{"url":"http://public2.vulnerablecode.io/api/packages/9791?format=json","purl":"pkg:pypi/cherrymusic@0.36.0","type":"pypi","namespace":"","name":"cherrymusic","version":"0.36.0","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35044?format=json","vulnerability_id":"VCID-sd9a-r7c8-w3gd","summary":"Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the \"value\" parameter to \"download.\"","references":[{"reference_url":"https://github.com/devsnd/cherrymusic/commit/62dec34a1ea0741400dd6b6c660d303dcd651e86","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/devsnd/cherrymusic/commit/62dec34a1ea0741400dd6b6c660d303dcd651e86"},{"reference_url":"https://github.com/devsnd/cherrymusic/issues/598","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/devsnd/cherrymusic/issues/598"},{"reference_url":"https://www.exploit-db.com/exploits/40361/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/40361/"},{"reference_url":"http://www.fomori.org/cherrymusic/Changes.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.fomori.org/cherrymusic/Changes.html"},{"reference_url":"http://www.securityfocus.com/bid/97149","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97149"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9791?format=json","purl":"pkg:pypi/cherrymusic@0.36.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/cherrymusic@0.36.0"}],"aliases":["CVE-2015-8309","PYSEC-2017-99"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sd9a-r7c8-w3gd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35045?format=json","vulnerability_id":"VCID-vrzn-4xhq-xkh9","summary":"Cross-site scripting (XSS) vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist.","references":[{"reference_url":"https://github.com/devsnd/cherrymusic/commit/62dec34a1ea0741400dd6b6c660d303dcd651e86","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/devsnd/cherrymusic/commit/62dec34a1ea0741400dd6b6c660d303dcd651e86"},{"reference_url":"https://github.com/devsnd/cherrymusic/issues/598","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/devsnd/cherrymusic/issues/598"},{"reference_url":"http://www.fomori.org/cherrymusic/Changes.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.fomori.org/cherrymusic/Changes.html"},{"reference_url":"http://www.securityfocus.com/bid/97148","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97148"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9791?format=json","purl":"pkg:pypi/cherrymusic@0.36.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/cherrymusic@0.36.0"}],"aliases":["CVE-2015-8310","PYSEC-2017-100"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vrzn-4xhq-xkh9"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/cherrymusic@0.36.0"}