Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/23843?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/23843?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.0-alpha0", "type": "composer", "namespace": "silverstripe", "name": "framework", "version": "3.5.0-alpha0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.3.23", "latest_non_vulnerable_version": "6.0.0-alpha1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7802?format=api", "vulnerability_id": "VCID-ya8k-c5s5-47gx", "summary": "XSS In page name\nSilverStripe is vulnerable to XSS via the page name. For instance, page name `\"><svg/onload=alert(/xss/)>` will trigger an XSS alert.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-001/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23845?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3ydp-barm-5ya1" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-bmqt-5ybj-kuf6" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ete7-tupf-63c9" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-j9tk-b3hv-q3c1" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kh99-kpkt-pqdq" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tzmx-hfk2-7ufr" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1" } ], "aliases": [ "SS-2017-001" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ya8k-c5s5-47gx" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.0-alpha0" }