Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/52669?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/52669?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.1.0", "type": "maven", "namespace": "org.apache.struts", "name": "struts2-core", "version": "2.1.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.3.31", "latest_non_vulnerable_version": "7.1.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44120?format=api", "vulnerability_id": "VCID-3bjt-18pc-vfe8", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) \" (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.", "references": [ { "reference_url": "https://github.com/apache/struts/commit/09147ffad2b3046ed21af0f524c5088e2ac551e6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/09147ffad2b3046ed21af0f524c5088e2ac551e6" }, { "reference_url": "https://github.com/apache/struts/commit/bd3f2f59c9b09f70aed3ebab6bb69b464ee2d6cb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/bd3f2f59c9b09f70aed3ebab6bb69b464ee2d6cb" }, { "reference_url": "https://github.com/apache/struts/commit/dae026a0f0511f83852053bae9d5a622e7f80486", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/dae026a0f0511f83852053bae9d5a622e7f80486" }, { "reference_url": "https://issues.apache.org/struts/browse/WW-2414", "reference_id": "", "reference_type": "", "scores": [], "url": "https://issues.apache.org/struts/browse/WW-2414" }, { "reference_url": "https://issues.apache.org/struts/browse/WW-2427", "reference_id": "", "reference_type": "", "scores": [], "url": "https://issues.apache.org/struts/browse/WW-2427" }, { "reference_url": "https://web.archive.org/web/20080610075918/http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449i20.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20080610075918/http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449i20.html" }, { "reference_url": "https://web.archive.org/web/20080611112834/http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20080611112834/http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449.html" }, { "reference_url": "https://web.archive.org/web/20200229155553/http://www.securityfocus.com/bid/34686", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20200229155553/http://www.securityfocus.com/bid/34686" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-6682", "reference_id": "CVE-2008-6682", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-6682" }, { "reference_url": "https://github.com/advisories/GHSA-jgcr-9c2q-rvp8", "reference_id": "GHSA-jgcr-9c2q-rvp8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jgcr-9c2q-rvp8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55261?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dj42-wym9-nbhv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.1.1" } ], "aliases": [ "CVE-2008-6682", "GHSA-jgcr-9c2q-rvp8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3bjt-18pc-vfe8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38856?format=api", "vulnerability_id": "VCID-dvxu-9sh6-qbef", "summary": "Improper Input Validation\nUsing an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.", "references": [ { "reference_url": "https://struts.apache.org/docs/s2-053.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://struts.apache.org/docs/s2-053.html" }, { "reference_url": "http://www.securityfocus.com/bid/100829", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100829" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12611", "reference_id": "CVE-2017-12611", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12611" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54100?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.34", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.34" }, { "url": "http://public2.vulnerablecode.io/api/packages/53731?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hrky-nmnv-g3eu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12" } ], "aliases": [ "CVE-2017-12611" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dvxu-9sh6-qbef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38100?format=api", "vulnerability_id": "VCID-z1jy-4da2-tyhk", "summary": "Improper Input Validation\n`XSLTResult` in Apache Struts allows remote attackers to execute arbitrary code via the stylesheet location parameter.", "references": [ { "reference_url": "http://struts.apache.org/docs/s2-031.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-031.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3082", "reference_id": "CVE-2016-3082", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3082" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52682?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mmth-7rgf-aqfa" }, { "vulnerability": "VCID-qdsq-8td3-5qa1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/52636?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.24.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dvxu-9sh6-qbef" }, { "vulnerability": "VCID-hrky-nmnv-g3eu" }, { "vulnerability": "VCID-mmth-7rgf-aqfa" }, { "vulnerability": "VCID-qdsq-8td3-5qa1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/52683?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.28.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dvxu-9sh6-qbef" }, { "vulnerability": "VCID-hrky-nmnv-g3eu" }, { "vulnerability": "VCID-mmth-7rgf-aqfa" }, { "vulnerability": "VCID-qdsq-8td3-5qa1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28.1" } ], "aliases": [ "CVE-2016-3082" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z1jy-4da2-tyhk" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.1.0" }