Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/54499?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/54499?format=api", "purl": "pkg:gem/rails@3.0.1", "type": "gem", "namespace": "", "name": "rails", "version": "3.0.1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.0.4", "latest_non_vulnerable_version": "7.1.3.1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39070?format=api", "vulnerability_id": "VCID-8n6u-hbhg-7qdx", "summary": "Improper Input Validation\nRuby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.", "references": [ { "reference_url": "http://secunia.com/advisories/41930", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/41930" }, { "reference_url": "http://securitytracker.com/id?1024624", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1024624" }, { "reference_url": "https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae" }, { "reference_url": "https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585" }, { "reference_url": "https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html" }, { "reference_url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930" }, { "reference_url": "https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624" }, { "reference_url": "http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/2719", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2010/2719" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3933", "reference_id": "CVE-2010-3933", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3933" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml", "reference_id": "CVE-2010-3933.YML", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml" }, { "reference_url": "https://github.com/advisories/GHSA-gjxw-5w2q-7grf", "reference_id": "GHSA-gjxw-5w2q-7grf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gjxw-5w2q-7grf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54498?format=api", "purl": "pkg:gem/rails@2.3.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.3.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/54499?format=api", "purl": "pkg:gem/rails@3.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@3.0.1" } ], "aliases": [ "CVE-2010-3933", "GHSA-gjxw-5w2q-7grf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8n6u-hbhg-7qdx" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@3.0.1" }