{ "SBOMVulnerabilityDisclosure": { "CVERespository": "NIST_NVD", "NISTNVDSearchStatus": "Success", "UnresolvedVulnerabilities": "N", "PackageSourceLocation": "NOASSERTION", "ProductName": "SAG-PM (TM)", "ProductVersion": "1.1.8", "SBOMAuthor": "Reliable Energy Analytics LLC", "SBOMFormat": "cycloneDX", "SBOMFormatSyntax": "XML", "SBOMLocation": "https://softwareassuranceguardian.com/SAG-PM_SBOM_V1_1_8.xml", "SBOMTimestamp": "2022-01-26T16:56:00Z", "SBOMTotalComponentCount": "92", "SupplierName": "Reliable Energy Analytics LLC", "VulnDisclosureCreateDate": "2022-01-26T17:06:54+00:00" }, "Components": [ { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=SAG-PM+(TM)+1.1.8", "ComponentID": "None", "ComponentName": "SAG-PM (TM)", "ComponentSupplierName": "Reliable Energy Analytics LLC", "ComponentVersion": "1.1.8", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=SAG-PM.msi+1.1.8", "ComponentID": "None", "ComponentName": "SAG-PM.msi", "ComponentSupplierName": "Reliable Energy Analytics LLC", "ComponentVersion": "1.1.8", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=SAG-PM.exe+1.1.8", "ComponentID": "None", "ComponentName": "SAG-PM.exe", "ComponentSupplierName": "Reliable Energy Analytics LLC", "ComponentVersion": "1.1.8", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=sag-pm-viewer.exe+1.1.8", "ComponentID": "None", "ComponentName": "sag-pm-viewer.exe", "ComponentSupplierName": "Reliable Energy Analytics LLC", "ComponentVersion": "1.1.8", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=SAGPM_Vendor_Data.csv+1.1.8", "ComponentID": "None", "ComponentName": "SAGPM_Vendor_Data.csv", "ComponentSupplierName": "Reliable Energy Analytics LLC", "ComponentVersion": "1.1.8", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=END+USER+LICENSE+AGREEMENT.rtf+1.1.8", "ComponentID": "None", "ComponentName": "END USER LICENSE AGREEMENT.rtf", "ComponentSupplierName": "Reliable Energy Analytics LLC", "ComponentVersion": "1.1.8", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=userguide.txt+1.1.8", "ComponentID": "None", "ComponentName": "userguide.txt", "ComponentSupplierName": "Reliable Energy Analytics LLC", "ComponentVersion": "1.1.8", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=acme+1.13.0", "ComponentID": "pkg:pypi/acme@1.13.0", "ComponentName": "acme", "ComponentSupplierName": "Certbot Project", "ComponentVersion": "1.13.0", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=aiodns+2.0.0", "ComponentID": "pkg:pypi/aiodns@2.0.0", "ComponentName": "aiodns", "ComponentSupplierName": "Saúl Ibarra Corretgé", "ComponentVersion": "2.0.0", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=aiohttp+3.7.3", "ComponentID": "pkg:pypi/aiohttp@3.7.3", "ComponentName": "aiohttp", "ComponentSupplierName": "Nikolay Kim", "ComponentVersion": "3.7.3", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=altgraph+0.17", "ComponentID": "pkg:pypi/altgraph@0.17", "ComponentName": "altgraph", "ComponentSupplierName": "Ronald Oussoren", "ComponentVersion": "0.17", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=antlr4-python3-runtime+4.8", "ComponentID": "pkg:pypi/antlr4-python3-runtime@4.8", "ComponentName": "antlr4-python3-runtime", "ComponentSupplierName": "Eric Vergnaud, Terence Parr, Sam Harwell", "ComponentVersion": "4.8", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=async-timeout+3.0.1", "ComponentID": "pkg:pypi/async-timeout@3.0.1", "ComponentName": "async-timeout", "ComponentSupplierName": "Andrew Svetlov", "ComponentVersion": "3.0.1", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=attrs+20.3.0", "ComponentID": "pkg:pypi/attrs@20.3.0", "ComponentName": "attrs", "ComponentSupplierName": "Hynek Schlawack", "ComponentVersion": "20.3.0", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=boto3+1.16.51", "ComponentID": "pkg:pypi/boto3@1.16.51", "ComponentName": "boto3", "ComponentSupplierName": "Amazon Web