Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/laravel/socialite@2.0.4

Type composer

Namespace laravel

Name socialite

Version 2.0.4

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.0.10

Latest_non_vulnerable_version 2.0.10

Affected_by_vulnerabilities

url VCID-21qc-541p-jug6

vulnerability_id VCID-21qc-541p-jug6

summary State guessing vulnerability.

references

reference_url	https://github.com/laravel/socialite/pull/93
reference_id
reference_type
scores
url	https://github.com/laravel/socialite/pull/93

fixed_packages

url	pkg:composer/laravel/socialite@2.0.10
purl	pkg:composer/laravel/socialite@2.0.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/laravel/socialite@2.0.10

aliases GMS-2015-69

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-21qc-541p-jug6

url VCID-ezec-rkuz-wuff

vulnerability_id VCID-ezec-rkuz-wuff

summary

Insecure state generation
State is not pulled of the session, and can be guessed later.

references

reference_url	https://github.com/laravel/socialite/pull/93
reference_id
reference_type
scores
url	https://github.com/laravel/socialite/pull/93

fixed_packages

url	pkg:composer/laravel/socialite@2.0.10
purl	pkg:composer/laravel/socialite@2.0.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/laravel/socialite@2.0.10

aliases GMS-2015-16

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ezec-rkuz-wuff

url VCID-nttt-2yjf-h3f7

vulnerability_id VCID-nttt-2yjf-h3f7

summary Insecure state generation.

references

reference_url	https://github.com/laravel/socialite/pull/91
reference_id
reference_type
scores
url	https://github.com/laravel/socialite/pull/91

fixed_packages

url pkg:composer/laravel/socialite@2.0.9

purl pkg:composer/laravel/socialite@2.0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-21qc-541p-jug6

vulnerability	VCID-ezec-rkuz-wuff

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/socialite@2.0.9

aliases GMS-2015-68

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nttt-2yjf-h3f7

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/laravel/socialite@2.0.4

Package Instance