Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/51739?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/51739?format=api", "purl": "pkg:gem/actionpack@4.1.1", "type": "gem", "namespace": "", "name": "actionpack", "version": "4.1.1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "4.1.7", "latest_non_vulnerable_version": "7.1.3.1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37681?format=api", "vulnerability_id": "VCID-5swj-xwsw-rkac", "summary": "Directory Traversal Vulnerability With Certain Route Configurations\nThe implicit render functionality allows controllers to render a template, even if there is no explicit action with the corresponding name. This module does not perform adequate input sanitization which could allow an attacker to use a specially crafted request to retrieve arbitrary files from the RoR application server.", "references": [ { "reference_url": "http://osvdb.org/show/osvdb/106704", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/show/osvdb/106704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0510", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0510" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0816", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1863", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1863" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1095105", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1095105" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/PyJo7_m-Ehk", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/PyJo7_m-Ehk" }, { "reference_url": "https://web.archive.org/web/20140518192004/http://www.securityfocus.com/bid/67244", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20140518192004/http://www.securityfocus.com/bid/67244" }, { "reference_url": "https://web.archive.org/web/20150319054505/http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20150319054505/http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf" }, { "reference_url": "https://web.archive.org/web/20210411041816/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20210411041816/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0130" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-0130", "reference_id": "CVE-2014-0130", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2014-0130" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0130", "reference_id": "CVE-2014-0130", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0130" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0130.yml", "reference_id": "CVE-2014-0130.YML", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0130.yml" }, { "reference_url": "https://github.com/advisories/GHSA-6x85-j5j2-27jx", "reference_id": "GHSA-6x85-j5j2-27jx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6x85-j5j2-27jx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54580?format=api", "purl": "pkg:gem/actionpack@3.2.18", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/54581?format=api", "purl": "pkg:gem/actionpack@4.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/51739?format=api", "purl": "pkg:gem/actionpack@4.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.1" } ], "aliases": [ "CVE-2014-0130", "GHSA-6x85-j5j2-27jx" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5swj-xwsw-rkac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37639?format=api", "vulnerability_id": "VCID-vex8-56fk-gqdf", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.", "references": [ { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081", "reference_id": "CVE-2014-0081", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51735?format=api", "purl": "pkg:gem/actionpack@3.2.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/51738?format=api", "purl": "pkg:gem/actionpack@4.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51739?format=api", "purl": "pkg:gem/actionpack@4.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.1" } ], "aliases": [ "CVE-2014-0081" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vex8-56fk-gqdf" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.1" }