Services", "ComponentVersion": "1.16.51", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=botocore+1.19.51", "ComponentID": "pkg:pypi/botocore@1.19.51", "ComponentName": "botocore", "ComponentSupplierName": "Amazon Web Services", "ComponentVersion": "1.19.51", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=certbot+1.13.0", "ComponentID": "pkg:pypi/certbot@1.13.0", "ComponentName": "certbot", "ComponentSupplierName": "Certbot Project", "ComponentVersion": "1.13.0", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=certifi+2021.5.30", "ComponentID": "pkg:pypi/certifi@2021.5.30", "ComponentName": "certifi", "ComponentSupplierName": "Kenneth Reitz", "ComponentVersion": "2021.5.30", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=cffi+1.14.4", "ComponentID": "pkg:pypi/cffi@1.14.4", "ComponentName": "cffi", "ComponentSupplierName": "Armin Rigo, Maciej Fijalkowski", "ComponentVersion": "1.14.4", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=chardet+3.0.4", "ComponentID": "pkg:pypi/chardet@3.0.4", "ComponentName": "chardet", "ComponentSupplierName": "Daniel Blanchard", "ComponentVersion": "3.0.4", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=ConfigArgParse+1.4", "ComponentID": "pkg:pypi/configargparse@1.4", "ComponentName": "ConfigArgParse", "ComponentSupplierName": "None", "ComponentVersion": "1.4", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=configobj+5.0.6", "ComponentID": "pkg:pypi/configobj@5.0.6", "ComponentName": "configobj", "ComponentSupplierName": "Rob Dennis, Eli Courtwright (Michael Foord & Nicola Larosa original maintainers)", "ComponentVersion": "5.0.6", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=cryptography+3.3.1", "ComponentID": "pkg:pypi/cryptography@3.3.1", "ComponentName": "cryptography", "ComponentSupplierName": "The cryptography developers", "ComponentVersion": "3.3.1", "NumberVulnsReported": "2", "CVE": [ { "CVEID": "CVE-2020-36242", "CVSS": "9.1", "CVEDescription": "In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.", "Exploitable": "N", "FixStatus": "N/A", "AnalysisFindings": "This vulnerability is exploited during file encryption. SAG-PM does not perform file encryption using this component and is most likely not vulnerable to this CVE" }, { "CVEID": "CVE-2014-8564", "CVSS": "5.0", "CVEDescription": "The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.", "Exploitable": "N", "FixStatus": "N/A", "AnalysisFindings": "This vulnerability is exploited when Elliptic curve certificates are used. SAG-PM does not perform any elliptic curve certificate functions from this component and is most likely not vulnerable to this CVE" } ] }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=cyclonedx-bom+0.4.3", "ComponentID": "pkg:pypi/cyclonedx-bom@0.4.3", "ComponentName": "cyclonedx-bom", "ComponentSupplierName": "Steve Springett", "ComponentVersion": "0.4.3", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=cyclonedx-python-lib+0.4.0", "ComponentID": "pkg:pypi/cyclonedx-python-lib@0.4.0", "ComponentName": "cyclonedx-python-lib", "ComponentSupplierName": "Paul Horton", "ComponentVersion": "0.4.0", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=datedelta+1.3", "ComponentID": "pkg:pypi/datedelta@1.3", "ComponentName": "datedelta", "ComponentSupplierName": "Aymeric Augustin", "ComponentVersion": "1.3", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=distro+1.5.0", "ComponentID": "pkg:pypi/distro@1.5.0", "ComponentName": "distro", "ComponentSupplierName": "Nir Cohen", "ComponentVersion": "1.5.0", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=dnspython+2.0.0", "ComponentID": "pkg:pypi/dnspython@2.0.0", "ComponentName": "dnspython", "ComponentSupplierName": "Bob Halley", "ComponentVersion": "2.0.0", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=docutils+0.16", "ComponentID": "pkg:pypi/docutils@0.16", "ComponentName": "docutils", "ComponentSupplierName": "David Goodger", "ComponentVersion": "0.16", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=elementpath+2.1.1", "ComponentID": "pkg:pypi/elementpath@2.1.1", "ComponentName": "elementpath", "ComponentSupplierName": "Davide