Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/slixmpp@1.2.2
Typepypi
Namespace
Nameslixmpp
Version1.2.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.8.3
Latest_non_vulnerable_version1.8.3
Affected_by_vulnerabilities
0
url VCID-4gvs-chkc-juef
vulnerability_id VCID-4gvs-chkc-juef
summary An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and Slixmpp all versions up to 1.2.3, as bundled in poezio (0.8 - 0.10) and other products.
references
0
reference_url http://openwall.com/lists/oss-security/2017/02/09/29
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2017/02/09/29
1
reference_url https://github.com/fritzy/SleekXMPP/commit/285495d5ee2427d93d961ceedcd1829383e5196d
reference_id
reference_type
scores
url https://github.com/fritzy/SleekXMPP/commit/285495d5ee2427d93d961ceedcd1829383e5196d
2
reference_url https://github.com/fritzy/SleekXMPP/issues/442
reference_id
reference_type
scores
url https://github.com/fritzy/SleekXMPP/issues/442
3
reference_url https://github.com/poezio/slixmpp
reference_id
reference_type
scores
url https://github.com/poezio/slixmpp
4
reference_url https://github.com/poezio/slixmpp/commit/22664ee7b86c8e010f312b66d12590fb47160ad8
reference_id
reference_type
scores
url https://github.com/poezio/slixmpp/commit/22664ee7b86c8e010f312b66d12590fb47160ad8
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/sleekxmpp/PYSEC-2017-103.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/sleekxmpp/PYSEC-2017-103.yaml
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/slixmpp/PYSEC-2017-104.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/slixmpp/PYSEC-2017-104.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-5591
reference_id
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-5591
8
reference_url https://pypi.org/project/sleekxmpp
reference_id
reference_type
scores
url https://pypi.org/project/sleekxmpp
9
reference_url https://pypi.org/project/slixmpp
reference_id
reference_type
scores
url https://pypi.org/project/slixmpp
10
reference_url https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/
reference_id
reference_type
scores
url https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/
11
reference_url https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf
reference_id
reference_type
scores
url https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf
12
reference_url https://web.archive.org/web/20200227192025/http://www.securityfocus.com/bid/96166
reference_id
reference_type
scores
url https://web.archive.org/web/20200227192025/http://www.securityfocus.com/bid/96166
13
reference_url http://www.securityfocus.com/bid/96166
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/96166
14
reference_url https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons
reference_id CVE-2017-5589_XMPP_CARBONS
reference_type
scores
url https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons
15
reference_url https://github.com/advisories/GHSA-c35g-jr5f-h83p
reference_id GHSA-c35g-jr5f-h83p
reference_type
scores
url https://github.com/advisories/GHSA-c35g-jr5f-h83p
fixed_packages
0
url pkg:pypi/slixmpp@1.2.4
purl pkg:pypi/slixmpp@1.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-61dw-bszt-7be4
1
vulnerability VCID-get1-2fht-u7bu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/slixmpp@1.2.4
aliases CVE-2017-5591, GHSA-c35g-jr5f-h83p, PYSEC-2017-103, PYSEC-2017-104
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4gvs-chkc-juef
1
url VCID-61dw-bszt-7be4
vulnerability_id VCID-61dw-bszt-7be4
summary slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of default access model that can result in all of the contacts of the victim can see private data having been published to a PEP node. This attack appears to be exploitable if the user of this library publishes any private data on PEP, the node isn't configured to be private. This vulnerability appears to have been fixed in commit 7cd73b594e8122dddf847953fcfc85ab4d316416 which is included in slixmpp 1.4.2.
references
0
reference_url https://github.com/poezio/slixmpp
reference_id
reference_type
scores
url https://github.com/poezio/slixmpp
1
reference_url https://github.com/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416
reference_id
reference_type
scores
url https://github.com/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/slixmpp/PYSEC-2019-121.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/slixmpp/PYSEC-2019-121.yaml
3
reference_url https://lab.louiz.org/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416
reference_id
reference_type
scores
url https://lab.louiz.org/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GKBXN7EAAR7ENEZUBKV6C6MP6QBXYTWT
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GKBXN7EAAR7ENEZUBKV6C6MP6QBXYTWT
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GKBXN7EAAR7ENEZUBKV6C6MP6QBXYTWT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GKBXN7EAAR7ENEZUBKV6C6MP6QBXYTWT/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIBP4LD2V4TBJSLZXDUAGQMD6CUI2TZR
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIBP4LD2V4TBJSLZXDUAGQMD6CUI2TZR
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIBP4LD2V4TBJSLZXDUAGQMD6CUI2TZR/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIBP4LD2V4TBJSLZXDUAGQMD6CUI2TZR/
8
reference_url https://xmpp.org/extensions/xep-0223.html#howitworks
reference_id
reference_type
scores
url https://xmpp.org/extensions/xep-0223.html#howitworks
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1000021
reference_id CVE-2019-1000021
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-1000021
10
reference_url https://github.com/advisories/GHSA-4g62-mfwx-4q48
reference_id GHSA-4g62-mfwx-4q48
reference_type
scores
url https://github.com/advisories/GHSA-4g62-mfwx-4q48
fixed_packages
0
url pkg:pypi/slixmpp@1.4.2
purl pkg:pypi/slixmpp@1.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-get1-2fht-u7bu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/slixmpp@1.4.2
aliases CVE-2019-1000021, GHSA-4g62-mfwx-4q48, PYSEC-2019-121
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-61dw-bszt-7be4
2
url VCID-get1-2fht-u7bu
vulnerability_id VCID-get1-2fht-u7bu
summary Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.
references
0
reference_url https://github.com/poezio/slixmpp/commits/master/slixmpp/xmlstream/xmlstream.py
reference_id
reference_type
scores
url https://github.com/poezio/slixmpp/commits/master/slixmpp/xmlstream/xmlstream.py
1
reference_url https://github.com/poezio/slixmpp/tags
reference_id
reference_type
scores
url https://github.com/poezio/slixmpp/tags
2
reference_url https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801f0aa7fa
reference_id
reference_type
scores
url https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801f0aa7fa
3
reference_url https://lab.louiz.org/poezio/slixmpp/-/commits/master
reference_id
reference_type
scores
url https://lab.louiz.org/poezio/slixmpp/-/commits/master
fixed_packages
0
url pkg:pypi/slixmpp@1.8.3
purl pkg:pypi/slixmpp@1.8.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/slixmpp@1.8.3
aliases CVE-2022-45197, PYSEC-2022-43013
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-get1-2fht-u7bu
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/slixmpp@1.2.2