{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46240?format=json","vulnerability_id":"VCID-szsp-k3sg-r3eu","summary":"A vulnerability in Babel could result in remote code execution.","aliases":[{"alias":"CVE-2021-20095"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373830?format=json","purl":"pkg:alpm/archlinux/python-babel@2.9.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/python-babel@2.9.1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/76683?format=json","purl":"pkg:ebuild/dev-python/Babel@2.9.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-python/Babel@2.9.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373829?format=json","purl":"pkg:alpm/archlinux/python-babel@2.9.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-szsp-k3sg-r3eu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/python-babel@2.9.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/100574?format=json","purl":"pkg:rpm/redhat/babel@2.5.1-7?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-szsp-k3sg-r3eu"},{"vulnerability":"VCID-yw7e-93us-8qh8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/babel@2.5.1-7%3Farch=el8"},{"url":"http://public2.vulnerablecode.io/api/packages/100572?format=json","purl":"pkg:rpm/redhat/python27-babel@0.9.6-10?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1na8-nyq1-yfcy"},{"vulnerability":"VCID-8a7h-5rn5-gubx"},{"vulnerability":"VCID-brg4-rv29-1fgz"},{"vulnerability":"VCID-dkxn-j9dr-sqbp"},{"vulnerability":"VCID-jpa1-g154-1ye8"},{"vulnerability":"VCID-szsp-k3sg-r3eu"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-yw7e-93us-8qh8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python27-babel@0.9.6-10%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/100571?format=json","purl":"pkg:rpm/redhat/python27-python@2.7.18-3?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1na8-nyq1-yfcy"},{"vulnerability":"VCID-8a7h-5rn5-gubx"},{"vulnerability":"VCID-brg4-rv29-1fgz"},{"vulnerability":"VCID-dkxn-j9dr-sqbp"},{"vulnerability":"VCID-jpa1-g154-1ye8"},{"vulnerability":"VCID-szsp-k3sg-r3eu"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-yw7e-93us-8qh8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python27-python@2.7.18-3%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/100575?format=json","purl":"pkg:rpm/redhat/python27-python-jinja2@2.6-16?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1na8-nyq1-yfcy"},{"vulnerability":"VCID-8a7h-5rn5-gubx"},{"vulnerability":"VCID-brg4-rv29-1fgz"},{"vulnerability":"VCID-dkxn-j9dr-sqbp"},{"vulnerability":"VCID-jpa1-g154-1ye8"},{"vulnerability":"VCID-szsp-k3sg-r3eu"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-yw7e-93us-8qh8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python27-python-jinja2@2.6-16%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/100573?format=json","purl":"pkg:rpm/redhat/python27-python-pygments@1.5-5?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1na8-nyq1-yfcy"},{"vulnerability":"VCID-8a7h-5rn5-gubx"},{"vulnerability":"VCID-brg4-rv29-1fgz"},{"vulnerability":"VCID-dkxn-j9dr-sqbp"},{"vulnerability":"VCID-jpa1-g154-1ye8"},{"vulnerability":"VCID-szsp-k3sg-r3eu"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-yw7e-93us-8qh8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python27-python-pygments@1.5-5%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/99692?format=json","purl":"pkg:rpm/redhat/rh-python38-babel@2.7.0-12?