Brunato", "ComponentVersion": "2.1.1", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=et-xmlfile+1.0.1", "ComponentID": "pkg:pypi/et-xmlfile@1.0.1", "ComponentName": "et-xmlfile", "ComponentSupplierName": "See ATUHORS.txt", "ComponentVersion": "1.0.1", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=future+0.18.2", "ComponentID": "pkg:pypi/future@0.18.2", "ComponentName": "future", "ComponentSupplierName": "Ed Schofield", "ComponentVersion": "0.18.2", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=geoip2+4.1.0", "ComponentID": "pkg:pypi/geoip2@4.1.0", "ComponentName": "geoip2", "ComponentSupplierName": "Gregory Oschwald", "ComponentVersion": "4.1.0", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=idna+2.10", "ComponentID": "pkg:pypi/idna@2.10", "ComponentName": "idna", "ComponentSupplierName": "Kim Davies", "ComponentVersion": "2.10", "NumberVulnsReported": "2", "CVE": [ { "CVEID": "CVE-2012-4870", "CVSS": "4.3", "CVEDescription": "Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php.", "Exploitable": "N", "FixStatus": "N/A", "AnalysisFindings": "False positive returned by NIST NVD matching idna to clidname. The actual component listed in the CVE is not used by SAG-PM " }, { "CVEID": "CVE-2006-4346", "CVSS": "7.5", "CVEDescription": "Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable.", "Exploitable": "N", "FixStatus": "N/A", "AnalysisFindings": "False positive returned by NIST NVD matching idna to CALLERIDNAME. The actual component listed in the CVE is not used by SAG-PM" } ] }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=importlib-metadata+4.8.1", "ComponentID": "pkg:pypi/importlib-metadata@4.8.1", "ComponentName": "importlib-metadata", "ComponentSupplierName": "Jason R. Coombs", "ComponentVersion": "4.8.1", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=ipwhois+1.2.0", "ComponentID": "pkg:pypi/ipwhois@1.2.0", "ComponentName": "ipwhois", "ComponentSupplierName": "Philip Hane", "ComponentVersion": "1.2.0", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=isodate+0.6.0", "ComponentID": "pkg:pypi/isodate@0.6.0", "ComponentName": "isodate", "ComponentSupplierName": "Gerhard Weis", "ComponentVersion": "0.6.0", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=Jinja2+2.11.2", "ComponentID": "pkg:pypi/jinja2@2.11.2", "ComponentName": "Jinja2", "ComponentSupplierName": "Armin Ronacher", "ComponentVersion": "2.11.2", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=jmespath+0.10.0", "ComponentID": "pkg:pypi/jmespath@0.10.0", "ComponentName": "jmespath", "ComponentSupplierName": "James Saryerwinnie", "ComponentVersion": "0.10.0", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=josepy+1.8.0", "ComponentID": "pkg:pypi/josepy@1.8.0", "ComponentName": "josepy", "ComponentSupplierName": "Certbot Project", "ComponentVersion": "1.8.0", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=jsonschema+3.2.0", "ComponentID": "pkg:pypi/jsonschema@3.2.0", "ComponentName": "jsonschema", "ComponentSupplierName": "Julian Berman", "ComponentVersion": "3.2.0", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=lxml+4.6.2", "ComponentID": "pkg:pypi/lxml@4.6.2", "ComponentName": "lxml", "ComponentSupplierName": "lxml dev team", "ComponentVersion": "4.6.2", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=MarkupSafe+1.1.1", "ComponentID": "pkg:pypi/markupsafe@1.1.1", "ComponentName": "MarkupSafe", "ComponentSupplierName": "Armin Ronacher", "ComponentVersion": "1.1.1", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=maxminddb+2.0.3", "ComponentID": "pkg:pypi/maxminddb@2.0.3", "ComponentName": "maxminddb", "ComponentSupplierName": "Gregory Oschwald", "ComponentVersion": "2.0.3", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=multidict+5.1.0", "ComponentID": "pkg:pypi/multidict@5.1.0", "ComponentName": "multidict", "ComponentSupplierName": "Andrew Svetlov", "ComponentVersion": "5.1.0", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=numpy+1.19.5", "ComponentID": "pkg:pypi/numpy@1.19.5", "ComponentName": "numpy", "ComponentSupplierName": "Travis