{"url":"http://public2.vulnerablecode.io/api/packages/7617?format=json","purl":"pkg:pypi/pymongo@2.2.1","type":"pypi","namespace":"","name":"pymongo","version":"2.2.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.5.2","latest_non_vulnerable_version":"4.6.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34805?format=json","vulnerability_id":"VCID-bstf-w638-8uex","summary":"bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an \"invalid DBRef.\"","references":[{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597","reference_id":"","reference_type":"","scores":[],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597"},{"reference_url":"http://seclists.org/oss-sec/2013/q2/447","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q2/447"},{"reference_url":"https://github.com/advisories/GHSA-x33v-f3gp-gw2c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x33v-f3gp-gw2c"},{"reference_url":"https://github.com/mongodb/mongo-python-driver","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mongodb/mongo-python-driver"},{"reference_url":"https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/pymongo/PYSEC-2013-30.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/pymongo/PYSEC-2013-30.yaml"},{"reference_url":"https://jira.mongodb.org/browse/PYTHON-532","reference_id":"","reference_type":"","scores":[],"url":"https://jira.mongodb.org/browse/PYTHON-532"},{"reference_url":"https://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html"},{"reference_url":"https://seclists.org/oss-sec/2013/q2/447","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/oss-sec/2013/q2/447"},{"reference_url":"https://ubuntu.com/usn/usn-1897-1","reference_id":"","reference_type":"","scores":[],"url":"https://ubuntu.com/usn/usn-1897-1"},{"reference_url":"https://www.debian.org/security/2013/dsa-2705","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2013/dsa-2705"},{"reference_url":"http://ubuntu.com/usn/usn-1897-1","reference_id":"","reference_type":"","scores":[],"url":"http://ubuntu.com/usn/usn-1897-1"},{"reference_url":"http://www.debian.org/security/2013/dsa-2705","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2013/dsa-2705"},{"reference_url":"http://www.osvdb.org/93804","reference_id":"","reference_type":"","scores":[],"url":"http://www.osvdb.org/93804"},{"reference_url":"http://www.securityfocus.com/bid/60252","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/60252"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2132","reference_id":"CVE-2013-2132","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2132"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7624?format=json","purl":"pkg:pypi/pymongo@2.5.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pymongo@2.5.2"}],"aliases":["CVE-2013-2132","GHSA-x33v-f3gp-gw2c","PYSEC-2013-30"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bstf-w638-8uex"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pymongo@2.2.1"}