{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38094?format=json","vulnerability_id":"VCID-gd5v-ueah-j7eh","summary":"Privilege escalation in webdav\nA missing webdav security declaration would allow unauthorized webdav access.","aliases":[{"alias":"GMS-2016-28"}],"fixed_packages":[],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52655?format=json","purl":"pkg:pypi/products.cmfplone@4.3.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gd5v-ueah-j7eh"},{"vulnerability":"VCID-zg7t-g8m5-nbat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@4.3.9"},{"url":"http://public2.vulnerablecode.io/api/packages/52656?format=json","purl":"pkg:pypi/products.cmfplone@5.0a0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gd5v-ueah-j7eh"},{"vulnerability":"VCID-mu56-js96-3fdr"},{"vulnerability":"VCID-zg7t-g8m5-nbat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.0a0"},{"url":"http://public2.vulnerablecode.io/api/packages/52657?format=json","purl":"pkg:pypi/products.cmfplone@5.1a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-69ps-uetw-y3gf"},{"vulnerability":"VCID-dg61-tw4u-dbcc"},{"vulnerability":"VCID-gd5v-ueah-j7eh"},{"vulnerability":"VCID-mu56-js96-3fdr"},{"vulnerability":"VCID-zg7t-g8m5-nbat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.1a1"}],"references":[{"reference_url":"https://plone.org/products/plone/security/advisories/20160419-announcement","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/products/plone/security/advisories/20160419-announcement"},{"reference_url":"https://plone.org/security/20160419/privilege-escalation-in-webdav","reference_id":"","reference_type":"","scores":[],"url":"https://plone.org/security/20160419/privilege-escalation-in-webdav"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gd5v-ueah-j7eh"}