E. Oliphant et al.", "ComponentVersion": "1.19.5", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=packageurl-python+0.9.3", "ComponentID": "pkg:pypi/packageurl-python@0.9.3", "ComponentName": "packageurl-python", "ComponentSupplierName": "the purl authors", "ComponentVersion": "0.9.3", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=packaging+20.7", "ComponentID": "pkg:pypi/packaging@20.7", "ComponentName": "packaging", "ComponentSupplierName": "Donald Stufft and individual contributors", "ComponentVersion": "20.7", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=pandas+1.2.0", "ComponentID": "pkg:pypi/pandas@1.2.0", "ComponentName": "pandas", "ComponentSupplierName": "None", "ComponentVersion": "1.2.0", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=parsedatetime+2.6", "ComponentID": "pkg:pypi/parsedatetime@2.6", "ComponentName": "parsedatetime", "ComponentSupplierName": "Mike Taylor", "ComponentVersion": "2.6", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=pefile+2019.4.18", "ComponentID": "pkg:pypi/pefile@2019.4.18", "ComponentName": "pefile", "ComponentSupplierName": "Ero Carrera", "ComponentVersion": "2019.4.18", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=ply+3.11", "ComponentID": "pkg:pypi/ply@3.11", "ComponentName": "ply", "ComponentSupplierName": "David Beazley", "ComponentVersion": "3.11", "NumberVulnsReported": "3", "CVE": [ { "CVEID": "CVE-2020-12100", "CVSS": "7.5", "CVEDescription": "In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.", "Exploitable": "N", "FixStatus": "N/A", "AnalysisFindings": "False positive returned by NIST NVD matching ply to deeply.The actual component listed in the CVE is not used by SAG-PM" }, { "CVEID": "CVE-2019-18183", "CVSS": "9.8", "CVEDescription": "pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an attacker-controlled crafted database and delta file.", "Exploitable": "N", "FixStatus": "N/A", "AnalysisFindings": "False positive returned by NIST NVD matching ply to apply.The actual component listed in the CVE is not used by SAG-PM" }, { "CVEID": "CVE-2011-1487", "CVSS": "5.0", "CVEDescription": "The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.", "Exploitable": "N", "FixStatus": "N/A", "AnalysisFindings": "False positive returned by NIST NVD matching ply to apply.The actual component listed in the CVE is not used by SAG-PM" } ] }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=psycopg2+2.8.6", "ComponentID": "pkg:pypi/psycopg2@2.8.6", "ComponentName": "psycopg2", "ComponentSupplierName": "Federico Di Gregorio", "ComponentVersion": "2.8.6", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=pycares+3.1.1", "ComponentID": "pkg:pypi/pycares@3.1.1", "ComponentName": "pycares", "ComponentSupplierName": "Saúl Ibarra Corretgé", "ComponentVersion": "3.1.1", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=pycparser+2.20", "ComponentID": "pkg:pypi/pycparser@2.20", "ComponentName": "pycparser", "ComponentSupplierName": "Eli Bendersky", "ComponentVersion": "2.20", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=pycurl+7.43.0.6", "ComponentID": "pkg:pypi/pycurl@7.43.0.6", "ComponentName": "pycurl", "ComponentSupplierName": "Kjetil Jacobsen, Markus F.X.J. Oberhumer, Oleg Pudeyev", "ComponentVersion": "7.43.0.6", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=pydnsbl+1.1.2", "ComponentID": "pkg:pypi/pydnsbl@1.1.2", "ComponentName": "pydnsbl", "ComponentSupplierName": "Dmitry ippolitov", "ComponentVersion": "1.1.2", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=pyinstaller+4.1", "ComponentID": "pkg:pypi/pyinstaller@4.1", "ComponentName": "pyinstaller", "ComponentSupplierName": "Hartmut Goebel, Giovanni Bajo, David Vierra, David Cortesi, Martin