Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/28640?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/28640?format=api", "purl": "pkg:pypi/untangle@1.2.0", "type": "pypi", "namespace": "", "name": "untangle", "version": "1.2.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.2.1", "latest_non_vulnerable_version": "1.2.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36153?format=api", "vulnerability_id": "VCID-9y5d-u3us-uuc4", "summary": "untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files.", "references": [ { "reference_url": "https://github.com/advisories/GHSA-f83q-2cp7-qrjg", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f83q-2cp7-qrjg" }, { "reference_url": "https://github.com/stchris/untangle", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/stchris/untangle" }, { "reference_url": "https://github.com/stchris/untangle/releases/tag/1.2.1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/stchris/untangle/releases/tag/1.2.1" }, { "reference_url": "https://jvn.jp/en/jp/JVN30454777/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jvn.jp/en/jp/JVN30454777/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28641?format=api", "purl": "pkg:pypi/untangle@1.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/untangle@1.2.1" } ], "aliases": [ "CVE-2022-31471", "GHSA-f83q-2cp7-qrjg", "PYSEC-2022-244" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9y5d-u3us-uuc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36154?format=api", "vulnerability_id": "VCID-bnwk-w5a8-8fe4", "summary": "untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service (DoS) condition on the server where the product is running.", "references": [ { "reference_url": "https://github.com/advisories/GHSA-7xr3-6ggc-wc9p", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7xr3-6ggc-wc9p" }, { "reference_url": "https://github.com/stchris/untangle", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/stchris/untangle" }, { "reference_url": "https://github.com/stchris/untangle/releases/tag/1.2.1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/stchris/untangle/releases/tag/1.2.1" }, { "reference_url": "https://jvn.jp/en/jp/JVN30454777/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jvn.jp/en/jp/JVN30454777/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28641?format=api", "purl": "pkg:pypi/untangle@1.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/untangle@1.2.1" } ], "aliases": [ "CVE-2022-33977", "GHSA-7xr3-6ggc-wc9p", "PYSEC-2022-243" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bnwk-w5a8-8fe4" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/untangle@1.2.0" }