{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36536?format=json","vulnerability_id":"VCID-mjxu-t247-c7ey","summary":"borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. A flaw in the cryptographic authentication scheme in borgbackup allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires an attacker to be able to: 1. insert files (with no additional headers) into backups and 2. gain write access to the repository. This vulnerability does not disclose plaintext to the attacker, nor does it affect the authenticity of existing archives. Creating plausible fake archives may be feasible for empty or small archives, but is unlikely for large archives. The issue has been fixed in borgbackup 1.2.5. Users are advised to upgrade. Additionally to installing the fixed code, users must follow the upgrade procedure as documented in the change log. Data loss after being attacked can be avoided by reviewing the archives (timestamp and contents valid and as expected) after any \"borg check --repair\" and before \"borg prune\". There are no known workarounds for this vulnerability.","aliases":[{"alias":"CVE-2023-36811"},{"alias":"GHSA-8fjr-hghr-4m99"},{"alias":"PYSEC-2023-164"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89372?format=json","purl":"pkg:deb/debian/borgbackup@1.2.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/borgbackup@1.2.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89370?format=json","purl":"pkg:deb/debian/borgbackup@1.4.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/borgbackup@1.4.0-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89369?format=json","purl":"pkg:deb/debian/borgbackup@1.4.4-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/borgbackup@1.4.4-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35509?format=json","purl":"pkg:pypi/borgbackup@1.2.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.5"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89368?format=json","purl":"pkg:deb/debian/borgbackup@1.1.16-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/borgbackup@1.1.16-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89366?format=json","purl":"pkg:deb/debian/borgbackup@1.2.4-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/borgbackup@1.2.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35441?format=json","purl":"pkg:pypi/borgbackup@0.23.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@0.23.0"},{"url":"http://public2.vulnerablecode.io/api/packages/35442?format=json","purl":"pkg:pypi/borgbackup@0.24.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@0.24.0"},{"url":"http://public2.vulnerablecode.io/api/packages/35443?format=json","purl":"pkg:pypi/borgbackup@0.25.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@0.25.0"},{"url":"http://public2.vulnerablecode.io/api/packages/35444?format=json","purl":"pkg:pypi/borgbackup@0.26.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@0.26.0"},{"url":"http://public2.vulnerablecode.io/api/packages/35445?format=json","purl":"pkg:pypi/borgbackup@0.26.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@0.26.1"},{"url":"http://public2.vulnerablecode.io/api/packages/35446?format=json","purl":"pkg:pypi/borgbackup@0.27.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@0.27.0"},{"url":"http://public2.vulnerablecode.io/api/packages/35447?format=json","purl":"pkg:pypi/borgbackup@0.28.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@0.28.0"},{"url":"http://public2.vulnerablecode.io/api/packages/35448?format=json","purl":"pkg:pypi/borgbackup@0.28.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@0.28.1"},{"url":"http://public2.vulnerablecode.io/api/packages/35449?format=json","purl":"pkg:pypi/borgbackup@0.28.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@0.28.2"},{"url":"http://public2.vulnerablecode.io/api/packages/35450?format=json","purl":"pkg:pypi/borgbackup@0.29.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@0.29.0"},{"url":"http://public2.vulnerablecode.io/api/packages/35451?format=json","purl":"pkg:pypi/borgbackup@0.30.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@0.30.0"},{"url":"http://public2.vulnerablecode.io/api/packages/35452?format=json","purl":"pkg:pypi/borgbackup@0.30.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@0.30.1"},{"url":"http://public2.vulnerablecode.io/api/packages/35453?format=json","purl":"pkg:pypi/borgbackup@1.0.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.0rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/35454?format=json","purl":"pkg:pypi/borgbackup@1.0.0rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.0rc2"},{"url":"http://public2.vulnerablecode.io/api/packages/35455?format=json","purl":"pkg:pypi/borgbackup@1.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/35456?format=json","purl":"pkg:pypi/borgbackup@1.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/35457?format=json","purl":"pkg:pypi/borgbackup@1.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/35458?format=json","purl":"pkg:pypi/borgbackup@1.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/35459?format=json","purl":"pkg:pypi/borgbackup@1.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/35460?format=json","purl":"pkg:pypi/borgbackup@1.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/35461?format=json","purl":"pkg:pypi/borgbackup@1.0.6rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.6rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/35462?format=json","purl":"pkg:pypi/borgbackup@1.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/35463?format=json","purl":"pkg:pypi/borgbackup@1.0.7rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.7rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/35464?format=json","purl":"pkg:pypi/borgbackup@1.0.7rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.7rc2"},{"url":"http://public2.vulnerablecode.io/api/packages/35465?format=json","purl":"pkg:pypi/borgbackup@1.