Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/51228?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/51228?format=api", "purl": "pkg:gem/rack@1.4.0", "type": "gem", "namespace": "", "name": "rack", "version": "1.4.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.4.4", "latest_non_vulnerable_version": "3.2.5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37485?format=api", "vulnerability_id": "VCID-6dhj-xgsb-nkhd", "summary": "Symlink path traversal in Rack::File\nAffected versions allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"", "references": [ { "reference_url": "http://rack.github.com/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rack.github.com/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51373?format=api", "purl": "pkg:gem/rack@1.4.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/51374?format=api", "purl": "pkg:gem/rack@1.5.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.2" } ], "aliases": [ "CVE-2013-0262" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6dhj-xgsb-nkhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37484?format=api", "vulnerability_id": "VCID-w1cf-9x6v-pyhw", "summary": "Timing attack against Rack::Session::Cookie\nAffected versions allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving am HMAC comparison function that does not run in constant time.", "references": [ { "reference_url": "http://rack.github.com/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rack.github.com/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51373?format=api", "purl": "pkg:gem/rack@1.4.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/51374?format=api", "purl": "pkg:gem/rack@1.5.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.2" } ], "aliases": [ "CVE-2013-0263" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w1cf-9x6v-pyhw" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37420?format=api", "vulnerability_id": "VCID-hxfx-e71r-9ye8", "summary": "Hash Collision Form Parameter Parsing Remote DoS\nThis package contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.", "references": [ { "reference_url": "http://osvdb.org/show/osvdb/78121", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/show/osvdb/78121" }, { "reference_url": "https://github.com/rack/rack/commit/09c5e53f11a491c25bef873ed146842f3cd03228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rack/rack/commit/09c5e53f11a491c25bef873ed146842f3cd03228" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51225?format=api", "purl": "pkg:gem/rack@1.1.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51226?format=api", "purl": "pkg:gem/rack@1.2.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/51227?format=api", "purl": "pkg:gem/rack@1.3.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/51228?format=api", "purl": "pkg:gem/rack@1.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6dhj-xgsb-nkhd" }, { "vulnerability": "VCID-w1cf-9x6v-pyhw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.0" } ], "aliases": [ "CVE-2011-5036" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hxfx-e71r-9ye8" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.0" }