Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/35871?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35871?format=api", "vulnerability_id": "VCID-6g74-9aux-8ub1", "summary": "Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin (which just comes out of the box) are subject to a denial of service attack on an inefficient regular expression. The vulnerable regular expression is [here](https://github.com/caronc/apprise/blob/0007eade20934ddef0aba38b8f1aad980cfff253/apprise/plugins/NotifyIFTTT.py#L356-L359). The problem has been patched in release version 0.9.5.1. Users who are unable to upgrade are advised to remove `apprise/plugins/NotifyIFTTT.py` to eliminate the service.", "aliases": [ { "alias": "CVE-2021-39229" }, { "alias": "GHSA-qhmp-h54x-38qr" }, { "alias": "PYSEC-2021-327" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23630?format=api", "purl": "pkg:pypi/apprise@0.9.5.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.9.5.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23597?format=api", "purl": "pkg:pypi/apprise@0.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/23598?format=api", "purl": "pkg:pypi/apprise@0.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23599?format=api", "purl": "pkg:pypi/apprise@0.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/23600?format=api", "purl": "pkg:pypi/apprise@0.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23601?format=api", "purl": "pkg:pypi/apprise@0.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/23602?format=api", "purl": "pkg:pypi/apprise@0.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/23603?format=api", "purl": "pkg:pypi/apprise@0.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/23604?format=api", "purl": "pkg:pypi/apprise@0.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/23605?format=api", "purl": "pkg:pypi/apprise@0.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/23606?format=api", "purl": "pkg:pypi/apprise@0.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/23607?format=api", "purl": "pkg:pypi/apprise@0.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.5.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23608?format=api", "purl": "pkg:pypi/apprise@0.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.7.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/23609?format=api", "purl": "pkg:pypi/apprise@0.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23610?format=api", "purl": "pkg:pypi/apprise@0.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/23611?format=api", "purl": "pkg:pypi/apprise@0.7.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.7.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/23612?format=api", "purl": "pkg:pypi/apprise@0.7.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.7.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/23613?format=api", "purl": "pkg:pypi/apprise@0.7.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.7.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/23614?format=api", "purl": "pkg:pypi/apprise@0.7.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.7.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/23615?format=api", "purl": "pkg:pypi/apprise@0.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/23616?format=api", "purl": "pkg:pypi/apprise@0.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/23617?format=api", "purl": "pkg:pypi/apprise@0.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.8.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23618?format=api", "purl": "pkg:pypi/apprise@0.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/23619?format=api", "purl": "pkg:pypi/apprise@0.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23620?format=api", "purl": "pkg:pypi/apprise@0.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/23621?format=api", "purl": "pkg:pypi/apprise@0.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/23622?format=api", "purl": "pkg:pypi/apprise@0.8.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.8.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/23623?format=api", "purl": "pkg:pypi/apprise@0.8.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/23624?format=api", "purl": "pkg:pypi/apprise@0.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/23625?format=api", "purl": "pkg:pypi/apprise@0.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/23626?format=api", "purl": "pkg:pypi/apprise@0.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/23627?format=api", "purl": "pkg:pypi/apprise@0.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/23628?format=api", "purl": "pkg:pypi/apprise@0.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/23629?format=api", "purl": "pkg:pypi/apprise@0.9.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6g74-9aux-8ub1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.9.4" } ], "references": [ { "reference_url": "https://github.com/caronc/apprise", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/caronc/apprise" }, { "reference_url": "https://github.com/caronc/apprise/blob/0007eade20934ddef0aba38b8f1aad980cfff253/apprise/plugins/NotifyIFTTT.py#L356-L359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/caronc/apprise/blob/0007eade20934ddef0aba38b8f1aad980cfff253/apprise/plugins/NotifyIFTTT.py#L356-L359" }, { "reference_url": "https://github.com/caronc/apprise/commit/e20fce630d55e4ca9b0a1e325a5fea6997489831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/caronc/apprise/commit/e20fce630d55e4ca9b0a1e325a5fea6997489831" }, { "reference_url": "https://github.com/caronc/apprise/pull/436", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/caronc/apprise/pull/436" }, { "reference_url": "https://github.com/caronc/apprise/releases/tag/v0.9.5.1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/caronc/apprise/releases/tag/v0.9.5.1" }, { "reference_url": "https://github.com/caronc/apprise/security/advisories/GHSA-qhmp-h54x-38qr", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/caronc/apprise/security/advisories/GHSA-qhmp-h54x-38qr" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apprise/PYSEC-2021-327.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apprise/PYSEC-2021-327.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39229", "reference_id": "CVE-2021-39229", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39229" }, { "reference_url": "https://github.com/advisories/GHSA-qhmp-h54x-38qr", "reference_id": "GHSA-qhmp-h54x-38qr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qhmp-h54x-38qr" } ], "weaknesses": [ { "cwe_id": 400, "name": "Uncontrolled Resource Consumption", "description": "The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6g74-9aux-8ub1" }