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/35466?format=json","purl":"pkg:pypi/borgbackup@1.0.8rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.8rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/35467?format=json","purl":"pkg:pypi/borgbackup@1.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/35468?format=json","purl":"pkg:pypi/borgbackup@1.0.9rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.9rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/35469?format=json","purl":"pkg:pypi/borgbackup@1.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/35470?format=json","purl":"pkg:pypi/borgbackup@1.0.10rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.10rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/35471?format=json","purl":"pkg:pypi/borgbackup@1.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/35472?format=json","purl":"pkg:pypi/borgbackup@1.0.11rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.11rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/35473?format=json","purl":"pkg:pypi/borgbackup@1.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/35474?format=json","purl":"pkg:pypi/borgbackup@1.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/35475?format=json","purl":"pkg:pypi/borgbackup@1.0.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/10654?format=json","purl":"pkg:pypi/borgbackup@1.1.0b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"},{"vulnerability":"VCID-qdvb-wvcj-6uem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.0b1"},{"url":"http://public2.vulnerablecode.io/api/packages/10655?format=json","purl":"pkg:pypi/borgbackup@1.1.0b2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"},{"vulnerability":"VCID-qdvb-wvcj-6uem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.0b2"},{"url":"http://public2.vulnerablecode.io/api/packages/10656?format=json","purl":"pkg:pypi/borgbackup@1.1.0b3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"},{"vulnerability":"VCID-qdvb-wvcj-6uem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.0b3"},{"url":"http://public2.vulnerablecode.io/api/packages/10657?format=json","purl":"pkg:pypi/borgbackup@1.1.0b4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"},{"vulnerability":"VCID-qdvb-wvcj-6uem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.0b4"},{"url":"http://public2.vulnerablecode.io/api/packages/10658?format=json","purl":"pkg:pypi/borgbackup@1.1.0b5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"},{"vulnerability":"VCID-qdvb-wvcj-6uem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.0b5"},{"url":"http://public2.vulnerablecode.io/api/packages/10659?format=json","purl":"pkg:pypi/borgbackup@1.1.0b6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"},{"vulnerability":"VCID-qdvb-wvcj-6uem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.0b6"},{"url":"http://public2.vulnerablecode.io/api/packages/10660?format=json","purl":"pkg:pypi/borgbackup@1.1.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"},{"vulnerability":"VCID-qdvb-wvcj-6uem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.0rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/10661?format=json","purl":"pkg:pypi/borgbackup@1.1.0rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"},{"vulnerability":"VCID-qdvb-wvcj-6uem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.0rc2"},{"url":"http://public2.vulnerablecode.io/api/packages/10662?format=json","purl":"pkg:pypi/borgbackup@1.1.0rc3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"},{"vulnerability":"VCID-qdvb-wvcj-6uem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.0rc3"},{"url":"http://public2.vulnerablecode.io/api/packages/10663?format=json","purl":"pkg:pypi/borgbackup@1.1.0rc4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"},{"vulnerability":"VCID-qdvb-wvcj-6uem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.0rc4"},{"url":"http://public2.vulnerablecode.io/api/packages/10664?format=json","purl":"pkg:pypi/borgbackup@1.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"},{"vulnerability":"VCID-qdvb-wvcj-6uem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/10665?format=json","purl":"pkg:pypi/borgbackup@1.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"},{"vulnerability":"VCID-qdvb-wvcj-6uem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/10666?format=json","purl":"pkg:pypi/borgbackup@1.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"},{"vulnerability":"VCID-qdvb-wvcj-6uem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/10667?format=json","purl":"pkg:pypi/borgbackup@1.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/35476?format=json","purl":"pkg:pypi/borgbackup@1.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/35477?format=json","purl":"pkg:pypi/borgbackup@1.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/35478?format=json","purl":"pkg:pypi/borgbackup@1.1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/35479?format=json","purl":"pkg:pypi/borgbackup@1.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/35480?format=json","purl":"pkg:pypi/borgbackup@1.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/35481?format=json","purl":"pkg:pypi/borgbackup@1.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/35482?format=json","purl":"pkg:pypi/borgbackup@1.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/35483?format=json","purl":"pkg:pypi/borgbackup@1.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.11"},{"url":"http://public2.vulnerablecode.io/api/packages/35484?format=json","purl":"pkg:pypi/borgbackup@1.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/35485?format=json","purl":"pkg:pypi/borgbackup@1.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.13"},{"url":"http://public2.vulnerablecode.io/api/packages/35486?format=json","purl":"pkg:pypi/borgbackup@1.1.