Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/21047?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/21047?format=api", "purl": "pkg:composer/silverstripe/cms@3.0.0", "type": "composer", "namespace": "silverstripe", "name": "cms", "version": "3.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.11.3", "latest_non_vulnerable_version": "4.11.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7084?format=api", "vulnerability_id": "VCID-qdtk-twxp-2kbv", "summary": "Incorrect Permission Assignment for Critical Resource\nSiteTree Creation Permission Vulnerability in silverstripe.", "references": [ { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-008-sitetree-creation-permission-vulnerability/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-008-sitetree-creation-permission-vulnerability/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21049?format=api", "purl": "pkg:composer/silverstripe/cms@3.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-658d-vmwt-f7e8" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-g366-c4n9-vfcs" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-jdyv-jdju-kbb2" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kz63-ftzc-tudk" }, { "vulnerability": "VCID-wpu5-3h5v-wuhj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/21050?format=api", "purl": "pkg:composer/silverstripe/cms@3.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-658d-vmwt-f7e8" }, { "vulnerability": "VCID-agbu-v7vd-fyc8" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-g366-c4n9-vfcs" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-jdyv-jdju-kbb2" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kz63-ftzc-tudk" }, { "vulnerability": "VCID-mr46-bvjx-n7ar" }, { "vulnerability": "VCID-qjey-bhrt-kud4" }, { "vulnerability": "VCID-wpu5-3h5v-wuhj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.1.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/152024?format=api", "purl": "pkg:composer/silverstripe/cms@3.1.13-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-658d-vmwt-f7e8" }, { "vulnerability": "VCID-agbu-v7vd-fyc8" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-g366-c4n9-vfcs" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-jdyv-jdju-kbb2" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kz63-ftzc-tudk" }, { "vulnerability": "VCID-mr46-bvjx-n7ar" }, { "vulnerability": "VCID-qjey-bhrt-kud4" }, { "vulnerability": "VCID-wpu5-3h5v-wuhj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.1.13-rc1" } ], "aliases": [ "SS-2015-008-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qdtk-twxp-2kbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19773?format=api", "vulnerability_id": "VCID-rbft-1w3r-3ub7", "summary": "Silverstripe SiteTree Creation Permission Vulnerability\nA vulnerability exists in the permission validation for SiteTree object creation. By default user permissions are not validated by the SiteTree::canCreate method, unless overridden by user code or via the configuration system.\n\nThis vulnerability will allow users, or unauthenticated guests, to create new SiteTree objects in the database. This vulnerability is present when such users are given CMS access via other means, or if there is another mechanism (such as RestfulServer module) which allows model editing and relies on model-level permission checks.\n\nThis vulnerability is restricted to the creation of draft or live pages, and does not allow users to edit, publish, or unpublish existing pages.\n\nAll users should upgrade as soon as possible.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/SS-2015-008-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/SS-2015-008-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-cms" }, { "reference_url": "https://github.com/silverstripe/silverstripe-cms/commit/3df41e1176385215f15fffb04fcba033a5151fb4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-cms/commit/3df41e1176385215f15fffb04fcba033a5151fb4" }, { "reference_url": "https://github.com/silverstripe/silverstripe-cms/commit/64955e57d1239975183f47d3ac8c3e801ddbf122", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-cms/commit/64955e57d1239975183f47d3ac8c3e801ddbf122" }, { "reference_url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-008-sitetree-creation-permission-vulnerability", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/software/download/security-releases/ss-2015-008-sitetree-creation-permission-vulnerability" }, { "reference_url": "https://github.com/advisories/GHSA-3mm9-2p44-rw39", "reference_id": "GHSA-3mm9-2p44-rw39", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3mm9-2p44-rw39" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21049?format=api", "purl": "pkg:composer/silverstripe/cms@3.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-658d-vmwt-f7e8" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-g366-c4n9-vfcs" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-jdyv-jdju-kbb2" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kz63-ftzc-tudk" }, { "vulnerability": "VCID-wpu5-3h5v-wuhj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/21050?format=api", "purl": "pkg:composer/silverstripe/cms@3.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-658d-vmwt-f7e8" }, { "vulnerability": "VCID-agbu-v7vd-fyc8" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-g366-c4n9-vfcs" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-j6ze-f76y-cqgy" }, { "vulnerability": "VCID-jdyv-jdju-kbb2" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kz63-ftzc-tudk" }, { "vulnerability": "VCID-mr46-bvjx-n7ar" }, { "vulnerability": "VCID-qjey-bhrt-kud4" }, { "vulnerability": "VCID-wpu5-3h5v-wuhj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.1.11" } ], "aliases": [ "GHSA-3mm9-2p44-rw39" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rbft-1w3r-3ub7" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.0.0" }