4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25835?format=json","purl":"pkg:pypi/octoprint@1.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cub-qe27-8ydg"},{"vulnerability":"VCID-49na-ptq4-q7ba"},{"vulnerability":"VCID-6r5c-xsnz-kkhb"},{"vulnerability":"VCID-cvmz-xqx7-t3df"},{"vulnerability":"VCID-g8tn-vs5n-47a7"},{"vulnerability":"VCID-r446-why1-fubb"},{"vulnerability":"VCID-tb48-kg2g-rkds"},{"vulnerability":"VCID-u3bq-5gbm-dyhz"},{"vulnerability":"VCID-ukky-hd4w-dffm"},{"vulnerability":"VCID-vpq4-7mh6-duhr"},{"vulnerability":"VCID-wkhk-mjja-fuhm"},{"vulnerability":"VCID-za3r-74rm-bkfe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3"}],"aliases":["CVE-2022-2930","GHSA-39gf-864w-pxw4","PYSEC-2022-43142"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nsb4-79pr-67eu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218226?format=json","vulnerability_id":"VCID-pnme-vesu-8khw","summary":"Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1432","reference_id":"","reference_type":"","scores":[{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.6332","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1432"},{"reference_url":"https://github.com/advisories/GHSA-h8pc-j334-jjhm","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h8pc-j334-jjhm"},{"reference_url":"https://github.com/octoprint/octoprint","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint"},{"reference_url":"https://github.com/octoprint/octoprint/commit/6d259d7e6f5b0de9a1c762831537a386e53978d3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint/commit/6d259d7e6f5b0de9a1c762831537a386e53978d3"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-201.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-201.yaml"},{"reference_url":"https://huntr.dev/bounties/cb545c63-a3c1-4d57-8f06-e4593ab389bf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/cb545c63-a3c1-4d57-8f06-e4593ab389bf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1432","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1432"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70185?format=json","purl":"pkg:pypi/octoprint@1.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cub-qe27-8ydg"},{"vulnerability":"VCID-49na-ptq4-q7ba"},{"vulnerability":"VCID-6r5c-xsnz-kkhb"},{"vulnerability":"VCID-99k3-bt7y-m7az"},{"vulnerability":"VCID-cvmz-xqx7-t3df"},{"vulnerability":"VCID-eumt-k6wn-3kcq"},{"vulnerability":"VCID-fwx5-necc-t7ch"},{"vulnerability":"VCID-g8tn-vs5n-47a7"},{"vulnerability":"VCID-m9k6-9ft6-9kdf"},{"vulnerability":"VCID-nsb4-79pr-67eu"},{"vulnerability":"VCID-r446-why1-fubb"},{"vulnerability":"VCID-tb48-kg2g-rkds"},{"vulnerability":"VCID-u3bq-5gbm-dyhz"},{"vulnerability":"VCID-ukky-hd4w-dffm"},{"vulnerability":"VCID-vpq4-7mh6-duhr"},{"vulnerability":"VCID-wkhk-mjja-fuhm"},{"vulnerability":"VCID-xnex-jd9w-ruaz"},{"vulnerability":"VCID-za3r-74rm-bkfe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.0"}],"aliases":["CVE-2022-1432","GHSA-h8pc-j334-jjhm","PYSEC-2022-201"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pnme-vesu-8khw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/114174?format=json","vulnerability_id":"VCID-r446-why1-fubb","summary":"OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential future modifications to the codebase that might incorrectly rely on the vulnerable internal functions for authentication checks, leading to security vulnerabilities. This issue has been patched in version 1.11.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32788","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04853","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32788"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2025-56.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2025-56.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32788","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32788"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/41ff431014edfa18ca1a01897b10463934dc7fc2","reference_id":"41ff431014edfa18ca1a01897b10463934dc7fc2","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T19:56:38Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/41ff431014edfa18ca1a01897b10463934dc7fc2"},{"reference_url":"https://github.com/advisories/GHSA-qw93-h6pf-226x","reference_id":"GHSA-qw93-h6pf-226x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qw93-h6pf-226x"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-qw93-h6pf-226x","reference_id":"GHSA-qw93-h6pf-226x","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T19:56:38Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-qw93-h6pf-226x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87469?format=json","purl":"pkg:pypi/octoprint@1.