Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/54679?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/54679?format=api", "purl": "pkg:nuget/Microsoft.AspNetCore.All@1.0.0", "type": "nuget", "namespace": "", "name": "Microsoft.AspNetCore.All", "version": "1.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.0.0-preview1-final", "latest_non_vulnerable_version": "5.0.9", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39492?format=api", "vulnerability_id": "VCID-1ur7-5ks2-7qcp", "summary": "Weak Password Recovery Mechanism for Forgotten Password\nASP.NET Core allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka \"ASP.NET Core Elevation Of Privilege Vulnerability\".", "references": [ { "reference_url": "https://github.com/aspnet/Announcements/issues/295", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/aspnet/Announcements/issues/295" }, { "reference_url": "http://www.securityfocus.com/bid/103282", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/103282" }, { "reference_url": "http://www.securitytracker.com/id/1040525", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1040525" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0787", "reference_id": "CVE-2018-0787", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0787" }, { "reference_url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0787", "reference_id": "CVE-2018-0787", "reference_type": "", "scores": [], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0787" }, { "reference_url": "https://github.com/advisories/GHSA-365p-96qv-xr7g", "reference_id": "GHSA-365p-96qv-xr7g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-365p-96qv-xr7g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54682?format=api", "purl": "pkg:nuget/Microsoft.AspNetCore.All@2.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.0.3" } ], "aliases": [ "CVE-2018-0787", "GHSA-365p-96qv-xr7g" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ur7-5ks2-7qcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39496?format=api", "vulnerability_id": "VCID-8g89-1cr9-gbc6", "summary": "Uncontrolled Resource Consumption\n.NET Core, .NET Core, NET Core and PowerShell Core allow a denial of Service vulnerability due to how specially crafted requests are handled, aka \".NET Core Denial of Service Vulnerability\".", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0522" }, { "reference_url": "https://github.com/dotnet/announcements/issues/62", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/dotnet/announcements/issues/62" }, { "reference_url": "http://www.securityfocus.com/bid/103225", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/103225" }, { "reference_url": "http://www.securitytracker.com/id/1040505", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1040505" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0875", "reference_id": "CVE-2018-0875", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0875" }, { "reference_url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0875", "reference_id": "CVE-2018-0875", "reference_type": "", "scores": [], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0875" }, { "reference_url": "https://github.com/advisories/GHSA-xcvr-qv8h-m7xw", "reference_id": "GHSA-xcvr-qv8h-m7xw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xcvr-qv8h-m7xw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55191?format=api", "purl": "pkg:nuget/Microsoft.AspNetCore.All@2.0.0-preview1-final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.0.0-preview1-final" }, { "url": "http://public2.vulnerablecode.io/api/packages/54682?format=api", "purl": "pkg:nuget/Microsoft.AspNetCore.All@2.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.0.3" } ], "aliases": [ "CVE-2018-0875", "GHSA-xcvr-qv8h-m7xw" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8g89-1cr9-gbc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14?format=api", "vulnerability_id": "VCID-dw22-bazh-4qa9", "summary": "Microsoft Security Advisory CVE-2018-8292: .NET Core Information Disclosure Vulnerability", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2902", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2902" }, { "reference_url": "https://github.com/dotnet/announcements/issues/88", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/dotnet/announcements/issues/88" }, { "reference_url": "http://www.securityfocus.com/bid/105548", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/105548" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8292", "reference_id": "CVE-2018-8292", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8292" }, { "reference_url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292", "reference_id": "CVE-2018-8292", "reference_type": "", "scores": [], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40?format=api", "purl": "pkg:nuget/Microsoft.AspNetCore.All@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3nh7-wm35-3kb2" }, { "vulnerability": "VCID-v6vu-9ybt-tqbc" }, { "vulnerability": "VCID-xgtm-9d66-rugc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.1.1" } ], "aliases": [ "CVE-2018-8292" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dw22-bazh-4qa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4?format=api", "vulnerability_id": "VCID-ju3g-r5sj-4ueq", "summary": "Microsoft Security Advisory CVE-2017-8700: CORS bypass can enable Information Disclosure", "references": [ { "reference_url": "https://github.com/aspnet/Announcements/issues/279", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/aspnet/Announcements/issues/279" }, { "reference_url": "https://github.com/github/advisory-database/issues/302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/github/advisory-database/issues/302" }, { "reference_url": "http://www.securityfocus.com/bid/101712", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101712" }, { "reference_url": "http://www.securitytracker.com/id/1039793", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039793" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8700", "reference_id": "CVE-2017-8700", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8700" }, { "reference_url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700", "reference_id": "CVE-2017-8700", "reference_type": "", "scores": [], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700" }, { "reference_url": "https://github.com/advisories/GHSA-3rp6-rjw4-cq39", "reference_id": "GHSA-3rp6-rjw4-cq39", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3rp6-rjw4-cq39" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54682?format=api", "purl": "pkg:nuget/Microsoft.AspNetCore.All@2.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.0.3" } ], "aliases": [ "CVE-2017-8700", "GHSA-3rp6-rjw4-cq39" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ju3g-r5sj-4ueq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10?format=api", "vulnerability_id": "VCID-q249-gkbg-b3bs", "summary": "Microsoft Security Advisory CVE-2018-8356: .NET Core Security Feature Bypass Vulnerability", "references": [ { "reference_url": "https://github.com/dotnet/announcements/issues/73", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/dotnet/announcements/issues/73" }, { "reference_url": "https://github.com/github/advisory-database/issues/302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/github/advisory-database/issues/302" }, { "reference_url": "http://www.securityfocus.com/bid/104664", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104664" }, { "reference_url": "http://www.securitytracker.com/id/1041257", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1041257" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8356", "reference_id": "CVE-2018-8356", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8356" }, { "reference_url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356", "reference_id": "CVE-2018-8356", "reference_type": "", "scores": [], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356" }, { "reference_url": "https://github.com/advisories/GHSA-p9wx-v264-q34p", "reference_id": "GHSA-p9wx-v264-q34p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p9wx-v264-q34p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54682?format=api", "purl": "pkg:nuget/Microsoft.AspNetCore.All@2.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.0.3" } ], "aliases": [ "CVE-2018-8356", "GHSA-p9wx-v264-q34p" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q249-gkbg-b3bs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39495?format=api", "vulnerability_id": "VCID-tbhf-u22y-cfa1", "summary": "Privilege Escalation\nASP.NET Core allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka \"ASP.NET Core Elevation Of Privilege Vulnerability\". This CVE is unique from CVE-2018-0784.", "references": [ { "reference_url": "http://www.securityfocus.com/bid/103226", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/103226" }, { "reference_url": "http://www.securitytracker.com/id/1040504", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1040504" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0808", "reference_id": "CVE-2018-0808", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0808" }, { "reference_url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0808", "reference_id": "CVE-2018-0808", "reference_type": "", "scores": [], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0808" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54682?format=api", "purl": "pkg:nuget/Microsoft.AspNetCore.All@2.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.0.3" } ], "aliases": [ "CVE-2018-0808" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tbhf-u22y-cfa1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11?format=api", "vulnerability_id": "VCID-zrsj-apsr-wqh1", "summary": "Microsoft Security Advisory CVE-2018-8171: ASP.NET Core Security Feature Bypass Vulnerability", "references": [ { "reference_url": "https://github.com/aspnet/Announcements/issues/310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/aspnet/Announcements/issues/310" }, { "reference_url": "http://www.securityfocus.com/bid/104659", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104659" }, { "reference_url": "http://www.securitytracker.com/id/1041267", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1041267" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8171", "reference_id": "CVE-2018-8171", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8171" }, { "reference_url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171", "reference_id": "CVE-2018-8171", "reference_type": "", "scores": [], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171" }, { "reference_url": "https://github.com/advisories/GHSA-vhvh-528q-ff3p", "reference_id": "GHSA-vhvh-528q-ff3p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vhvh-528q-ff3p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54682?format=api", "purl": "pkg:nuget/Microsoft.AspNetCore.All@2.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.0.3" } ], "aliases": [ "CVE-2018-8171", "GHSA-vhvh-528q-ff3p" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zrsj-apsr-wqh1" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@1.0.0" }