Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/51494?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/51494?format=api", "purl": "pkg:gem/devise@2.2.3", "type": "gem", "namespace": "", "name": "devise", "version": "2.2.3", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.2.5", "latest_non_vulnerable_version": "4.6.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37534?format=api", "vulnerability_id": "VCID-pxuq-hc2x-cbh4", "summary": "Devise Database Type Conversion Crafted Request Parsing Security Bypass\nUsing a specially crafted request, an attacker could trick the database type conversion code to return incorrect records. For some token values this could allow an attacker to bypass the proper checks and gain control of other accounts.", "references": [ { "reference_url": "http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51491?format=api", "purl": "pkg:gem/devise@1.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/devise@1.5.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/51492?format=api", "purl": "pkg:gem/devise@2.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/devise@2.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/51493?format=api", "purl": "pkg:gem/devise@2.1.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/devise@2.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51494?format=api", "purl": "pkg:gem/devise@2.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/devise@2.2.3" } ], "aliases": [ "CVE-2013-0233" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pxuq-hc2x-cbh4" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/devise@2.2.3" }