{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37279?format=json","vulnerability_id":"VCID-ttr2-9yma-h7eu","summary":"FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse() fetches a URL that returns an HTML page containing a <meta http-equiv=\"refresh\"> tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An attacker-controlled server that returns an infinite chain of HTML meta-refresh responses causes unbounded recursion, exhausting the Python call stack and crashing the process. This vulnerability can also be chained with the companion SSRF issue to reach internal network targets after bypassing the initial URL check. This vulnerability is fixed in 0.5.10.","aliases":[{"alias":"CVE-2026-39376"},{"alias":"GHSA-4gx2-pc4f-wq37"},{"alias":"PYSEC-2026-60"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49489?format=json","purl":"pkg:pypi/fastfeedparser@0.5.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.5.10"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49456?format=json","purl":"pkg:pypi/fastfeedparser@0.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/49457?format=json","purl":"pkg:pypi/fastfeedparser@0.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/49458?format=json","purl":"pkg:pypi/fastfeedparser@0.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/49459?format=json","purl":"pkg:pypi/fastfeedparser@0.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/49460?format=json","purl":"pkg:pypi/fastfeedparser@0.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/49461?format=json","purl":"pkg:pypi/fastfeedparser@0.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/49462?format=json","purl":"pkg:pypi/fastfeedparser@0.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/49463?format=json","purl":"pkg:pypi/fastfeedparser@0.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/49464?format=json","purl":"pkg:pypi/fastfeedparser@0.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/49465?format=json","purl":"pkg:pypi/fastfeedparser@0.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/49466?format=json","purl":"pkg:pypi/fastfeedparser@0.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.3.7"},{"url":"http://public2.vulnerablecode.io/api/packages/49467?format=json","purl":"pkg:pypi/fastfeedparser@0.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.3.8"},{"url":"http://public2.vulnerablecode.io/api/packages/49468?format=json","purl":"pkg:pypi/fastfeedparser@0.3.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.3.9"},{"url":"http://public2.vulnerablecode.io/api/packages/49469?format=json","purl":"pkg:pypi/fastfeedparser@0.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/49470?format=json","purl":"pkg:pypi/fastfeedparser@0.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/49471?format=json","purl":"pkg:pypi/fastfeedparser@0.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.4.2"},{"url":"http://public2.vulnerablecode.io/api/packages/49472?format=json","purl":"pkg:pypi/fastfeedparser@0.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.4.3"},{"url":"http://public2.vulnerablecode.io/api/packages/49473?format=json","purl":"pkg:pypi/fastfeedparser@0.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/49474?format=json","purl":"pkg:pypi/fastfeedparser@0.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.4.5"},{"url":"http://public2.vulnerablecode.io/api/packages/49475?format=json","purl":"pkg:pypi/fastfeedparser@0.4.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.4.6"},{"url":"http://public2.vulnerablecode.io/api/packages/49476?format=json","purl":"pkg:pypi/fastfeedparser@0.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.4.7"},{"url":"http://public2.vulnerablecode.io/api/packages/49477?format=json","purl":"pkg:pypi/fastfeedparser@0.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.4.8"},{"url":"http://public2.vulnerablecode.io/api/packages/49478?format=json","purl":"pkg:pypi/fastfeedparser@0.4.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/49479?format=json","purl":"pkg:pypi/fastfeedparser@0.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/49480?format=json","purl":"pkg:pypi/fastfeedparser@0.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/49481?format=json","purl":"pkg:pypi/fastfeedparser@0.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/49482?format=json","purl":"pkg:pypi/fastfeedparser@0.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.5.3"},{"url":"http://public2.vulnerablecode.io/api/packages/49483?format=json","purl":"pkg:pypi/fastfeedparser@0.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.5.4"},{"url":"http://public2.vulnerablecode.io/api/packages/49484?format=json","purl":"pkg:pypi/fastfeedparser@0.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/49485?format=json","purl":"pkg:pypi/fastfeedparser@0.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/49486?format=json","purl":"pkg:pypi/fastfeedparser@0.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.5.7"},{"url":"http://public2.vulnerablecode.io/api/packages/49487?format=json","purl":"pkg:pypi/fastfeedparser@0.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/49488?format=json","purl":"pkg:pypi/fastfeedparser@0.5.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttr2-9yma-h7eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/fastfeedparser@0.5.9"}],"references":[{"reference_url":"https://github.com/kagisearch/fastfeedparser/security/advisories/GHSA-4gx2-pc4f-wq37","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/kagisearch/fastfeedparser/security/advisories/GHSA-4gx2-pc4f-wq37"}],"weaknesses":[],"exploits":[],"severity_range_score":"7.5 - 7.5","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ttr2-9yma-h7eu"}