Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/90799?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90799?format=api", "vulnerability_id": "VCID-5y6u-xqht-n3ft", "summary": "PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.", "aliases": [ { "alias": "PYSEC-2020-195" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/10034?format=api", "purl": "pkg:pypi/pyyaml@5.2b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wh2-rac2-53ax" }, { "vulnerability": "VCID-hrtt-vfbb-87bf" }, { "vulnerability": "VCID-tk2n-xsk7-aqb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyyaml@5.2b1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6620?format=api", "purl": "pkg:pypi/pyyaml@5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wh2-rac2-53ax" }, { "vulnerability": "VCID-5y6u-xqht-n3ft" }, { "vulnerability": "VCID-hrtt-vfbb-87bf" }, { "vulnerability": "VCID-tk2n-xsk7-aqb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyyaml@5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/10032?format=api", "purl": "pkg:pypi/pyyaml@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wh2-rac2-53ax" }, { "vulnerability": "VCID-5y6u-xqht-n3ft" }, { "vulnerability": "VCID-hrtt-vfbb-87bf" }, { "vulnerability": "VCID-tk2n-xsk7-aqb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyyaml@5.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/10033?format=api", "purl": "pkg:pypi/pyyaml@5.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2wh2-rac2-53ax" }, { "vulnerability": "VCID-5y6u-xqht-n3ft" }, { "vulnerability": "VCID-hrtt-vfbb-87bf" }, { "vulnerability": "VCID-tk2n-xsk7-aqb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyyaml@5.1.2" } ], "references": [ { "reference_url": "https://github.com/yaml/pyyaml/blob/master/CHANGES", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/yaml/pyyaml/blob/master/CHANGES" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33VBUY73AA6CTTYL3LRWHNFDULV7PFPN/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33VBUY73AA6CTTYL3LRWHNFDULV7PFPN/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/52N5XS73Z5S4ZN7I7R56ICCPCTKCUV4H/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/52N5XS73Z5S4ZN7I7R56ICCPCTKCUV4H/" }, { "reference_url": "https://www.exploit-db.com/download/47655", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/download/47655" } ], "weaknesses": [], "exploits": [], "severity_range_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5y6u-xqht-n3ft" }