{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35379?format=json","vulnerability_id":"VCID-5yz3-8ygc-eydj","summary":"Ladon since 0.6.1 (since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059) is affected by: XML External Entity (XXE). The impact is: Information Disclosure, reading files and reaching internal network endpoints. The component is: SOAP request handlers. For instance: https://bitbucket.org/jakobsg/ladon/src/42944fc012a3a48214791c120ee5619434505067/src/ladon/interfaces/soap.py#lines-688. The attack vector is: Send a specially crafted SOAP call.","aliases":[{"alias":"CVE-2019-1010268"},{"alias":"GHSA-vg35-vc9f-q7x2"},{"alias":"PYSEC-2019-184"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13771?format=json","purl":"pkg:pypi/ladon@1.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@1.0.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13729?format=json","purl":"pkg:pypi/ladon@0.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/13730?format=json","purl":"pkg:pypi/ladon@0.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.8.3"},{"url":"http://public2.vulnerablecode.io/api/packages/13731?format=json","purl":"pkg:pypi/ladon@0.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/13732?format=json","purl":"pkg:pypi/ladon@0.8.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.8.5"},{"url":"http://public2.vulnerablecode.io/api/packages/13733?format=json","purl":"pkg:pypi/ladon@0.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/13734?format=json","purl":"pkg:pypi/ladon@0.8.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.8.7"},{"url":"http://public2.vulnerablecode.io/api/packages/13735?format=json","purl":"pkg:pypi/ladon@0.8.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.8.8"},{"url":"http://public2.vulnerablecode.io/api/packages/13736?format=json","purl":"pkg:pypi/ladon@0.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/13737?format=json","purl":"pkg:pypi/ladon@0.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/13738?format=json","purl":"pkg:pypi/ladon@0.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.1"},{"url":"http://public2.vulnerablecode.io/api/packages/13739?format=json","purl":"pkg:pypi/ladon@0.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/13740?format=json","purl":"pkg:pypi/ladon@0.9.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.8"},{"url":"http://public2.vulnerablecode.io/api/packages/13741?format=json","purl":"pkg:pypi/ladon@0.9.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.9"},{"url":"http://public2.vulnerablecode.io/api/packages/13742?format=json","purl":"pkg:pypi/ladon@0.9.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.10"},{"url":"http://public2.vulnerablecode.io/api/packages/13743?format=json","purl":"pkg:pypi/ladon@0.9.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.11"},{"url":"http://public2.vulnerablecode.io/api/packages/13744?format=json","purl":"pkg:pypi/ladon@0.9.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.12"},{"url":"http://public2.vulnerablecode.io/api/packages/13745?format=json","purl":"pkg:pypi/ladon@0.9.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.13"},{"url":"http://public2.vulnerablecode.io/api/packages/13746?format=json","purl":"pkg:pypi/ladon@0.9.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.15"},{"url":"http://public2.vulnerablecode.io/api/packages/13747?format=json","purl":"pkg:pypi/ladon@0.9.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.16"},{"url":"http://public2.vulnerablecode.io/api/packages/13748?format=json","purl":"pkg:pypi/ladon@0.9.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.17"},{"url":"http://public2.vulnerablecode.io/api/packages/13749?format=json","purl":"pkg:pypi/ladon@0.9.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.18"},{"url":"http://public2.vulnerablecode.io/api/packages/13750?format=json","purl":"pkg:pypi/ladon@0.9.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.19"},{"url":"http://public2.vulnerablecode.io/api/packages/13751?format=json","purl":"pkg:pypi/ladon@0.9.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.20"},{"url":"http://public2.vulnerablecode.io/api/packages/13752?format=json","purl":"pkg:pypi/ladon@0.9.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.21"},{"url":"http://public2.vulnerablecode.io/api/packages/13753?format=json","purl":"pkg:pypi/ladon@0.9.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.22"},{"url":"http://public2.vulnerablecode.io/api/packages/13754?format=json","purl":"pkg:pypi/ladon@0.9.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.23"},{"url":"http://public2.vulnerablecode.io/api/packages/13755?format=json","purl":"pkg:pypi/ladon@0.9.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.24"},{"url":"http://public2.vulnerablecode.io/api/packages/13756?format=json","purl":"pkg:pypi/ladon@0.9.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.26"},{"url":"http://public2.vulnerablecode.io/api/packages/13757?format=json","purl":"pkg:pypi/ladon@0.9.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.27"},{"url":"http://public2.vulnerablecode.io/api/packages/13758?format=json","purl":"pkg:pypi/ladon@0.9.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.28"},{"url":"http://public2.vulnerablecode.io/api/packages/13759?format=json","purl":"pkg:pypi/ladon@0.9.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.29"},{"url":"http://public2.vulnerablecode.io/api/packages/13760?format=json","purl":"pkg:pypi/ladon@0.9.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.30"},{"url":"http://public2.vulnerablecode.io/api/packages/13761?format=json","purl":"pkg:pypi/ladon@0.9.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.31"},{"url":"http://public2.vulnerablecode.io/api/packages/13762?format=json","purl":"pkg:pypi/ladon@0.9.32","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.32"},{"url":"http://public2.vulnerablecode.io/api/packages/13763?format=json","purl":"pkg:pypi/ladon@0.9.33","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.33"},{"url":"http://public2.vulnerablecode.io/api/packages/13764?format=json","purl":"pkg:pypi/ladon@0.9.34","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.34"},{"url":"http://public2.vulnerablecode.io/api/packages/13765?format=json","purl":"pkg:pypi/ladon@0.9.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.35"},{"url":"http://public2.vulnerablecode.io/api/packages/13766?format=json","purl":"pkg:pypi/ladon@0.9.36","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.36"},{"url":"http://public2.vulnerablecode.io/api/packages/13767?format=json","purl":"pkg:pypi/ladon@0.9.37","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.37"},{"url":"http://public2.vulnerablecode.io/api/packages/13768?format=json","purl":"pkg:pypi/ladon@0.9.38","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.38"},{"url":"http://public2.vulnerablecode.io/api/packages/13769?format=json","purl":"pkg:pypi/ladon@0.9.39","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.39"},{"url":"http://public2.vulnerablecode.io/api/packages/13770?format=json","purl":"pkg:pypi/ladon@0.9.40","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5yz3-8ygc-eydj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ladon@0.9.40"}],"references":[{"reference_url":"https://bitbucket.org/jakobsg/ladon/src/42944fc012a3a48214791c120ee5619434505067/src/ladon/interfaces/soap.py#lines-688","reference_id":"","reference_type":"","scores":[],"url":"https://bitbucket.org/jakobsg/ladon/src/42944fc012a3a48214791c120ee5619434505067/src/ladon/interfaces/soap.py#lines-688"},{"reference_url":"https://github.com/advisories/GHSA-vg35-vc9f-q7x2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vg35-vc9f-q7x2"},{"reference_url":"https://www.exploit-db.com/exploits/43113","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/43113"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5yz3-8ygc-eydj"}