{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35750?format=json","vulnerability_id":"VCID-cbvk-cm64-q3hv","summary":"Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pypi as \"tenable-jira-cloud\". In tenable-jira-cloud before version 1.1.21, it is possible to run arbitrary commands through the yaml.load() method. This could allow an attacker with local access to the host to run arbitrary code by running the application with a specially crafted YAML configuration file. This is fixed in version 1.1.21 by using yaml.safe_load() instead of yaml.load().","aliases":[{"alias":"CVE-2021-21371"},{"alias":"GHSA-8278-88vv-x98r"},{"alias":"PYSEC-2021-60"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20346?format=json","purl":"pkg:pypi/tenable-jira-cloud@1.1.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tenable-jira-cloud@1.1.22"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20324?format=json","purl":"pkg:pypi/tenable-jira-cloud@1.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cbvk-cm64-q3hv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tenable-jira-cloud@1.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/20325?format=json","purl":"pkg:pypi/tenable-jira-cloud@1.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cbvk-cm64-q3hv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tenable-jira-cloud@1.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/20326?format=json","purl":"pkg:pypi/tenable-jira-cloud@1.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cbvk-cm64-q3hv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tenable-jira-cloud@1.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/20327?format=json","purl":"pkg:pypi/tenable-jira-cloud@1.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cbvk-cm64-q3hv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tenable-jira-cloud@1.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/20328?format=json","purl":"pkg:pypi/tenable-jira-cloud@1.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cbvk-cm64-q3hv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tenable-jira-cloud@1.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/20329?format=json","purl":"pkg:pypi/tenable-jira-cloud@1.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cbvk-cm64-q3hv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tenable-jira-cloud@1.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/20330?format=json","purl":"pkg:pypi/tenable-jira-cloud@1.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cbvk-cm64-q3hv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tenable-jira-cloud@1.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/20331?format=json","purl":"pkg:pypi/tenable-jira-cloud@1.1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cbvk-cm64-q3hv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tenable-jira-cloud@1.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/20332?format=json","purl":"pkg:pypi/tenable-jira-cloud@1.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cbvk-cm64-q3hv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tenable-jira-cloud@1.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/20333?format=json","purl":"pkg:pypi/tenable-jira-cloud@1.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cbvk-cm64-q3hv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tenable-jira-cloud@1.1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/20334?format=json","purl":"pkg:pypi/tenable-jira-cloud@1.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cbvk-cm64-q3hv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tenable-jira-cloud@1.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/20335?format=json","purl":"pkg:pypi/tenable-jira-cloud@1.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cbvk-cm64-q3hv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tenable-jira-cloud@1.1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/20336?format=json","purl":"pkg:pypi/tenable-jira-cloud@1.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cbvk-cm64-q3hv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tenable-jira-cloud@1.1.11"},{"url":"http://public2.vulnerablecode.io/api/packages/20337?format=json","purl":"pkg:pypi/tenable-jira-cloud@1.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cbvk-cm64-q3hv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tenable-jira-cloud@1.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/20338?format=json","purl":"pkg:pypi/tenable-jira-cloud@1.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cbvk-cm64-q3hv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tenable-jira-cloud@1.1.13"},{"url":"http://public2.vulnerablecode.io/api/packages/20339?format=json","purl":"pkg:pypi/tenable-jira-cloud@1.1.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cbvk-cm64-q3hv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tenable-jira-cloud@1.1.14"},{"url":"http://public2.vulnerablecode.io/api/packages/20340?format=json","purl":"pkg:pypi/tenable-jira-cloud@1.1.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cbvk-cm64-q3hv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tenable-jira-cloud@1.1.15"},{"url":"http://public2.vulnerablecode.io/api/packages/20341?format=json","purl":"pkg:pypi/tenable-jira-cloud@1.1.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cbvk-cm64-q3hv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tenable-jira-cloud@1.1.16"},{"url":"http://public2.vulnerablecode.io/api/packages/20342?format=json","purl":"pkg:pypi/tenable-jira-cloud@1.1.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cbvk-cm64-q3hv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tenable-jira-cloud@1.1.17"},{"url":"http://public2.vulnerablecode.io/api/packages/20343?format=json","purl":"pkg:pypi/tenable-jira-cloud@1.1.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cbvk-cm64-q3hv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tenable-jira-cloud@1.1.18"},{"url":"http://public2.vulnerablecode.io/api/packages/20344?format=json","purl":"pkg:pypi/tenable-jira-cloud@1.1.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cbvk-cm64-q3hv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tenable-jira-cloud@1.1.19"},{"url":"http://public2.vulnerablecode.io/api/packages/20345?format=json","purl":"pkg:pypi/tenable-jira-cloud@1.1.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cbvk-cm64-q3hv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tenable-jira-cloud@1.1.20"}],"references":[{"reference_url":"https://github.com/tenable/integration-jira-cloud/commit/f8c2095fd529e664e7fa25403a0a4a85bb3907d0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/tenable/integration-jira-cloud/commit/f8c2095fd529e664e7fa25403a0a4a85bb3907d0"},{"reference_url":"https://github.com/tenable/integration-jira-cloud/security/advisories/GHSA-8278-88vv-x98r","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/tenable/integration-jira-cloud/security/advisories/GHSA-8278-88vv-x98r"},{"reference_url":"https://pypi.org/project/tenable-jira-cloud/","reference_id":"","reference_type":"","scores":[],"url":"https://pypi.org/project/tenable-jira-cloud/"},{"reference_url":"https://pyyaml.docsforge.com/master/documentation/#loading-yaml","reference_id":"","reference_type":"","scores":[],"url":"https://pyyaml.docsforge.com/master/documentation/#loading-yaml"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cbvk-cm64-q3hv"}