Zibricky", "ComponentVersion": "4.1", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=pyinstaller-hooks-contrib+2020.11", "ComponentID": "pkg:pypi/pyinstaller-hooks-contrib@2020.11", "ComponentName": "pyinstaller-hooks-contrib", "ComponentSupplierName": "None", "ComponentVersion": "2020.11", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=pyOpenSSL+20.0.1", "ComponentID": "pkg:pypi/pyopenssl@20.0.1", "ComponentName": "pyOpenSSL", "ComponentSupplierName": "The pyOpenSSL developers", "ComponentVersion": "20.0.1", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=pyparsing+2.4.7", "ComponentID": "pkg:pypi/pyparsing@2.4.7", "ComponentName": "pyparsing", "ComponentSupplierName": "Paul McGuire", "ComponentVersion": "2.4.7", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=pyRFC3339+1.1", "ComponentID": "pkg:pypi/pyrfc3339@1.1", "ComponentName": "pyRFC3339", "ComponentSupplierName": "Kurt Raschke", "ComponentVersion": "1.1", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=pyrsistent+0.17.3", "ComponentID": "pkg:pypi/pyrsistent@0.17.3", "ComponentName": "pyrsistent", "ComponentSupplierName": "Tobias Gustafsson", "ComponentVersion": "0.17.3", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=python-dateutil+2.8.1", "ComponentID": "pkg:pypi/python-dateutil@2.8.1", "ComponentName": "python-dateutil", "ComponentSupplierName": "Gustavo Niemeyer", "ComponentVersion": "2.8.1", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=python-gnupg+0.4.7", "ComponentID": "pkg:pypi/python-gnupg@0.4.7", "ComponentName": "python-gnupg", "ComponentSupplierName": "Vinay Sajip", "ComponentVersion": "0.4.7", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=python-multipart+0.0.5", "ComponentID": "pkg:pypi/python-multipart@0.0.5", "ComponentName": "python-multipart", "ComponentSupplierName": "Andrew Dunham", "ComponentVersion": "0.0.5", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=pytz+2020.5", "ComponentID": "pkg:pypi/pytz@2020.5", "ComponentName": "pytz", "ComponentSupplierName": "Stuart Bishop", "ComponentVersion": "2020.5", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=pywin32+300", "ComponentID": "pkg:pypi/pywin32@300", "ComponentName": "pywin32", "ComponentSupplierName": "Mark Hammond (et al)", "ComponentVersion": "300", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=pywin32-ctypes+0.2.0", "ComponentID": "pkg:pypi/pywin32-ctypes@0.2.0", "ComponentName": "pywin32-ctypes", "ComponentSupplierName": "Enthought Inc", "ComponentVersion": "0.2.0", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=PyYAML+5.3.1", "ComponentID": "pkg:pypi/pyyaml@5.3.1", "ComponentName": "PyYAML", "ComponentSupplierName": "Kirill Simonov", "ComponentVersion": "5.3.1", "NumberVulnsReported": "1", "CVE": [ { "CVEID": "CVE-2020-1747", "CVSS": "9.8", "CVEDescription": "A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.", "Exploitable": "N", "FixStatus": "N/A", "AnalysisFindings": "No action required as the vulnerability was reported in prior versions of PyYAML than the one used by SAG-PM " } ] }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=rdflib+5.0.0", "ComponentID": "pkg:pypi/rdflib@5.0.0", "ComponentName": "rdflib", "ComponentSupplierName": "Daniel 'eikeon' Krech", "ComponentVersion": "5.0.0", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=requests+2.25.0", "ComponentID": "pkg:pypi/requests@2.25.0", "ComponentName": "requests", "ComponentSupplierName": "Kenneth Reitz", "ComponentVersion": "2.25.0", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=requests-toolbelt+0.9.1", "ComponentID": "pkg:pypi/requests-toolbelt@0.9.1", "ComponentName": "requests-toolbelt", "ComponentSupplierName": "Ian Cordasco, Cory Benfield", "ComponentVersion": "0.9.1", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=requirements-parser+0.2.0", "ComponentID": "pkg:pypi/requirements-parser@0.2.0", "ComponentName": "requirements-parser", "ComponentSupplierName": "David Fischer", "ComponentVersion": "0.2.0", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=s3transfer+0.3.3", "ComponentID": "pkg:pypi/s3transfer@0.3.3", "ComponentName": "s3transfer", "ComponentSupplierName": "Amazon Web