Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/54994?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/54994?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.1", "type": "maven", "namespace": "com.fasterxml.jackson.core", "name": "jackson-databind", "version": "2.7.9.1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.7.9.2", "latest_non_vulnerable_version": "2.16.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39380?format=api", "vulnerability_id": "VCID-rg7k-kaxv-2ubx", "summary": "Deserialization of Untrusted Data\nA deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the `readValue` method of the `ObjectMapper`.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/1599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/issues/1599" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/1723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/issues/1723" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/1737", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/issues/1737" }, { "reference_url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true" }, { "reference_url": "http://www.securityfocus.com/bid/99623", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/99623" }, { "reference_url": "http://www.securitytracker.com/id/1039744", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039744" }, { "reference_url": "http://www.securitytracker.com/id/1039947", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039947" }, { "reference_url": "http://www.securitytracker.com/id/1040360", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1040360" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525", "reference_id": "CVE-2017-7525", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54993?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/54994?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/54995?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.9" } ], "aliases": [ "CVE-2017-7525" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rg7k-kaxv-2ubx" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.1" }