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j3t-a3r6-vfg7"},{"vulnerability":"VCID-75s4-h132-6fe1"},{"vulnerability":"VCID-8a7h-5rn5-gubx"},{"vulnerability":"VCID-8par-whwz-6kft"},{"vulnerability":"VCID-bjpd-6kh8-1bbs"},{"vulnerability":"VCID-ct6h-d1eh-7bgj"},{"vulnerability":"VCID-dkxn-j9dr-sqbp"},{"vulnerability":"VCID-j8hj-k7wy-yfch"},{"vulnerability":"VCID-j95d-56fv-jfae"},{"vulnerability":"VCID-jpa1-g154-1ye8"},{"vulnerability":"VCID-szsp-k3sg-r3eu"},{"vulnerability":"VCID-u7xg-3dp7-vkc2"},{"vulnerability":"VCID-vmx8-tjg2-uuec"},{"vulnerability":"VCID-vpwj-d49q-1uh8"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-yw7e-93us-8qh8"},{"vulnerability":"VCID-z48d-eyxz-bycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-python38-babel@2.7.0-12%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/99694?format=json","purl":"pkg:rpm/redhat/rh-python38-python@3.8.11-2?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j3t-a3r6-vfg7"},{"vulnerability":"VCID-75s4-h132-6fe1"},{"vulnerability":"VCID-8a7h-5rn5-gubx"},{"vulnerability":"VCID-8par-whwz-6kft"},{"vulnerability":"VCID-bjpd-6kh8-1bbs"},{"vulnerability":"VCID-ct6h-d1eh-7bgj"},{"vulnerability":"VCID-dkxn-j9dr-sqbp"},{"vulnerability":"VCID-j8hj-k7wy-yfch"},{"vulnerability":"VCID-j95d-56fv-jfae"},{"vulnerability":"VCID-jpa1-g154-1ye8"},{"vulnerability":"VCID-szsp-k3sg-r3eu"},{"vulnerability":"VCID-u7xg-3dp7-vkc2"},{"vulnerability":"VCID-vmx8-tjg2-uuec"},{"vulnerability":"VCID-vpwj-d49q-1uh8"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-yw7e-93us-8qh8"},{"vulnerability":"VCID-z48d-eyxz-bycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-python38-python@3.8.11-2%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/99695?format=json","purl":"pkg:rpm/redhat/rh-python38-python-cryptography@2.8-5?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j3t-a3r6-vfg7"},{"vulnerability":"VCID-75s4-h132-6fe1"},{"vulnerability":"VCID-8a7h-5rn5-gubx"},{"vulnerability":"VCID-8par-whwz-6kft"},{"vulnerability":"VCID-bjpd-6kh8-1bbs"},{"vulnerability":"VCID-ct6h-d1eh-7bgj"},{"vulnerability":"VCID-dkxn-j9dr-sqbp"},{"vulnerability":"VCID-j8hj-k7wy-yfch"},{"vulnerability":"VCID-j95d-56fv-jfae"},{"vulnerability":"VCID-jpa1-g154-1ye8"},{"vulnerability":"VCID-szsp-k3sg-r3eu"},{"vulnerability":"VCID-u7xg-3dp7-vkc2"},{"vulnerability":"VCID-vmx8-tjg2-uuec"},{"vulnerability":"VCID-vpwj-d49q-1uh8"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-yw7e-93us-8qh8"},{"vulnerability":"VCID-z48d-eyxz-bycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-python38-python-cryptography@2.8-5%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/99690?format=json","purl":"pkg:rpm/redhat/rh-python38-python-jinja2@2.10.3-6?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j3t-a3r6-vfg7"},{"vulnerability":"VCID-75s4-h132-6fe1"},{"vulnerability":"VCID-8a7h-5rn5-gubx"},{"vulnerability":"VCID-8par-whwz-6kft"},{"vulnerability":"VCID-bjpd-6kh8-1bbs"},{"vulnerability":"VCID-ct6h-d1eh-7bgj"},{"vulnerability":"VCID-dkxn-j9dr-sqbp"},{"vulnerability":"VCID-j8hj-k7wy-yfch"},{"vulnerability":"VCID-j95d-56fv-jfae"},{"vulnerability":"VCID-jpa1-g154-1ye8"},{"vulnerability":"VCID-szsp-k3sg-r3eu"},{"vulnerability":"VCID-u7xg-3dp7-vkc2"},{"vulnerability":"VCID-vmx8-tjg2-uuec"},{"vulnerability":"VCID-vpwj-d49q-1uh8"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-yw7e-93us-8qh8"},{"vulnerability":"VCID-z48d-eyxz-bycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-python38-python-jinja2@2.10.3-6%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/99696?format=json","purl":"pkg:rpm/redhat/rh-python38-python-lxml@4.4.1-7?