Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/90710?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90710?format=api", "vulnerability_id": "VCID-acg5-4qjn-sudc", "summary": "A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.", "aliases": [ { "alias": "PYSEC-2020-182" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9652?format=api", "purl": "pkg:pypi/ecdsa@0.13.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ebg3-6ssf-dkcy" }, { "vulnerability": "VCID-kbjk-tnfz-rfdw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.13.3" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9642?format=api", "purl": "pkg:pypi/ecdsa@0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9pe3-67b4-yqae" }, { "vulnerability": "VCID-acg5-4qjn-sudc" }, { "vulnerability": "VCID-ebg3-6ssf-dkcy" }, { "vulnerability": "VCID-kbjk-tnfz-rfdw" }, { "vulnerability": "VCID-qrf7-gnjg-bfat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/9643?format=api", "purl": "pkg:pypi/ecdsa@0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9pe3-67b4-yqae" }, { "vulnerability": "VCID-acg5-4qjn-sudc" }, { "vulnerability": "VCID-ebg3-6ssf-dkcy" }, { "vulnerability": "VCID-kbjk-tnfz-rfdw" }, { "vulnerability": "VCID-qrf7-gnjg-bfat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/9644?format=api", "purl": "pkg:pypi/ecdsa@0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9pe3-67b4-yqae" }, { "vulnerability": "VCID-acg5-4qjn-sudc" }, { "vulnerability": "VCID-ebg3-6ssf-dkcy" }, { "vulnerability": "VCID-kbjk-tnfz-rfdw" }, { "vulnerability": "VCID-qrf7-gnjg-bfat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/9645?format=api", "purl": "pkg:pypi/ecdsa@0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9pe3-67b4-yqae" }, { "vulnerability": "VCID-acg5-4qjn-sudc" }, { "vulnerability": "VCID-ebg3-6ssf-dkcy" }, { "vulnerability": "VCID-kbjk-tnfz-rfdw" }, { "vulnerability": "VCID-qrf7-gnjg-bfat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/9646?format=api", "purl": "pkg:pypi/ecdsa@0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9pe3-67b4-yqae" }, { "vulnerability": "VCID-acg5-4qjn-sudc" }, { "vulnerability": "VCID-ebg3-6ssf-dkcy" }, { "vulnerability": "VCID-kbjk-tnfz-rfdw" }, { "vulnerability": "VCID-qrf7-gnjg-bfat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/9647?format=api", "purl": "pkg:pypi/ecdsa@0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9pe3-67b4-yqae" }, { "vulnerability": "VCID-acg5-4qjn-sudc" }, { "vulnerability": "VCID-ebg3-6ssf-dkcy" }, { "vulnerability": "VCID-kbjk-tnfz-rfdw" }, { "vulnerability": "VCID-qrf7-gnjg-bfat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/9648?format=api", "purl": "pkg:pypi/ecdsa@0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9pe3-67b4-yqae" }, { "vulnerability": "VCID-acg5-4qjn-sudc" }, { "vulnerability": "VCID-ebg3-6ssf-dkcy" }, { "vulnerability": "VCID-kbjk-tnfz-rfdw" }, { "vulnerability": "VCID-qrf7-gnjg-bfat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/9649?format=api", "purl": "pkg:pypi/ecdsa@0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9pe3-67b4-yqae" }, { "vulnerability": "VCID-acg5-4qjn-sudc" }, { "vulnerability": "VCID-ebg3-6ssf-dkcy" }, { "vulnerability": "VCID-kbjk-tnfz-rfdw" }, { "vulnerability": "VCID-qrf7-gnjg-bfat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/9650?format=api", "purl": "pkg:pypi/ecdsa@0.13.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9pe3-67b4-yqae" }, { "vulnerability": "VCID-acg5-4qjn-sudc" }, { "vulnerability": "VCID-ebg3-6ssf-dkcy" }, { "vulnerability": "VCID-kbjk-tnfz-rfdw" }, { "vulnerability": "VCID-qrf7-gnjg-bfat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.13.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9651?format=api", "purl": "pkg:pypi/ecdsa@0.13.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9pe3-67b4-yqae" }, { "vulnerability": "VCID-acg5-4qjn-sudc" }, { "vulnerability": "VCID-ebg3-6ssf-dkcy" }, { "vulnerability": "VCID-kbjk-tnfz-rfdw" }, { "vulnerability": "VCID-qrf7-gnjg-bfat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.13.2" } ], "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14859", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14859" }, { "reference_url": "https://github.com/warner/python-ecdsa/issues/114", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/warner/python-ecdsa/issues/114" }, { "reference_url": "https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3" }, { "reference_url": "https://pypi.org/project/ecdsa/0.13.3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://pypi.org/project/ecdsa/0.13.3/" } ], "weaknesses": [], "exploits": [], "severity_range_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-acg5-4qjn-sudc" }