{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35044?format=json","vulnerability_id":"VCID-sd9a-r7c8-w3gd","summary":"Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the \"value\" parameter to \"download.\"","aliases":[{"alias":"CVE-2015-8309"},{"alias":"PYSEC-2017-99"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9791?format=json","purl":"pkg:pypi/cherrymusic@0.36.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/cherrymusic@0.36.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9781?format=json","purl":"pkg:pypi/cherrymusic@0.30.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sd9a-r7c8-w3gd"},{"vulnerability":"VCID-vrzn-4xhq-xkh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/cherrymusic@0.30.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9782?format=json","purl":"pkg:pypi/cherrymusic@0.31.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sd9a-r7c8-w3gd"},{"vulnerability":"VCID-vrzn-4xhq-xkh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/cherrymusic@0.31.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9783?format=json","purl":"pkg:pypi/cherrymusic@0.31.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sd9a-r7c8-w3gd"},{"vulnerability":"VCID-vrzn-4xhq-xkh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/cherrymusic@0.31.1"},{"url":"http://public2.vulnerablecode.io/api/packages/9784?format=json","purl":"pkg:pypi/cherrymusic@0.31.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sd9a-r7c8-w3gd"},{"vulnerability":"VCID-vrzn-4xhq-xkh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/cherrymusic@0.31.2"},{"url":"http://public2.vulnerablecode.io/api/packages/9785?format=json","purl":"pkg:pypi/cherrymusic@0.32.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sd9a-r7c8-w3gd"},{"vulnerability":"VCID-vrzn-4xhq-xkh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/cherrymusic@0.32.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9786?format=json","purl":"pkg:pypi/cherrymusic@0.33.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sd9a-r7c8-w3gd"},{"vulnerability":"VCID-vrzn-4xhq-xkh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/cherrymusic@0.33.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9787?format=json","purl":"pkg:pypi/cherrymusic@0.34.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sd9a-r7c8-w3gd"},{"vulnerability":"VCID-vrzn-4xhq-xkh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/cherrymusic@0.34.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9788?format=json","purl":"pkg:pypi/cherrymusic@0.34.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sd9a-r7c8-w3gd"},{"vulnerability":"VCID-vrzn-4xhq-xkh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/cherrymusic@0.34.1"},{"url":"http://public2.vulnerablecode.io/api/packages/9789?format=json","purl":"pkg:pypi/cherrymusic@0.35.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sd9a-r7c8-w3gd"},{"vulnerability":"VCID-vrzn-4xhq-xkh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/cherrymusic@0.35.1"},{"url":"http://public2.vulnerablecode.io/api/packages/9790?format=json","purl":"pkg:pypi/cherrymusic@0.35.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sd9a-r7c8-w3gd"},{"vulnerability":"VCID-vrzn-4xhq-xkh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/cherrymusic@0.35.2"}],"references":[{"reference_url":"https://github.com/devsnd/cherrymusic/commit/62dec34a1ea0741400dd6b6c660d303dcd651e86","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/devsnd/cherrymusic/commit/62dec34a1ea0741400dd6b6c660d303dcd651e86"},{"reference_url":"https://github.com/devsnd/cherrymusic/issues/598","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/devsnd/cherrymusic/issues/598"},{"reference_url":"https://www.exploit-db.com/exploits/40361/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/40361/"},{"reference_url":"http://www.fomori.org/cherrymusic/Changes.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.fomori.org/cherrymusic/Changes.html"},{"reference_url":"http://www.securityfocus.com/bid/97149","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97149"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sd9a-r7c8-w3gd"}