Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/161820?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/161820?format=api", "purl": "pkg:composer/amphp/artax@2.0.5", "type": "composer", "namespace": "amphp", "name": "artax", "version": "2.0.5", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.0.6", "latest_non_vulnerable_version": "2.0.6", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19986?format=api", "vulnerability_id": "VCID-48c5-a36e-dbfd", "summary": "amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance\nIn artax version before 1.0.6 and 2 before 2.0.6, cookies of `foo.bar.example.com` were leaked to `foo.bar`. Additionally, any site could set cookies for any other site. \nArtax fixed this issue by following newer browser implementations now. Cookies can only be set on domains higher or equal to the current domain, but not on any public suffixes.", "references": [ { "reference_url": "https://github.com/amphp/artax", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/amphp/artax" }, { "reference_url": "https://github.com/amphp/artax/commit/25668b891d2bced567bd69611c7d18b6a93d5fc4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/amphp/artax/commit/25668b891d2bced567bd69611c7d18b6a93d5fc4" }, { "reference_url": "https://github.com/amphp/artax/commit/accdadaf78f7a43305c3a97d6a964bbc550a555d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/amphp/artax/commit/accdadaf78f7a43305c3a97d6a964bbc550a555d" }, { "reference_url": "https://github.com/amphp/artax/releases/tag/v2.0.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/amphp/artax/releases/tag/v2.0.6" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/artax/2017-05-09.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/artax/2017-05-09.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-gm98-g2wf-7c68", "reference_id": "GHSA-gm98-g2wf-7c68", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gm98-g2wf-7c68" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/24132?format=api", "purl": "pkg:composer/amphp/artax@2.0.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.6" } ], "aliases": [ "GHSA-gm98-g2wf-7c68" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-48c5-a36e-dbfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7924?format=api", "vulnerability_id": "VCID-j1u4-14p9-9fdn", "summary": "Cookie leakage to wrong origins and non-restricted cookie acceptance", "references": [ { "reference_url": "https://github.com/amphp/artax/releases/tag/v2.0.6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/amphp/artax/releases/tag/v2.0.6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/24132?format=api", "purl": "pkg:composer/amphp/artax@2.0.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.6" } ], "aliases": [ "2017-05-09" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j1u4-14p9-9fdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7919?format=api", "vulnerability_id": "VCID-t4d6-pvhk-mfaw", "summary": "Cookie leakage, non-restricted cookie acceptance\nCookies of `foo.bar.example.com` are leaked to foo.bar. Additionally, any site can set cookies for any other site.", "references": [ { "reference_url": "https://github.com/amphp/artax/releases/tag/v2.0.6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/amphp/artax/releases/tag/v2.0.6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/24132?format=api", "purl": "pkg:composer/amphp/artax@2.0.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.6" } ], "aliases": [ "GMS-2017-131" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t4d6-pvhk-mfaw" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.5" }