Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/52623?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/52623?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2", "type": "maven", "namespace": "org.apache.openmeetings", "name": "openmeetings-parent", "version": "3.1.2", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.3.0", "latest_non_vulnerable_version": "7.1.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38066?format=api", "vulnerability_id": "VCID-13a5-bd9x-g7c1", "summary": "Cross-site Scripting\nA Cross-site scripting (XSS) vulnerability in Apache OpenMeetings allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event.", "references": [ { "reference_url": "http://openmeetings.apache.org/security.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openmeetings.apache.org/security.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2163", "reference_id": "CVE-2016-2163", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2163" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52623?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2" } ], "aliases": [ "CVE-2016-2163" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-13a5-bd9x-g7c1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38068?format=api", "vulnerability_id": "VCID-h2vq-z9kt-5fe2", "summary": "Information Exposure\nThe (1) `FileService.importFileByInternalUserId` and (2) `FileService.importFile` SOAP API methods in Apache OpenMeetings improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.", "references": [ { "reference_url": "http://openmeetings.apache.org/security.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openmeetings.apache.org/security.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2164", "reference_id": "CVE-2016-2164", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2164" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52623?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2" } ], "aliases": [ "CVE-2016-2164" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2vq-z9kt-5fe2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38196?format=api", "vulnerability_id": "VCID-r6n7-g747-a7cm", "summary": "Cross-site Scripting\nCross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings allows remote attackers to inject arbitrary web script or HTML via the `swf` parameter.", "references": [ { "reference_url": "http://openmeetings.apache.org/security.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openmeetings.apache.org/security.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3089", "reference_id": "CVE-2016-3089", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3089" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52623?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2" } ], "aliases": [ "CVE-2016-3089" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r6n7-g747-a7cm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43911?format=api", "vulnerability_id": "VCID-wzcc-gkzc-u3cp", "summary": "Deserialization of Untrusted Data\nApache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.", "references": [ { "reference_url": "http://openmeetings.markmail.org/thread/tr47byaaopnemvne", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openmeetings.markmail.org/thread/tr47byaaopnemvne" }, { "reference_url": "http://www.securityfocus.com/bid/94145", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94145" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8736", "reference_id": "CVE-2016-8736", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8736" }, { "reference_url": "https://github.com/advisories/GHSA-6cpg-3w7f-j67q", "reference_id": "GHSA-6cpg-3w7f-j67q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6cpg-3w7f-j67q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52623?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2" } ], "aliases": [ "CVE-2016-8736", "GHSA-6cpg-3w7f-j67q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wzcc-gkzc-u3cp" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2" }