https
GET
api.github.com
None
/advisories/GHSA-wqc8-x2pr-7jqh
{'Authorization': 'Basic login_and_password_removed', 'User-Agent': 'PyGithub/Python'}
None
200
[('Server', 'GitHub.com'), ('Date', 'Fri, 28 Jul 2023 15:45:01 GMT'), ('Content-Type', 'application/json; charset=utf-8'), ('Transfer-Encoding', 'chunked'), ('Cache-Control', 'private, max-age=60, s-maxage=60'), ('Vary', 'Accept, Authorization, Cookie, X-GitHub-OTP, Accept-Encoding, Accept, X-Requested-With'), ('ETag', 'W/"16da74fc86f276cf5a9a88af936c110c3cdd7122261ec3c77e1eedf669665da8"'), ('Last-Modified', 'Thu, 20 Jul 2023 18:59:27 GMT'), ('X-OAuth-Scopes', 'gist, read:org, repo'), ('X-Accepted-OAuth-Scopes', ''), ('github-authentication-token-expiration', '2023-08-25 20:47:49 UTC'), ('X-GitHub-Media-Type', 'github.v3; format=json'), ('x-github-api-version-selected', '2022-11-28'), ('X-RateLimit-Limit', '5000'), ('X-RateLimit-Remaining', '4999'), ('X-RateLimit-Reset', '1690562701'), ('X-RateLimit-Used', '1'), ('X-RateLimit-Resource', 'core'), ('Access-Control-Expose-Headers', 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset'), ('Access-Control-Allow-Origin', '*'), ('Strict-Transport-Security', 'max-age=31536000; includeSubdomains; preload'), ('X-Frame-Options', 'deny'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '0'), ('Referrer-Policy', 'origin-when-cross-origin, strict-origin-when-cross-origin'), ('Content-Security-Policy', "default-src 'none'"), ('Content-Encoding', 'gzip'), ('X-GitHub-Request-Id', 'E388:5C10:369FC9:6E4C05:64C3E27D')]
{"ghsa_id":"GHSA-wqc8-x2pr-7jqh","cve_id":"CVE-2023-37271","url":"https://api.github.com/advisories/GHSA-wqc8-x2pr-7jqh","html_url":"https://github.com/advisories/GHSA-wqc8-x2pr-7jqh","summary":"RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape","description":"### Impact\n\nRestrictedPython does not check access to stack frames...","type":"reviewed","severity":"high","repository_advisory_url":"https://api.github.com/repos/zopefoundation/RestrictedPython/security-advisories/GHSA-wqc8-x2pr-7jqh","source_code_location":"https://github.com/zopefoundation/RestrictedPython","identifiers":[{"value":"GHSA-wqc8-x2pr-7jqh","type":"GHSA"},{"value":"CVE-2023-37271","type":"CVE"}],"references":["https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-wqc8-x2pr-7jqh","https://github.com/zopefoundation/RestrictedPython/commit/c8eca66ae49081f0016d2e1f094c3d72095ef531","https://nvd.nist.gov/vuln/detail/CVE-2023-37271","https://github.com/pypa/advisory-database/tree/main/vulns/restrictedpython/PYSEC-2023-118.yaml","https://github.com/advisories/GHSA-wqc8-x2pr-7jqh"],"published_at":"2023-07-10T21:53:22Z","updated_at":"2023-07-20T18:59:27Z","github_reviewed_at":"2023-07-10T21:53:22Z","nvd_published_at":null,"withdrawn_at":null,"vulnerabilities":[{"package":{"ecosystem":"pip","name":"RestrictedPython"},"vulnerable_version_range":"< 5.3","first_patched_version":"5.3","vulnerable_functions":[]},{"package":{"ecosystem":"pip","name":"RestrictedPython"},"vulnerable_version_range":">= 6.0a1.dev0, < 6.1","first_patched_version":"6.1","vulnerable_functions":[]},{"package":{"ecosystem":"pip","name":"restrictedpython"},"vulnerable_version_range":">= 0, < 5.3","first_patched_version":"5.3","vulnerable_functions":[]}],"cvss":{"vector_string":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L","score":8.4},"cwes":[{"cwe_id":"CWE-913","name":"Improper Control of Dynamically-Managed Code Resources"}],"credits":[{"user":{"login":"loechel","id":1766708,"node_id":"MDQ6VXNlcjE3NjY3MDg=","avatar_url":"https://avatars.githubusercontent.com/u/1766708?v=4","gravatar_id":"","url":"https://api.github.com/users/loechel","html_url":"https://github.com/loechel","followers_url":"https://api.github.com/users/loechel/followers","following_url":"https://api.github.com/users/loechel/following{/other_user}","gists_url":"https://api.github.com/users/loechel/gists{/gist_id}","starred_url":"https://api.github.com/users/loechel/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/loechel/subscriptions","organizations_url":"