Services", "ComponentVersion": "0.3.3", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=simplejson+3.17.2", "ComponentID": "pkg:pypi/simplejson@3.17.2", "ComponentName": "simplejson", "ComponentSupplierName": "Bob Ippolito", "ComponentVersion": "3.17.2", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=six+1.15.0", "ComponentID": "pkg:pypi/six@1.15.0", "ComponentName": "six", "ComponentSupplierName": "Benjamin Peterson", "ComponentVersion": "1.15.0", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=stix2+2.1.0", "ComponentID": "pkg:pypi/stix2@2.1.0", "ComponentName": "stix2", "ComponentSupplierName": "OASIS Cyber Threat Intelligence Technical Committee", "ComponentVersion": "2.1.0", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=stix2-patterns+1.3.2", "ComponentID": "pkg:pypi/stix2-patterns@1.3.2", "ComponentName": "stix2-patterns", "ComponentSupplierName": "OASIS Cyber Threat Intelligence Technical Committee", "ComponentVersion": "1.3.2", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=taxii2-client+2.2.2", "ComponentID": "pkg:pypi/taxii2-client@2.2.2", "ComponentName": "taxii2-client", "ComponentSupplierName": "OASIS Cyber Threat Intelligence Technical Committee", "ComponentVersion": "2.2.2", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=toml+0.10.2", "ComponentID": "pkg:pypi/toml@0.10.2", "ComponentName": "toml", "ComponentSupplierName": "William Pearson", "ComponentVersion": "0.10.2", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=typing-extensions+3.7.4.3", "ComponentID": "pkg:pypi/typing-extensions@3.7.4.3", "ComponentName": "typing-extensions", "ComponentSupplierName": "Guido van Rossum, Jukka Lehtosalo, Lukasz Langa, Michael Lee", "ComponentVersion": "3.7.4.3", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=urllib3+1.26.2", "ComponentID": "pkg:pypi/urllib3@1.26.2", "ComponentName": "urllib3", "ComponentSupplierName": "Andrey Petrov", "ComponentVersion": "1.26.2", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=wincertstore+0.2", "ComponentID": "pkg:pypi/wincertstore@0.2", "ComponentName": "wincertstore", "ComponentSupplierName": "Christian Heimes", "ComponentVersion": "0.2", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=xmlschema+1.2.5", "ComponentID": "pkg:pypi/xmlschema@1.2.5", "ComponentName": "xmlschema", "ComponentSupplierName": "Davide Brunato", "ComponentVersion": "1.2.5", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=xmltodict+0.12.0", "ComponentID": "pkg:pypi/xmltodict@0.12.0", "ComponentName": "xmltodict", "ComponentSupplierName": "Martin Blech", "ComponentVersion": "0.12.0", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=yarl+1.6.3", "ComponentID": "pkg:pypi/yarl@1.6.3", "ComponentName": "yarl", "ComponentSupplierName": "Andrew Svetlov", "ComponentVersion": "1.6.3", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=zipp+3.5.0", "ComponentID": "pkg:pypi/zipp@3.5.0", "ComponentName": "zipp", "ComponentSupplierName": "Jason R. Coombs", "ComponentVersion": "3.5.0", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=zope.component+5.0.0", "ComponentID": "pkg:pypi/zope.component@5.0.0", "ComponentName": "zope.component", "ComponentSupplierName": "Zope Foundation and Contributors", "ComponentVersion": "5.0.0", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=zope.event+4.5.0", "ComponentID": "pkg:pypi/zope.event@4.5.0", "ComponentName": "zope.event", "ComponentSupplierName": "Zope Foundation and Contributors", "ComponentVersion": "4.5.0", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=zope.hookable+5.0.1", "ComponentID": "pkg:pypi/zope.hookable@5.0.1", "ComponentName": "zope.hookable", "ComponentSupplierName": "Zope Foundation and Contributors", "ComponentVersion": "5.0.1", "NumberVulnsReported": "0" }, { "CVESearchString": "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=zope.interface+5.3.0", "ComponentID": "pkg:pypi/zope.interface@5.3.0", "ComponentName": "zope.interface", "ComponentSupplierName": "Zope Foundation and Contributors", "ComponentVersion": "5.3.0", "NumberVulnsReported": "0" } ] }