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-49na-ptq4-q7ba"},{"vulnerability":"VCID-tb48-kg2g-rkds"},{"vulnerability":"VCID-u3bq-5gbm-dyhz"},{"vulnerability":"VCID-vpq4-7mh6-duhr"},{"vulnerability":"VCID-za3r-74rm-bkfe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.0"}],"aliases":["CVE-2025-32788","GHSA-qw93-h6pf-226x","PYSEC-2025-56"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r446-why1-fubb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90978?format=json","vulnerability_id":"VCID-tb48-kg2g-rkds","summary":"OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the printer. An attacker who successfully convinces a victim to print a specially crafted file could exploit this issue to disrupt ongoing prints, extract information (including sensitive configuration settings, if the targeted user has the necessary permissions for that), or perform other actions on behalf of the targeted user within the OctoPrint instance. This issue is fixed in version 1.11.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64187","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.05199","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64187"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/9112e07b1085f4c1ee9eefc67985809251057a44","reference_id":"9112e07b1085f4c1ee9eefc67985809251057a44","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-07T17:58:58Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/9112e07b1085f4c1ee9eefc67985809251057a44"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64187","reference_id":"CVE-2025-64187","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64187"},{"reference_url":"https://github.com/advisories/GHSA-crvm-xjhm-9h29","reference_id":"GHSA-crvm-xjhm-9h29","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-crvm-xjhm-9h29"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-crvm-xjhm-9h29","reference_id":"GHSA-crvm-xjhm-9h29","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-07T17:58:58Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-crvm-xjhm-9h29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34996?format=json","purl":"pkg:pypi/octoprint@1.11.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-49na-ptq4-q7ba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.4"}],"aliases":["CVE-2025-64187","GHSA-crvm-xjhm-9h29"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tb48-kg2g-rkds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93803?format=json","vulnerability_id":"VCID-u3bq-5gbm-dyhz","summary":"OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an authenticated attacker to upload a file under a specially crafted filename that will allow arbitrary command execution if said filename becomes included in a command defined in a system event handler and said event gets triggered. If no event handlers executing system commands with uploaded filenames as parameters have been configured, this vulnerability does not have an impact. The vulnerability is patched in version 1.11.3. As a workaround, OctoPrint administrators who have event handlers configured that include any kind of filename based placeholders should disable those by setting their `enabled` property to `False` or unchecking the \"Enabled\" checkbox in the GUI based Event Manager. Alternatively, OctoPrint administrators should set `feature.enforceReallyUniversalFilenames` to `true` in `config.yaml` and restart OctoPrint, then vet the existing uploads and make sure to delete any suspicious looking files. As always, OctoPrint administrators are advised to not expose OctoPrint on hostile networks like the public internet, and to vet who has access to their instance.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58180","reference_id":"","reference_type":"","scores":[{"value":"0.02219","scoring_system":"epss","scoring_elements":"0.84847","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58180"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-58180","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-58180"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.11.3","reference_id":"1.11.3","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-10T13:59:03Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.11.3"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/be4201ef58d9a7c03593252398c16eada90a258b","reference_id":"be4201ef58d9a7c03593252398c16eada90a258b","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-10T13:59:03Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/be4201ef58d9a7c03593252398c16eada90a258b"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/c3a940962f4658a8e035a00388781b1cbd768841","reference_id":"c3a940962f4658a8e035a00388781b1cbd768841","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-10T13:59:03Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/c3a940962f4658a8e035a00388781b1cbd768841"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52476.txt","reference_id":"CVE-2025-58180","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52476.txt"},{"reference_url":"https://github.com/advisories/GHSA-49mj-x8jp-qvfc","reference_id":"GHSA-49mj-x8jp-qvfc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-49mj-x8jp-qvfc"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-49mj-x8jp-qvfc","reference_id":"GHSA-49mj-x8jp-qvfc","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-10T13:59:03Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-49mj-x8jp-qvfc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34995?format=json","purl":"pkg:pypi/octoprint@1.11.