Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/15779?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/15779?format=api", "purl": "pkg:pypi/netius@0.3.9", "type": "pypi", "namespace": "", "name": "netius", "version": "0.3.9", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.17.58", "latest_non_vulnerable_version": "1.17.58", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35564?format=api", "vulnerability_id": "VCID-82n4-wc6g-wua6", "summary": "netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing which could allow for CL:TE or TE:TE attacks.", "references": [ { "reference_url": "https://github.com/advisories/GHSA-wm2m-xrrp-j74c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wm2m-xrrp-j74c" }, { "reference_url": "https://snyk.io/vuln/SNYK-PYTHON-NETIUS-569141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://snyk.io/vuln/SNYK-PYTHON-NETIUS-569141" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16460?format=api", "purl": "pkg:pypi/netius@1.17.58", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/netius@1.17.58" } ], "aliases": [ "CVE-2020-7655", "GHSA-wm2m-xrrp-j74c", "PYSEC-2020-242", "SNYK-PYTHON-NETIUS-569141" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-82n4-wc6g-wua6" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/netius@0.3.9" }