{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35670?format=json","vulnerability_id":"VCID-kjqq-u9hy-5yda","summary":"The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.","aliases":[{"alias":"CVE-2020-25074"},{"alias":"GHSA-52q8-877j-gghq"},{"alias":"PYSEC-2020-67"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18962?format=json","purl":"pkg:pypi/moin@1.9.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.11"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6975?format=json","purl":"pkg:pypi/moin@1.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fak-dar5-tuet"},{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-3fgh-8nmt-2fgp"},{"vulnerability":"VCID-3z75-azrr-2qac"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-4q2t-yhg6-k3dg"},{"vulnerability":"VCID-551s-jjxy-qfer"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-8xsp-chsd-cfhp"},{"vulnerability":"VCID-9ck2-p7hx-4qex"},{"vulnerability":"VCID-aduk-vjjh-c3gc"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-qcmp-zvgm-8bcm"},{"vulnerability":"VCID-tkp3-e758-suhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/6976?format=json","purl":"pkg:pypi/moin@1.8.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fak-dar5-tuet"},{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-3fgh-8nmt-2fgp"},{"vulnerability":"VCID-3z75-azrr-2qac"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-4q2t-yhg6-k3dg"},{"vulnerability":"VCID-551s-jjxy-qfer"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-8xsp-chsd-cfhp"},{"vulnerability":"VCID-9ck2-p7hx-4qex"},{"vulnerability":"VCID-aduk-vjjh-c3gc"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-qcmp-zvgm-8bcm"},{"vulnerability":"VCID-tkp3-e758-suhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.8.5"},{"url":"http://public2.vulnerablecode.io/api/packages/6977?format=json","purl":"pkg:pypi/moin@1.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fak-dar5-tuet"},{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-3fgh-8nmt-2fgp"},{"vulnerability":"VCID-3z75-azrr-2qac"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-4q2t-yhg6-k3dg"},{"vulnerability":"VCID-551s-jjxy-qfer"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-8xsp-chsd-cfhp"},{"vulnerability":"VCID-9ck2-p7hx-4qex"},{"vulnerability":"VCID-aduk-vjjh-c3gc"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-qcmp-zvgm-8bcm"},{"vulnerability":"VCID-tkp3-e758-suhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/6978?format=json","purl":"pkg:pypi/moin@1.8.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fak-dar5-tuet"},{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-3z75-azrr-2qac"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-4q2t-yhg6-k3dg"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-8xsp-chsd-cfhp"},{"vulnerability":"VCID-9ck2-p7hx-4qex"},{"vulnerability":"VCID-aduk-vjjh-c3gc"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-tkp3-e758-suhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.8.7"},{"url":"http://public2.vulnerablecode.io/api/packages/6973?format=json","purl":"pkg:pypi/moin@1.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fak-dar5-tuet"},{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-3fgh-8nmt-2fgp"},{"vulnerability":"VCID-3z75-azrr-2qac"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-4q2t-yhg6-k3dg"},{"vulnerability":"VCID-551s-jjxy-qfer"},{"vulnerability":"VCID-5dkr-jfqu-4kfq"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-8xsp-chsd-cfhp"},{"vulnerability":"VCID-9ck2-p7hx-4qex"},{"vulnerability":"VCID-aduk-vjjh-c3gc"},{"vulnerability":"VCID-faws-7xxv-eudq"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-qgm9-pnrw-p3ak"},{"vulnerability":"VCID-tkp3-e758-suhx"},{"vulnerability":"VCID-xz41-zzdr-6ycb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/6974?format=json","purl":"pkg:pypi/moin@1.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fak-dar5-tuet"},{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-3fgh-8nmt-2fgp"},{"vulnerability":"VCID-3z75-azrr-2qac"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-4q2t-yhg6-k3dg"},{"vulnerability":"VCID-551s-jjxy-qfer"},{"vulnerability":"VCID-5dkr-jfqu-4kfq"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-8xsp-chsd-cfhp"},{"vulnerability":"VCID-9ck2-p7hx-4qex"},{"vulnerability":"VCID-aduk-vjjh-c3gc"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-qgm9-pnrw-p3ak"},{"vulnerability":"VCID-tkp3-e758-suhx"},{"vulnerability":"VCID-xz41-zzdr-6ycb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.1"},{"url":"http://public2.vulnerablecode.io/api/packages/6979?format=json","purl":"pkg:pypi/moin@1.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fak-dar5-tuet"},{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-3z75-azrr-2qac"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-4q2t-yhg6-k3dg"},{"vulnerability":"VCID-5dkr-jfqu-4kfq"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-8xsp-chsd-cfhp"},{"vulnerability":"VCID-9ck2-p7hx-4qex"},{"vulnerability":"VCID-aduk-vjjh-c3gc"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-qgm9-pnrw-p3ak"},{"vulnerability":"VCID-tkp3-e758-suhx"},{"vulnerability":"VCID-xz41-zzdr-6ycb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.2"},{"url":"http://public2.vulnerablecode.io/api/packages/6981?format=json","purl":"pkg:pypi/moin@1.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fak-dar5-tuet"},{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-3z75-azrr-2qac"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-4q2t-yhg6-k3dg"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-h1wf-35g5-5ucz"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-qgm9-pnrw-p3ak"},{"vulnerability":"VCID-tkp3-e758-suhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/7396?format=json","purl":"pkg:pypi/moin@1.9.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fak-dar5-tuet"},{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-3z75-azrr-2qac"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-4q2t-yhg6-k3dg"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-h1wf-35g5-5ucz"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-qgm9-pnrw-p3ak"},{"vulnerability":"VCID-tkp3-e758-suhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.4"},{"url":"http://public2.vulnerablecode.io/api/packages/7397?format=json","purl":"pkg:pypi/moin@1.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fak-dar5-tuet"},{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-3z75-azrr-2qac"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-4q2t-yhg6-k3dg"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-h1wf-35g5-5ucz"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-tkp3-e758-suhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/7494?format=json","purl":"pkg:pypi/moin@1.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-tkp3-e758-suhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/9451?format=json","purl":"pkg:pypi/moin@1.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-tkp3-e758-suhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.7"},{"url":"http://public2.vulnerablecode.io/api/packages/9452?format=json","purl":"pkg:pypi/moin@1.9.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-kjqq-u9hy-5yda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.8"},{"url":"http://public2.vulnerablecode.io/api/packages/9453?format=json","purl":"pkg:pypi/moin@1.9.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-kjqq-u9hy-5yda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.9"},{"url":"http://public2.vulnerablecode.io/api/packages/12310?format=json","purl":"pkg:pypi/moin@1.9.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-kjqq-u9hy-5yda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.10"}],"references":[{"reference_url":"http://moinmo.in/SecurityFixes","reference_id":"","reference_type":"","scores":[],"url":"http://moinmo.in/SecurityFixes"},{"reference_url":"https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html"},{"reference_url":"https://www.debian.org/security/2020/dsa-4787","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4787"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kjqq-u9hy-5yda"}