Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/52653?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/52653?format=api", "purl": "pkg:npm/console-io@2.6.3", "type": "npm", "namespace": "", "name": "console-io", "version": "2.6.3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.7.0", "latest_non_vulnerable_version": "2.7.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38091?format=api", "vulnerability_id": "VCID-tfyr-1crx-7qat", "summary": "Authentication Bypass\nA malicious user could bypass the authentication and execute any command that the user who is running the console-io application is able to run. This means that if console-io was running from root, the attacker would have full access to the system. This vulnerability exists because the application does not configure socket.io to require authentication, which allows a malicious user to connect via a websocket to send commands and receive the response.", "references": [], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52654?format=api", "purl": "pkg:npm/console-io@2.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/console-io@2.7.0" } ], "aliases": [ "GMS-2016-22" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tfyr-1crx-7qat" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/console-io@2.6.3" }