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j3t-a3r6-vfg7"},{"vulnerability":"VCID-75s4-h132-6fe1"},{"vulnerability":"VCID-8a7h-5rn5-gubx"},{"vulnerability":"VCID-8par-whwz-6kft"},{"vulnerability":"VCID-bjpd-6kh8-1bbs"},{"vulnerability":"VCID-ct6h-d1eh-7bgj"},{"vulnerability":"VCID-dkxn-j9dr-sqbp"},{"vulnerability":"VCID-j8hj-k7wy-yfch"},{"vulnerability":"VCID-j95d-56fv-jfae"},{"vulnerability":"VCID-jpa1-g154-1ye8"},{"vulnerability":"VCID-szsp-k3sg-r3eu"},{"vulnerability":"VCID-u7xg-3dp7-vkc2"},{"vulnerability":"VCID-vmx8-tjg2-uuec"},{"vulnerability":"VCID-vpwj-d49q-1uh8"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-yw7e-93us-8qh8"},{"vulnerability":"VCID-z48d-eyxz-bycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-python38-python-lxml@4.4.1-7%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/99688?format=json","purl":"pkg:rpm/redhat/rh-python38-python-pip@19.3.1-2?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j3t-a3r6-vfg7"},{"vulnerability":"VCID-75s4-h132-6fe1"},{"vulnerability":"VCID-8a7h-5rn5-gubx"},{"vulnerability":"VCID-8par-whwz-6kft"},{"vulnerability":"VCID-bjpd-6kh8-1bbs"},{"vulnerability":"VCID-ct6h-d1eh-7bgj"},{"vulnerability":"VCID-dkxn-j9dr-sqbp"},{"vulnerability":"VCID-j8hj-k7wy-yfch"},{"vulnerability":"VCID-j95d-56fv-jfae"},{"vulnerability":"VCID-jpa1-g154-1ye8"},{"vulnerability":"VCID-szsp-k3sg-r3eu"},{"vulnerability":"VCID-u7xg-3dp7-vkc2"},{"vulnerability":"VCID-vmx8-tjg2-uuec"},{"vulnerability":"VCID-vpwj-d49q-1uh8"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-yw7e-93us-8qh8"},{"vulnerability":"VCID-z48d-eyxz-bycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-python38-python-pip@19.3.1-2%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/99689?format=json","purl":"pkg:rpm/redhat/rh-python38-python-urllib3@1.25.7-7?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j3t-a3r6-vfg7"},{"vulnerability":"VCID-75s4-h132-6fe1"},{"vulnerability":"VCID-8a7h-5rn5-gubx"},{"vulnerability":"VCID-8par-whwz-6kft"},{"vulnerability":"VCID-bjpd-6kh8-1bbs"},{"vulnerability":"VCID-ct6h-d1eh-7bgj"},{"vulnerability":"VCID-dkxn-j9dr-sqbp"},{"vulnerability":"VCID-j8hj-k7wy-yfch"},{"vulnerability":"VCID-j95d-56fv-jfae"},{"vulnerability":"VCID-jpa1-g154-1ye8"},{"vulnerability":"VCID-szsp-k3sg-r3eu"},{"vulnerability":"VCID-u7xg-3dp7-vkc2"},{"vulnerability":"VCID-vmx8-tjg2-uuec"},{"vulnerability":"VCID-vpwj-d49q-1uh8"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-yw7e-93us-8qh8"},{"vulnerability":"VCID-z48d-eyxz-bycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-python38-python-urllib3@1.25.7-7%3Farch=el7"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20095.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20095.json"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1955615","reference_id":"1955615","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1955615"},{"reference_url":"https://security.archlinux.org/ASA-202105-15","reference_id":"ASA-202105-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-15"},{"reference_url":"https://security.archlinux.org/AVG-1894","reference_id":"AVG-1894","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1894"},{"reference_url":"https://security.gentoo.org/glsa/202208-03","reference_id":"GLSA-202208-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3252","reference_id":"RHSA-2021:3252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4151","reference_id":"RHSA-2021:4151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4162","reference_id":"RHSA-2021:4162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4201","reference_id":"RHSA-2021:4201","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4201"},{"reference_url":"https://usn.ubuntu.com/4962-1/","reference_id":"USN-4962-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4962-1/"}],"weaknesses":[{"cwe_id":22,"name":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","description":"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory."}],"exploits":[],"severity_range_score":"4.0 - 7.8","exploitability":"0.5","weighted_severity":"7.0","risk_score":3.5,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-szsp-k3sg-r3eu"}