Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/transifex-client@0.8

Type pypi

Namespace

Name transifex-client

Version 0.8

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 0.11.0

Latest_non_vulnerable_version 0.11.0

Affected_by_vulnerabilities

url VCID-qdzd-s8a4-3fgm

vulnerability_id VCID-qdzd-s8a4-3fgm

summary Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073.

references

reference_url	https://github.com/transifex/transifex-client/issues/42
reference_id
reference_type
scores
url	https://github.com/transifex/transifex-client/issues/42

reference_url	http://www.openwall.com/lists/oss-security/2013/12/13/5
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2013/12/13/5

reference_url	http://www.openwall.com/lists/oss-security/2013/12/15/3
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2013/12/15/3

fixed_packages

url	pkg:pypi/transifex-client@0.11.0
purl	pkg:pypi/transifex-client@0.11.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/transifex-client@0.11.0

aliases CVE-2013-7110, PYSEC-2014-72

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdzd-s8a4-3fgm

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/transifex-client@0.8

Package Instance