{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36883?format=json","vulnerability_id":"VCID-s699-9pwv-k3ek","summary":"OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's open_local_file method allows an authenticated user with adequate permissions to download any .txt via the ScreensController#show on the web server COSMOS is running on (depending on the file permissions). This vulnerability is fixed in 5.19.0.","aliases":[{"alias":"CVE-2024-46977"},{"alias":"GHSA-8jxr-mccc-mwg8"},{"alias":"PYSEC-2024-101"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43559?format=json","purl":"pkg:pypi/openc3@5.19.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.19.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43537?format=json","purl":"pkg:pypi/openc3@0.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@0.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/43538?format=json","purl":"pkg:pypi/openc3@5.9.2b0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.9.2b0"},{"url":"http://public2.vulnerablecode.io/api/packages/43539?format=json","purl":"pkg:pypi/openc3@5.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.10.0"},{"url":"http://public2.vulnerablecode.io/api/packages/43540?format=json","purl":"pkg:pypi/openc3@5.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.10.1"},{"url":"http://public2.vulnerablecode.io/api/packages/43541?format=json","purl":"pkg:pypi/openc3@5.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.11.0"},{"url":"http://public2.vulnerablecode.io/api/packages/43542?format=json","purl":"pkg:pypi/openc3@5.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/43543?format=json","purl":"pkg:pypi/openc3@5.11.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.11.2"},{"url":"http://public2.vulnerablecode.io/api/packages/43544?format=json","purl":"pkg:pypi/openc3@5.11.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.11.3"},{"url":"http://public2.vulnerablecode.io/api/packages/43545?format=json","purl":"pkg:pypi/openc3@5.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.12.0"},{"url":"http://public2.vulnerablecode.io/api/packages/43546?format=json","purl":"pkg:pypi/openc3@5.13.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.13.0"},{"url":"http://public2.vulnerablecode.io/api/packages/43547?format=json","purl":"pkg:pypi/openc3@5.14.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.14.0"},{"url":"http://public2.vulnerablecode.io/api/packages/43548?format=json","purl":"pkg:pypi/openc3@5.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.14.1"},{"url":"http://public2.vulnerablecode.io/api/packages/43549?format=json","purl":"pkg:pypi/openc3@5.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.14.2"},{"url":"http://public2.vulnerablecode.io/api/packages/43550?format=json","purl":"pkg:pypi/openc3@5.15.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.15.0"},{"url":"http://public2.vulnerablecode.io/api/packages/43551?format=json","purl":"pkg:pypi/openc3@5.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.15.1"},{"url":"http://public2.vulnerablecode.io/api/packages/43552?format=json","purl":"pkg:pypi/openc3@5.15.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.15.2"},{"url":"http://public2.vulnerablecode.io/api/packages/43553?format=json","purl":"pkg:pypi/openc3@5.16.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.16.0"},{"url":"http://public2.vulnerablecode.io/api/packages/43554?format=json","purl":"pkg:pypi/openc3@5.16.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.16.1"},{"url":"http://public2.vulnerablecode.io/api/packages/43555?format=json","purl":"pkg:pypi/openc3@5.16.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.16.2"},{"url":"http://public2.vulnerablecode.io/api/packages/43556?format=json","purl":"pkg:pypi/openc3@5.17.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.17.0"},{"url":"http://public2.vulnerablecode.io/api/packages/43557?format=json","purl":"pkg:pypi/openc3@5.17.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.17.1"},{"url":"http://public2.vulnerablecode.io/api/packages/43558?format=json","purl":"pkg:pypi/openc3@5.18.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.18.0"}],"references":[{"reference_url":"https://github.com/OpenC3/cosmos/commit/a34e61aea5a465f0ab3e57d833ae7ff4cafd710b","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://github.com/OpenC3/cosmos/commit/a34e61aea5a465f0ab3e57d833ae7ff4cafd710b"},{"reference_url":"https://github.com/OpenC3/cosmos/security/advisories/GHSA-8jxr-mccc-mwg8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://github.com/OpenC3/cosmos/security/advisories/GHSA-8jxr-mccc-mwg8"}],"weaknesses":[],"exploits":[],"severity_range_score":"6.5 - 6.5","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s699-9pwv-k3ek"}