Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/55415?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/55415?format=api", "purl": "pkg:maven/org.apache.uima/uimaj-core@3.0.0", "type": "maven", "namespace": "org.apache.uima", "name": "uimaj-core", "version": "3.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.0.1", "latest_non_vulnerable_version": "3.5.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39593?format=api", "vulnerability_id": "VCID-58fr-28tp-v7cx", "summary": "Improper Restriction of XML External Entity Reference\nThis vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part of its configuration and operation may read XML from various sources, which could be tainted in ways to cause inadvertent disclosure of local files or other internal content.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1545", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1545" }, { "reference_url": "https://lists.apache.org/thread.html/00407c65738e625a8cc9d732923a4ab2d8299603cc7c7e5cc2da9c79@%3Ccommits.uima.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/00407c65738e625a8cc9d732923a4ab2d8299603cc7c7e5cc2da9c79@%3Ccommits.uima.apache.org%3E" }, { "reference_url": "https://uima.apache.org/security_report#CVE-2017-15691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://uima.apache.org/security_report#CVE-2017-15691" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15691", "reference_id": "CVE-2017-15691", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15691" }, { "reference_url": "https://github.com/advisories/GHSA-wp2f-hrg2-3r5m", "reference_id": "GHSA-wp2f-hrg2-3r5m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wp2f-hrg2-3r5m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55417?format=api", "purl": "pkg:maven/org.apache.uima/uimaj-core@3.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.uima/uimaj-core@3.0.1" } ], "aliases": [ "CVE-2017-15691", "GHSA-wp2f-hrg2-3r5m" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-58fr-28tp-v7cx" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.uima/uimaj-core@3.0.0" }