{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35871?format=json","vulnerability_id":"VCID-6g74-9aux-8ub1","summary":"Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin (which just comes out of the box) are subject to a denial of service attack on an inefficient regular expression. The vulnerable regular expression is [here](https://github.com/caronc/apprise/blob/0007eade20934ddef0aba38b8f1aad980cfff253/apprise/plugins/NotifyIFTTT.py#L356-L359). The problem has been patched in release version 0.9.5.1. Users who are unable to upgrade are advised to remove `apprise/plugins/NotifyIFTTT.py` to eliminate the service.","aliases":[{"alias":"CVE-2021-39229"},{"alias":"GHSA-qhmp-h54x-38qr"},{"alias":"PYSEC-2021-327"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23630?format=json","purl":"pkg:pypi/apprise@0.9.5.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.9.5.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23597?format=json","purl":"pkg:pypi/apprise@0.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23598?format=json","purl":"pkg:pypi/apprise@0.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/23599?format=json","purl":"pkg:pypi/apprise@0.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/23600?format=json","purl":"pkg:pypi/apprise@0.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/23601?format=json","purl":"pkg:pypi/apprise@0.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/23602?format=json","purl":"pkg:pypi/apprise@0.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/23603?format=json","purl":"pkg:pypi/apprise@0.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/23604?format=json","purl":"pkg:pypi/apprise@0.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/23605?format=json","purl":"pkg:pypi/apprise@0.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/23606?format=json","purl":"pkg:pypi/apprise@0.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/23607?format=json","purl":"pkg:pypi/apprise@0.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/23608?format=json","purl":"pkg:pypi/apprise@0.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.7.3"},{"url":"http://public2.vulnerablecode.io/api/packages/23609?format=json","purl":"pkg:pypi/apprise@0.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/23610?format=json","purl":"pkg:pypi/apprise@0.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.7.5"},{"url":"http://public2.vulnerablecode.io/api/packages/23611?format=json","purl":"pkg:pypi/apprise@0.7.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.7.6"},{"url":"http://public2.vulnerablecode.io/api/packages/23612?format=json","purl":"pkg:pypi/apprise@0.7.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.7.7"},{"url":"http://public2.vulnerablecode.io/api/packages/23613?format=json","purl":"pkg:pypi/apprise@0.7.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.7.8"},{"url":"http://public2.vulnerablecode.io/api/packages/23614?format=json","purl":"pkg:pypi/apprise@0.7.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.7.9"},{"url":"http://public2.vulnerablecode.io/api/packages/23615?format=json","purl":"pkg:pypi/apprise@0.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/23616?format=json","purl":"pkg:pypi/apprise@0.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23617?format=json","purl":"pkg:pypi/apprise@0.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/23618?format=json","purl":"pkg:pypi/apprise@0.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.8.3"},{"url":"http://public2.vulnerablecode.io/api/packages/23619?format=json","purl":"pkg:pypi/apprise@0.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/23620?format=json","purl":"pkg:pypi/apprise@0.8.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.8.5"},{"url":"http://public2.vulnerablecode.io/api/packages/23621?format=json","purl":"pkg:pypi/apprise@0.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/23622?format=json","purl":"pkg:pypi/apprise@0.8.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.8.7"},{"url":"http://public2.vulnerablecode.io/api/packages/23623?format=json","purl":"pkg:pypi/apprise@0.8.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.8.8"},{"url":"http://public2.vulnerablecode.io/api/packages/23624?format=json","purl":"pkg:pypi/apprise@0.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/23625?format=json","purl":"pkg:pypi/apprise@0.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/23626?format=json","purl":"pkg:pypi/apprise@0.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.9.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23627?format=json","purl":"pkg:pypi/apprise@0.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.9.2"},{"url":"http://public2.vulnerablecode.io/api/packages/23628?format=json","purl":"pkg:pypi/apprise@0.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/23629?format=json","purl":"pkg:pypi/apprise@0.9.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6g74-9aux-8ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apprise@0.9.4"}],"references":[{"reference_url":"https://github.com/caronc/apprise","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/caronc/apprise"},{"reference_url":"https://github.com/caronc/apprise/blob/0007eade20934ddef0aba38b8f1aad980cfff253/apprise/plugins/NotifyIFTTT.py#L356-L359","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/caronc/apprise/blob/0007eade20934ddef0aba38b8f1aad980cfff253/apprise/plugins/NotifyIFTTT.py#L356-L359"},{"reference_url":"https://github.com/caronc/apprise/commit/e20fce630d55e4ca9b0a1e325a5fea6997489831","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/caronc/apprise/commit/e20fce630d55e4ca9b0a1e325a5fea6997489831"},{"reference_url":"https://github.com/caronc/apprise/pull/436","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/caronc/apprise/pull/436"},{"reference_url":"https://github.com/caronc/apprise/releases/tag/v0.9.5.1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/caronc/apprise/releases/tag/v0.9.5.1"},{"reference_url":"https://github.com/caronc/apprise/security/advisories/GHSA-qhmp-h54x-38qr","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/caronc/apprise/security/advisories/GHSA-qhmp-h54x-38qr"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apprise/PYSEC-2021-327.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apprise/PYSEC-2021-327.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39229","reference_id":"CVE-2021-39229","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39229"},{"reference_url":"https://github.com/advisories/GHSA-qhmp-h54x-38qr","reference_id":"GHSA-qhmp-h54x-38qr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qhmp-h54x-38qr"}],"weaknesses":[{"cwe_id":400,"name":"Uncontrolled Resource Consumption","description":"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6g74-9aux-8ub1"}