Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/55257?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/55257?format=api", "purl": "pkg:composer/rap2hpoutre/laravel-log-viewer@0.13.0", "type": "composer", "namespace": "rap2hpoutre", "name": "laravel-log-viewer", "version": "0.13.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39520?format=api", "vulnerability_id": "VCID-xnuf-9uh3-cbb9", "summary": "Cleartext Storage of Sensitive Information\nrap2hpoutre Laravel Log Viewer relies on Base64 encoding, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a download request.", "references": [ { "reference_url": "https://www.exploit-db.com/exploits/44343/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/44343/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8947", "reference_id": "CVE-2018-8947", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8947" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55257?format=api", "purl": "pkg:composer/rap2hpoutre/laravel-log-viewer@0.13.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/rap2hpoutre/laravel-log-viewer@0.13.0" } ], "aliases": [ "CVE-2018-8947" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xnuf-9uh3-cbb9" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/rap2hpoutre/laravel-log-viewer@0.13.0" }