Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1066999?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1066999?format=api", "purl": "pkg:nuget/NuGet.Protocol@6.8.2", "type": "nuget", "namespace": "", "name": "NuGet.Protocol", "version": "6.8.2", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "6.11.2", "latest_non_vulnerable_version": "7.3.1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/352008?format=api", "vulnerability_id": "VCID-xxrj-7szv-s3cm", "summary": "Defense in Depth update for NuGet Client\n### Impact\nThis update adds validation of the package ID and version during package download, in addition to the existing package signature validation.\n\n### Patches\n\n#### NuGet\n\nThe following NuGet.exe, NuGet.CommandLine, NuGet.Packaging, and NuGet.Protocol versions have been patched:\n\n|Affected versions|Patched version|\n|--|--|\n|>= 4.9.0, <= 4.9.6|4.9.7|\n|>= 5.11.0, <= 5.11.6|5.11.7|\n|>= 6.8.0, <= 6.8.1|6.8.2|\n|>= 6.11.0, <= 6.11.1|6.11.2|\n|>= 6.12.0, <= 6.12.4|6.12.5|\n|>= 6.14.0, <= 6.14.2|6.14.3|\n|>= 7.0.0, <= 7.0.2|7.0.3|\n|7.3.0|7.3.1|\n\n#### .NET SDK\n\n* .NET 8.0.126 SDK\n* .NET 8.0.420 SDK\n* .NET 9.0.116 SDK\n* .NET 9.0.313 SDK\n* .NET 10.0.106 SDK\n* .NET 10.0.202 SDK\n\n### Workarounds\nN/A\n\n### References\nhttps://github.com/NuGet/NuGetGallery/security/advisories/GHSA-9r3h-v4hx-rhfr\n\n### Credit\n[splitline](https://x.com/_splitline_) with [DEVCORE](https://devco.re/)", "references": [ { "reference_url": "https://github.com/NuGet/NuGet.Client", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/NuGet/NuGet.Client" }, { "reference_url": "https://github.com/NuGet/NuGet.Client/security/advisories/GHSA-g4vj-cjjj-v7hg", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/NuGet/NuGet.Client/security/advisories/GHSA-g4vj-cjjj-v7hg" }, { "reference_url": "https://github.com/NuGet/NuGetGallery/security/advisories/GHSA-9r3h-v4hx-rhfr", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/NuGet/NuGetGallery/security/advisories/GHSA-9r3h-v4hx-rhfr" }, { "reference_url": "https://github.com/advisories/GHSA-g4vj-cjjj-v7hg", "reference_id": "GHSA-g4vj-cjjj-v7hg", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g4vj-cjjj-v7hg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1066997?format=api", "purl": "pkg:nuget/NuGet.Protocol@4.9.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@4.9.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066998?format=api", "purl": "pkg:nuget/NuGet.Protocol@5.11.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@5.11.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066999?format=api", "purl": "pkg:nuget/NuGet.Protocol@6.8.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@6.8.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067000?format=api", "purl": "pkg:nuget/NuGet.Protocol@6.11.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@6.11.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067001?format=api", "purl": "pkg:nuget/NuGet.Protocol@6.12.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@6.12.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067002?format=api", "purl": "pkg:nuget/NuGet.Protocol@6.14.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@6.14.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067003?format=api", "purl": "pkg:nuget/NuGet.Protocol@7.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@7.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067005?format=api", "purl": "pkg:nuget/NuGet.Protocol@7.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@7.3.1" } ], "aliases": [ "GHSA-g4vj-cjjj-v7hg" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xxrj-7szv-s3cm" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@6.8.2" }