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-49na-ptq4-q7ba"},{"vulnerability":"VCID-tb48-kg2g-rkds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.3"}],"aliases":["CVE-2025-58180","GHSA-49mj-x8jp-qvfc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u3bq-5gbm-dyhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35053?format=json","vulnerability_id":"VCID-ukky-hd4w-dffm","summary":"OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user's or - if the victim has admin permissions - the global API key without having to reauthenticate by re-entering the user account's password. An attacker could use a stolen API key to access OctoPrint through its API, or disrupt workflows depending on the API key they deleted. This vulnerability will be patched in version 1.10.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51493","reference_id":"","reference_type":"","scores":[{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27641","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51493"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/9bc80d782d72881b16e20873dcd0b8314324c70c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint/commit/9bc80d782d72881b16e20873dcd0b8314324c70c"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-202.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-202.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51493","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51493"},{"reference_url":"https://github.com/advisories/GHSA-cc6x-8cc7-9953","reference_id":"GHSA-cc6x-8cc7-9953","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cc6x-8cc7-9953"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-cc6x-8cc7-9953","reference_id":"GHSA-cc6x-8cc7-9953","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-05T19:01:40Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-cc6x-8cc7-9953"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86239?format=json","purl":"pkg:pypi/octoprint@1.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-49na-ptq4-q7ba"},{"vulnerability":"VCID-r446-why1-fubb"},{"vulnerability":"VCID-tb48-kg2g-rkds"},{"vulnerability":"VCID-u3bq-5gbm-dyhz"},{"vulnerability":"VCID-vpq4-7mh6-duhr"},{"vulnerability":"VCID-za3r-74rm-bkfe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.3"}],"aliases":["CVE-2024-51493","GHSA-cc6x-8cc7-9953","PYSEC-2024-202"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ukky-hd4w-dffm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210410?format=json","vulnerability_id":"VCID-urhm-b8fa-nqaj","summary":"OctoPrint Incorrect Access Control","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32560","reference_id":"","reference_type":"","scores":[{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57921","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32560"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2021-29.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2021-29.yaml"},{"reference_url":"https://octoprint.org/blog/2021/04/27/new-release-1.6.0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://octoprint.org/blog/2021/04/27/new-release-1.6.0"},{"reference_url":"https://octoprint.org/blog/2021/04/27/new-release-1.6.0/","reference_id":"","reference_type":"","scores":[],"url":"https://octoprint.org/blog/2021/04/27/new-release-1.6.0/"},{"reference_url":"https://www.brzozowski.io","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.brzozowski.io"},{"reference_url":"https://www.brzozowski.io/web-applications/2021/05/11/the-insecure-story-of-octoprint.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.brzozowski.io/web-applications/2021/05/11/the-insecure-story-of-octoprint.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32560","reference_id":"CVE-2021-32560","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32560"},{"reference_url":"https://github.com/advisories/GHSA-x9rq-fjp5-qgm9","reference_id":"GHSA-x9rq-fjp5-qgm9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x9rq-fjp5-qgm9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23346?format=json","purl":"pkg:pypi/octoprint@1.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cub-qe27-8ydg"},{"vulnerability":"VCID-49na-ptq4-q7ba"},{"vulnerability":"VCID-6r5c-xsnz-kkhb"},{"vulnerability":"VCID-99k3-bt7y-m7az"},{"vulnerability":"VCID-cvmz-xqx7-t3df"},{"vulnerability":"VCID-eumt-k6wn-3kcq"},{"vulnerability":"VCID-fwx5-necc-t7ch"},{"vulnerability":"VCID-g8tn-vs5n-47a7"},{"vulnerability":"VCID-m9k6-9ft6-9kdf"},{"vulnerability":"VCID-nsb4-79pr-67eu"},{"vulnerability":"VCID-pnme-vesu-8khw"},{"vulnerability":"VCID-r446-why1-fubb"},{"vulnerability":"VCID-tb48-kg2g-rkds"},{"vulnerability":"VCID-u3bq-5gbm-dyhz"},{"vulnerability":"VCID-ukky-hd4w-dffm"},{"vulnerability":"VCID-vpq4-7mh6-duhr"},{"vulnerability":"VCID-wkhk-mjja-fuhm"},{"vulnerability":"VCID-xnex-jd9w-ruaz"},{"vulnerability":"VCID-za3r-74rm-bkfe"},{"vulnerability":"VCID-ze38-9vap-5yc1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.6.0"}],"aliases":["CVE-2021-32560","GHSA-x9rq-fjp5-qgm9","PYSEC-2021-29"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-urhm-b8fa-nqaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/118303?format=json","vulnerability_id":"VCID-vpq4-7mh6-duhr","summary":"OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken multipart/form-data request lacking an end boundary to any of OctoPrint's endpoints implemented through the octoprint.server.util.tornado.UploadStorageFallbackHandler request handler. The request handler will get stuck in an endless busy loop, looking for a part of the request that will never come. As Tornado is single-threaded, that will effectively block the whole web server. The vulnerability has been patched in version 1.11.