Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/51226?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/51226?format=api", "purl": "pkg:gem/rack@1.2.5", "type": "gem", "namespace": "", "name": "rack", "version": "1.2.5", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.2.8", "latest_non_vulnerable_version": "3.2.5", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37420?format=api", "vulnerability_id": "VCID-hxfx-e71r-9ye8", "summary": "Hash Collision Form Parameter Parsing Remote DoS\nThis package contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.", "references": [ { "reference_url": "http://osvdb.org/show/osvdb/78121", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/show/osvdb/78121" }, { "reference_url": "https://github.com/rack/rack/commit/09c5e53f11a491c25bef873ed146842f3cd03228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rack/rack/commit/09c5e53f11a491c25bef873ed146842f3cd03228" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51225?format=api", "purl": "pkg:gem/rack@1.1.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51226?format=api", "purl": "pkg:gem/rack@1.2.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/51227?format=api", "purl": "pkg:gem/rack@1.3.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/51228?format=api", "purl": "pkg:gem/rack@1.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6dhj-xgsb-nkhd" }, { "vulnerability": "VCID-w1cf-9x6v-pyhw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.0" } ], "aliases": [ "CVE-2011-5036" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hxfx-e71r-9ye8" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.2.5" }