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.14"},{"url":"http://public2.vulnerablecode.io/api/packages/35487?format=json","purl":"pkg:pypi/borgbackup@1.1.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.15"},{"url":"http://public2.vulnerablecode.io/api/packages/35488?format=json","purl":"pkg:pypi/borgbackup@1.1.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.16"},{"url":"http://public2.vulnerablecode.io/api/packages/35489?format=json","purl":"pkg:pypi/borgbackup@1.1.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.17"},{"url":"http://public2.vulnerablecode.io/api/packages/35490?format=json","purl":"pkg:pypi/borgbackup@1.1.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.1.18"},{"url":"http://public2.vulnerablecode.io/api/packages/35491?format=json","purl":"pkg:pypi/borgbackup@1.2.0a2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0a2"},{"url":"http://public2.vulnerablecode.io/api/packages/35492?format=json","purl":"pkg:pypi/borgbackup@1.2.0a3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0a3"},{"url":"http://public2.vulnerablecode.io/api/packages/35493?format=json","purl":"pkg:pypi/borgbackup@1.2.0a4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0a4"},{"url":"http://public2.vulnerablecode.io/api/packages/35494?format=json","purl":"pkg:pypi/borgbackup@1.2.0a5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0a5"},{"url":"http://public2.vulnerablecode.io/api/packages/35495?format=json","purl":"pkg:pypi/borgbackup@1.2.0a6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0a6"},{"url":"http://public2.vulnerablecode.io/api/packages/35496?format=json","purl":"pkg:pypi/borgbackup@1.2.0a7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0a7"},{"url":"http://public2.vulnerablecode.io/api/packages/35497?format=json","purl":"pkg:pypi/borgbackup@1.2.0a8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0a8"},{"url":"http://public2.vulnerablecode.io/api/packages/35498?format=json","purl":"pkg:pypi/borgbackup@1.2.0a9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0a9"},{"url":"http://public2.vulnerablecode.io/api/packages/35499?format=json","purl":"pkg:pypi/borgbackup@1.2.0b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0b1"},{"url":"http://public2.vulnerablecode.io/api/packages/35500?format=json","purl":"pkg:pypi/borgbackup@1.2.0b2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0b2"},{"url":"http://public2.vulnerablecode.io/api/packages/35501?format=json","purl":"pkg:pypi/borgbackup@1.2.0b3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0b3"},{"url":"http://public2.vulnerablecode.io/api/packages/35502?format=json","purl":"pkg:pypi/borgbackup@1.2.0b4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0b4"},{"url":"http://public2.vulnerablecode.io/api/packages/35503?format=json","purl":"pkg:pypi/borgbackup@1.2.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/35504?format=json","purl":"pkg:pypi/borgbackup@1.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/35505?format=json","purl":"pkg:pypi/borgbackup@1.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/35506?format=json","purl":"pkg:pypi/borgbackup@1.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/35507?format=json","purl":"pkg:pypi/borgbackup@1.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/35508?format=json","purl":"pkg:pypi/borgbackup@1.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mjxu-t247-c7ey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/borgbackup@1.2.4"}],"references":[{"reference_url":"https://github.com/borgbackup/borg","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/borgbackup/borg"},{"reference_url":"https://github.com/borgbackup/borg/blob/1.2.5-cvedocs/docs/changes.rst#pre-125-archives-spoofing-vulnerability-cve-2023-36811","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/borgbackup/borg/blob/1.2.5-cvedocs/docs/changes.rst#pre-125-archives-spoofing-vulnerability-cve-2023-36811"},{"reference_url":"https://github.com/borgbackup/borg/blob/1.2.6/docs/changes.rst#pre-125-archives-spoofing-vulnerability-cve-2023-36811","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/borgbackup/borg/blob/1.2.6/docs/changes.rst#pre-125-archives-spoofing-vulnerability-cve-2023-36811"},{"reference_url":"https://github.com/borgbackup/borg/commit/3eb070191da10c2d3f7bc6484cf3d51c3045f884","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/borgbackup/borg/commit/3eb070191da10c2d3f7bc6484cf3d51c3045f884"},{"reference_url":"https://github.com/borgbackup/borg/security/advisories/GHSA-8fjr-hghr-4m99","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/borgbackup/borg/security/advisories/GHSA-8fjr-hghr-4m99"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/borgbackup/PYSEC-2023-164.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/borgbackup/PYSEC-2023-164.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5Q3OHXERTU547SEQ3YREZXHOCYNLVD63","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5Q3OHXERTU547SEQ3YREZXHOCYNLVD63"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOZDFIYEBIOKSIEAXUJJJFUJTAJ7TF3C","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOZDFIYEBIOKSIEAXUJJJFUJTAJ7TF3C"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUCQSMAWOJBCRGF6XPKEZ2TPGAPNKIWV","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUCQSMAWOJBCRGF6XPKEZ2TPGAPNKIWV"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36811","reference_id":"CVE-2023-36811","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36811"},{"reference_url":"https://github.com/advisories/GHSA-8fjr-hghr-4m99","reference_id":"GHSA-8fjr-hghr-4m99","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8fjr-hghr-4m99"}],"weaknesses":[{"cwe_id":347,"name":"Improper Verification of Cryptographic Signature","description":"The product does not verify, or incorrectly verifies, the cryptographic signature for data."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"4.0 - 6.9","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mjxu-t247-c7ey"}