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48879","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14459","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48879"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48879","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48879"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/c9c35c17bd820f19c6b12e6c0359fc0cfdd0c1ec","reference_id":"c9c35c17bd820f19c6b12e6c0359fc0cfdd0c1ec","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:57:28Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/c9c35c17bd820f19c6b12e6c0359fc0cfdd0c1ec"},{"reference_url":"https://github.com/advisories/GHSA-9wj4-8h85-pgrw","reference_id":"GHSA-9wj4-8h85-pgrw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9wj4-8h85-pgrw"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-9wj4-8h85-pgrw","reference_id":"GHSA-9wj4-8h85-pgrw","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:57:28Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-9wj4-8h85-pgrw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378615?format=json","purl":"pkg:pypi/octoprint@1.11.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-49na-ptq4-q7ba"},{"vulnerability":"VCID-tb48-kg2g-rkds"},{"vulnerability":"VCID-u3bq-5gbm-dyhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.2"}],"aliases":["CVE-2025-48879","GHSA-9wj4-8h85-pgrw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vpq4-7mh6-duhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33724?format=json","vulnerability_id":"VCID-wkhk-mjja-fuhm","summary":"OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an admin account might use this to lock out actual admins from their OctoPrint instance. The vulnerability will be patched in version 1.10.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23637","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10032","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23637"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-29.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-29.yaml"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.10.0rc1","reference_id":"1.10.0rc1","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T20:27:59Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.10.0rc1"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/1729d167b4ae4a5835bbc7211b92c6828b1c4125","reference_id":"1729d167b4ae4a5835bbc7211b92c6828b1c4125","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T20:27:59Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/1729d167b4ae4a5835bbc7211b92c6828b1c4125"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23637","reference_id":"CVE-2024-23637","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23637"},{"reference_url":"https://github.com/advisories/GHSA-5626-pw9c-hmjr","reference_id":"GHSA-5626-pw9c-hmjr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5626-pw9c-hmjr"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-5626-pw9c-hmjr","reference_id":"GHSA-5626-pw9c-hmjr","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T20:27:59Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-5626-pw9c-hmjr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28662?format=json","purl":"pkg:pypi/octoprint@1.10.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cub-qe27-8ydg"},{"vulnerability":"VCID-49na-ptq4-q7ba"},{"vulnerability":"VCID-cvmz-xqx7-t3df"},{"vulnerability":"VCID-g8tn-vs5n-47a7"},{"vulnerability":"VCID-r446-why1-fubb"},{"vulnerability":"VCID-tb48-kg2g-rkds"},{"vulnerability":"VCID-u3bq-5gbm-dyhz"},{"vulnerability":"VCID-ukky-hd4w-dffm"},{"vulnerability":"VCID-vpq4-7mh6-duhr"},{"vulnerability":"VCID-za3r-74rm-bkfe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.0rc1"}],"aliases":["CVE-2024-23637","GHSA-5626-pw9c-hmjr","PYSEC-2024-29"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wkhk-mjja-fuhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/174457?format=json","vulnerability_id":"VCID-xnex-jd9w-ruaz","summary":"If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2888","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15021","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2888"},{"reference_url":"https://github.com/octoprint/octoprint","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-282.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-282.yaml"},{"reference_url":"https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4","reference_id":"40e6217ac1a85cc5ed592873ae49db01d3005da4","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:05Z/"}],"url":"https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2888","reference_id":"CVE-2022-2888","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2888"},{"reference_url":"https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629","reference_id":"d27d232b-2578-4b32-b3b4-74aabdadf629","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:05Z/"}],"url":"https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629"},{"reference_url":"https://github.com/advisories/GHSA-937f-qh3w-6g87","reference_id":"GHSA-937f-qh3w-6g87","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-937f-qh3w-6g87"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25835?format=json","purl":"pkg:pypi/octoprint@1.