Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/145604?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/145604?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.5-rc1", "type": "composer", "namespace": "silverstripe", "name": "framework", "version": "3.5.5-rc1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.3.23", "latest_non_vulnerable_version": "6.0.0-alpha1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19348?format=api", "vulnerability_id": "VCID-pffp-vtk7-pqby", "summary": "silverstripe/framework sends passwords back to browsers under some circumstances\nUnder some circumstances a form may populate a PasswordField with submitted data, reflecting submitted data back to a user. The user will only see their own submissions for password data, which is not considered best practice. We are not aware of data leaks to other users, devices or sessions.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-013-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2018-013-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/c28f411abd4837cdd9dbf87c4457976e678131cb", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/c28f411abd4837cdd9dbf87c4457976e678131cb" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/f688bcb1a370e41df1b573a24fa3994b3895bacf", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/f688bcb1a370e41df1b573a24fa3994b3895bacf" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2018-013", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2018-013" }, { "reference_url": "https://github.com/advisories/GHSA-vh7q-j8p5-2h4h", "reference_id": "GHSA-vh7q-j8p5-2h4h", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vh7q-j8p5-2h4h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35956?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qak9-2t7g-w3fv" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/59974?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c75p-3hdz-q3b6" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kxyq-vg6e-6uac" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qak9-2t7g-w3fv" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/59975?format=api", "purl": "pkg:composer/silverstripe/framework@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-658d-vmwt-f7e8" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c75p-3hdz-q3b6" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kxyq-vg6e-6uac" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qak9-2t7g-w3fv" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.1" } ], "aliases": [ "GHSA-vh7q-j8p5-2h4h" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pffp-vtk7-pqby" } ], "fixing_vulnerabilities": [], "risk_score": "1.6", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5-rc1" }