Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/55832?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/55832?format=api", "purl": "pkg:composer/symfony/security-http@2.8.0", "type": "composer", "namespace": "symfony", "name": "security-http", "version": "2.8.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.8.6", "latest_non_vulnerable_version": "6.3.8", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40985?format=api", "vulnerability_id": "VCID-23hr-yznx-c3fb", "summary": "Improper Authentication\nIn Symfony, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled.", "references": [ { "reference_url": "https://symfony.com/cve-2019-10911", "reference_id": "CVE-2019-10911", "reference_type": "", "scores": [], "url": "https://symfony.com/cve-2019-10911" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58013?format=api", "purl": "pkg:composer/symfony/security-http@2.8.50", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@2.8.50" }, { "url": "http://public2.vulnerablecode.io/api/packages/58014?format=api", "purl": "pkg:composer/symfony/security-http@3.4.26", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@3.4.26" }, { "url": "http://public2.vulnerablecode.io/api/packages/58015?format=api", "purl": "pkg:composer/symfony/security-http@4.2.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@4.2.7" } ], "aliases": [ "CVE-2019-10911" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-23hr-yznx-c3fb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39965?format=api", "vulnerability_id": "VCID-ef86-hqv4-6kaz", "summary": "Cross-Site Request Forgery (CSRF)\nBy default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.", "references": [ { "reference_url": "https://symfony.com/cve-2018-11406", "reference_id": "CVE-2018-11406", "reference_type": "", "scores": [], "url": "https://symfony.com/cve-2018-11406" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55836?format=api", "purl": "pkg:composer/symfony/security-http@2.8.41", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@2.8.41" }, { "url": "http://public2.vulnerablecode.io/api/packages/55837?format=api", "purl": "pkg:composer/symfony/security-http@3.4.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@3.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/55838?format=api", "purl": "pkg:composer/symfony/security-http@4.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@4.0.11" } ], "aliases": [ "CVE-2018-11406" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ef86-hqv4-6kaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40526?format=api", "vulnerability_id": "VCID-mew1-9shg-mugs", "summary": "URL Redirection to Untrusted Site (Open Redirect)\nBy using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login.", "references": [ { "reference_url": "https://symfony.com/cve-2018-19790", "reference_id": "CVE-2018-19790", "reference_type": "", "scores": [], "url": "https://symfony.com/cve-2018-19790" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57163?format=api", "purl": "pkg:composer/symfony/security-http@2.8.49", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@2.8.49" }, { "url": "http://public2.vulnerablecode.io/api/packages/57164?format=api", "purl": "pkg:composer/symfony/security-http@3.4.20", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@3.4.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/57165?format=api", "purl": "pkg:composer/symfony/security-http@4.0.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@4.0.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/57166?format=api", "purl": "pkg:composer/symfony/security-http@4.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@4.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/57167?format=api", "purl": "pkg:composer/symfony/security-http@4.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@4.2.1" } ], "aliases": [ "CVE-2018-19790" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mew1-9shg-mugs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39963?format=api", "vulnerability_id": "VCID-vyug-krcw-jyef", "summary": "Session Fixation\nA session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.", "references": [ { "reference_url": "https://symfony.com/cve-2018-11385", "reference_id": "CVE-2018-11385", "reference_type": "", "scores": [], "url": "https://symfony.com/cve-2018-11385" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55836?format=api", "purl": "pkg:composer/symfony/security-http@2.8.41", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@2.8.41" }, { "url": "http://public2.vulnerablecode.io/api/packages/55837?format=api", "purl": "pkg:composer/symfony/security-http@3.4.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@3.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/55838?format=api", "purl": "pkg:composer/symfony/security-http@4.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@4.0.11" } ], "aliases": [ "CVE-2018-11385" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vyug-krcw-jyef" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@2.8.0" }