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cub-qe27-8ydg"},{"vulnerability":"VCID-49na-ptq4-q7ba"},{"vulnerability":"VCID-6r5c-xsnz-kkhb"},{"vulnerability":"VCID-cvmz-xqx7-t3df"},{"vulnerability":"VCID-g8tn-vs5n-47a7"},{"vulnerability":"VCID-r446-why1-fubb"},{"vulnerability":"VCID-tb48-kg2g-rkds"},{"vulnerability":"VCID-u3bq-5gbm-dyhz"},{"vulnerability":"VCID-ukky-hd4w-dffm"},{"vulnerability":"VCID-vpq4-7mh6-duhr"},{"vulnerability":"VCID-wkhk-mjja-fuhm"},{"vulnerability":"VCID-za3r-74rm-bkfe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3"}],"aliases":["CVE-2022-2888","GHSA-937f-qh3w-6g87","PYSEC-2022-282"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xnex-jd9w-ruaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/118321?format=json","vulnerability_id":"VCID-za3r-74rm-bkfe","summary":"OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be downloaded from. This vulnerability is fixed in 1.11.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48067","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27481","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48067"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48067","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48067"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/9984b20773f5895a432f965b759999b16c57f7d8","reference_id":"9984b20773f5895a432f965b759999b16c57f7d8","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:36:28Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/9984b20773f5895a432f965b759999b16c57f7d8"},{"reference_url":"https://github.com/advisories/GHSA-m9jh-jf9h-x3h2","reference_id":"GHSA-m9jh-jf9h-x3h2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m9jh-jf9h-x3h2"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-m9jh-jf9h-x3h2","reference_id":"GHSA-m9jh-jf9h-x3h2","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:36:28Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-m9jh-jf9h-x3h2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378615?format=json","purl":"pkg:pypi/octoprint@1.11.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-49na-ptq4-q7ba"},{"vulnerability":"VCID-tb48-kg2g-rkds"},{"vulnerability":"VCID-u3bq-5gbm-dyhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.2"}],"aliases":["CVE-2025-48067","GHSA-m9jh-jf9h-x3h2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-za3r-74rm-bkfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218227?format=json","vulnerability_id":"VCID-ze38-9vap-5yc1","summary":"Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1430","reference_id":"","reference_type":"","scores":[{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63784","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1430"},{"reference_url":"https://github.com/advisories/GHSA-x7r7-wmj8-vv5g","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x7r7-wmj8-vv5g"},{"reference_url":"https://github.com/octoprint/octoprint","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint"},{"reference_url":"https://github.com/octoprint/octoprint/commit/8087528e4a7ddd15c7d95ff662deb5ef7de90045","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint/commit/8087528e4a7ddd15c7d95ff662deb5ef7de90045"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-200.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-200.yaml"},{"reference_url":"https://huntr.dev/bounties/0cd30d71-1e32-4a0b-b4c3-faaa1907b541","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/0cd30d71-1e32-4a0b-b4c3-faaa1907b541"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1430","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1430"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70185?format=json","purl":"pkg:pypi/octoprint@1.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cub-qe27-8ydg"},{"vulnerability":"VCID-49na-ptq4-q7ba"},{"vulnerability":"VCID-6r5c-xsnz-kkhb"},{"vulnerability":"VCID-99k3-bt7y-m7az"},{"vulnerability":"VCID-cvmz-xqx7-t3df"},{"vulnerability":"VCID-eumt-k6wn-3kcq"},{"vulnerability":"VCID-fwx5-necc-t7ch"},{"vulnerability":"VCID-g8tn-vs5n-47a7"},{"vulnerability":"VCID-m9k6-9ft6-9kdf"},{"vulnerability":"VCID-nsb4-79pr-67eu"},{"vulnerability":"VCID-r446-why1-fubb"},{"vulnerability":"VCID-tb48-kg2g-rkds"},{"vulnerability":"VCID-u3bq-5gbm-dyhz"},{"vulnerability":"VCID-ukky-hd4w-dffm"},{"vulnerability":"VCID-vpq4-7mh6-duhr"},{"vulnerability":"VCID-wkhk-mjja-fuhm"},{"vulnerability":"VCID-xnex-jd9w-ruaz"},{"vulnerability":"VCID-za3r-74rm-bkfe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.0"}],"aliases":["CVE-2022-1430","GHSA-x7r7-wmj8-vv5g","PYSEC-2022-200"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ze38-9vap-5yc1"}],"fixing_vulnerabilities":[],"risk_score":"4.2","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.4.0rc4"}