https://api.github.com/users/loechel/orgs","repos_url":"https://api.github.com/users/loechel/repos","events_url":"https://api.github.com/users/loechel/events{/privacy}","received_events_url":"https://api.github.com/users/loechel/received_events","type":"User","site_admin":false},"type":"remediation_developer"},{"user":{"login":"Quasar0147","id":102931302,"node_id":"U_kgDOBiKbZg","avatar_url":"https://avatars.githubusercontent.com/u/102931302?v=4","gravatar_id":"","url":"https://api.github.com/users/Quasar0147","html_url":"https://github.com/Quasar0147","followers_url":"https://api.github.com/users/Quasar0147/followers","following_url":"https://api.github.com/users/Quasar0147/following{/other_user}","gists_url":"https://api.github.com/users/Quasar0147/gists{/gist_id}","starred_url":"https://api.github.com/users/Quasar0147/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/Quasar0147/subscriptions","organizations_url":"https://api.github.com/users/Quasar0147/orgs","repos_url":"https://api.github.com/users/Quasar0147/repos","events_url":"https://api.github.com/users/Quasar0147/events{/privacy}","received_events_url":"https://api.github.com/users/Quasar0147/received_events","type":"User","site_admin":false},"type":"reporter"},{"user":{"login":"despawningbone","id":22096984,"node_id":"MDQ6VXNlcjIyMDk2OTg0","avatar_url":"https://avatars.githubusercontent.com/u/22096984?v=4","gravatar_id":"","url":"https://api.github.com/users/despawningbone","html_url":"https://github.com/despawningbone","followers_url":"https://api.github.com/users/despawningbone/followers","following_url":"https://api.github.com/users/despawningbone/following{/other_user}","gists_url":"https://api.github.com/users/despawningbone/gists{/gist_id}","starred_url":"https://api.github.com/users/despawningbone/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/despawningbone/subscriptions","organizations_url":"https://api.github.com/users/despawningbone/orgs","repos_url":"https://api.github.com/users/despawningbone/repos","events_url":"https://api.github.com/users/despawningbone/events{/privacy}","received_events_url":"https://api.github.com/users/despawningbone/received_events","type":"User","site_admin":false},"type":"reporter"},{"user":{"login":"dataflake","id":1215784,"node_id":"MDQ6VXNlcjEyMTU3ODQ=","avatar_url":"https://avatars.githubusercontent.com/u/1215784?v=4","gravatar_id":"","url":"https://api.github.com/users/dataflake","html_url":"https://github.com/dataflake","followers_url":"https://api.github.com/users/dataflake/followers","following_url":"https://api.github.com/users/dataflake/following{/other_user}","gists_url":"https://api.github.com/users/dataflake/gists{/gist_id}","starred_url":"https://api.github.com/users/dataflake/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dataflake/subscriptions","organizations_url":"https://api.github.com/users/dataflake/orgs","repos_url":"https://api.github.com/users/dataflake/repos","events_url":"https://api.github.com/users/dataflake/events{/privacy}","received_events_url":"https://api.github.com/users/dataflake/received_events","type":"User","site_admin":false},"type":"coordinator"},{"user":{"login":"nneonneo","id":75449,"node_id":"MDQ6VXNlcjc1NDQ5","avatar_url":"https://avatars.githubusercontent.com/u/75449?v=4","gravatar_id":"","url":"https://api.github.com/users/nneonneo","html_url":"https://github.com/nneonneo","followers_url":"https://api.github.com/users/nneonneo/followers","following_url":"https://api.github.com/users/nneonneo/following{/other_user}","gists_url":"https://api.github.com/users/nneonneo/gists{/gist_id}","starred_url":"https://api.github.com/users/nneonneo/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nneonneo/subscriptions","organizations_url":"https://api.github.com/users/nneonneo/orgs","repos_url":"https://api.github.com/users/nneonneo/repos","events_url":"https://api.github.com/users/nneonneo/events{/privacy}","received_events_url":"https://api.github.com/users/nneonneo/received_events","type":"User","site_admin":false},"type":"other"}]}