Vulnerability Instance

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35883?format=api",
    "vulnerability_id": "VCID-ye8k-3kjh-h3bh",
    "summary": "SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173",
    "aliases": [
        {
            "alias": "CVE-2021-22557"
        },
        {
            "alias": "GHSA-j28r-j54m-gpc4"
        },
        {
            "alias": "PYSEC-2021-429"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23905?format=api",
            "purl": "pkg:pypi/slo-generator@2.0.1",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@2.0.1"
        }
    ],
    "affected_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23877?format=api",
            "purl": "pkg:pypi/slo-generator@0.1.0",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@0.1.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23878?format=api",
            "purl": "pkg:pypi/slo-generator@0.1.1",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@0.1.1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23879?format=api",
            "purl": "pkg:pypi/slo-generator@0.1.2",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@0.1.2"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23880?format=api",
            "purl": "pkg:pypi/slo-generator@0.1.3",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@0.1.3"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23881?format=api",
            "purl": "pkg:pypi/slo-generator@0.1.4",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@0.1.4"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23882?format=api",
            "purl": "pkg:pypi/slo-generator@0.1.5",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@0.1.5"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23883?format=api",
            "purl": "pkg:pypi/slo-generator@0.1.6",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@0.1.6"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23884?format=api",
            "purl": "pkg:pypi/slo-generator@0.1.7",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@0.1.7"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23885?format=api",
            "purl": "pkg:pypi/slo-generator@0.2.0",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@0.2.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23886?format=api",
            "purl": "pkg:pypi/slo-generator@0.2.1",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@0.2.1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23887?format=api",
            "purl": "pkg:pypi/slo-generator@1.0.0",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@1.0.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23888?format=api",
            "purl": "pkg:pypi/slo-generator@1.0.1",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@1.0.1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23889?format=api",
            "purl": "pkg:pypi/slo-generator@1.1.0",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@1.1.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23890?format=api",
            "purl": "pkg:pypi/slo-generator@1.1.1",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@1.1.1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23891?format=api",
            "purl": "pkg:pypi/slo-generator@1.1.2",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@1.1.2"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23892?format=api",
            "purl": "pkg:pypi/slo-generator@1.2.0",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@1.2.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23893?format=api",
            "purl": "pkg:pypi/slo-generator@1.3.0",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@1.3.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23894?format=api",
            "purl": "pkg:pypi/slo-generator@1.3.1",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@1.3.1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23895?format=api",
            "purl": "pkg:pypi/slo-generator@1.3.2",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@1.3.2"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23896?format=api",
            "purl": "pkg:pypi/slo-generator@1.4.0",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@1.4.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23897?format=api",
            "purl": "pkg:pypi/slo-generator@1.4.1",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@1.4.1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23898?format=api",
            "purl": "pkg:pypi/slo-generator@1.5.0",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@1.5.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23899?format=api",
            "purl": "pkg:pypi/slo-generator@1.5.1",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@1.5.1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23900?format=api",
            "purl": "pkg:pypi/slo-generator@2.0.0rc0",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@2.0.0rc0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23901?format=api",
            "purl": "pkg:pypi/slo-generator@2.0.0rc2",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@2.0.0rc2"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23902?format=api",
            "purl": "pkg:pypi/slo-generator@2.0.0rc3",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@2.0.0rc3"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23903?format=api",
            "purl": "pkg:pypi/slo-generator@2.0.0rc4",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@2.0.0rc4"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/23904?format=api",
            "purl": "pkg:pypi/slo-generator@2.0.0",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-ye8k-3kjh-h3bh"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/slo-generator@2.0.0"
        }
    ],
    "references": [
        {
            "reference_url": "http://packetstormsecurity.com/files/164426/Google-SLO-Generator-2.0.0-Code-Execution.html",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "http://packetstormsecurity.com/files/164426/Google-SLO-Generator-2.0.0-Code-Execution.html"
        },
        {
            "reference_url": "https://github.com/advisories/GHSA-j28r-j54m-gpc4",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "https://github.com/advisories/GHSA-j28r-j54m-gpc4"
        },
        {
            "reference_url": "https://github.com/google/slo-generator/commit/36318beab1b85d14bb860e45bea186b184690d5d",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "https://github.com/google/slo-generator/commit/36318beab1b85d14bb860e45bea186b184690d5d"
        },
        {
            "reference_url": "https://github.com/google/slo-generator/pull/173",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "https://github.com/google/slo-generator/pull/173"
        },
        {
            "reference_url": "https://github.com/google/slo-generator/releases/tag/v2.0.1",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "https://github.com/google/slo-generator/releases/tag/v2.0.1"
        },
        {
            "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/slo-generator/PYSEC-2021-429.yaml",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "https://github.com/pypa/advisory-database/tree/main/vulns/slo-generator/PYSEC-2021-429.yaml"
        },
        {
            "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22557",
            "reference_id": "CVE-2021-22557",
            "reference_type": "",
            "scores": [],
            "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22557"
        }
    ],
    "weaknesses": [
        {
            "cwe_id": 78,
            "name": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
            "description": "The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component."
        },
        {
            "cwe_id": 94,
            "name": "Improper Control of Generation of Code ('Code Injection')",
            "description": "The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment."
        },
        {
            "cwe_id": 937,
            "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities",
            "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."
        },
        {
            "cwe_id": 1035,
            "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities",
            "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."
        }
    ],
    "exploits": [],
    "severity_range_score": null,
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ye8k-3kjh-h3bh"
}