Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/55838?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/55838?format=api", "purl": "pkg:composer/symfony/security-http@4.0.11", "type": "composer", "namespace": "symfony", "name": "security-http", "version": "4.0.11", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "4.0.15", "latest_non_vulnerable_version": "6.3.8", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39965?format=api", "vulnerability_id": "VCID-ef86-hqv4-6kaz", "summary": "Cross-Site Request Forgery (CSRF)\nBy default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.", "references": [ { "reference_url": "https://symfony.com/cve-2018-11406", "reference_id": "CVE-2018-11406", "reference_type": "", "scores": [], "url": "https://symfony.com/cve-2018-11406" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55835?format=api", "purl": "pkg:composer/symfony/security-http@2.7.48", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@2.7.48" }, { "url": "http://public2.vulnerablecode.io/api/packages/55836?format=api", "purl": "pkg:composer/symfony/security-http@2.8.41", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@2.8.41" }, { "url": "http://public2.vulnerablecode.io/api/packages/55837?format=api", "purl": "pkg:composer/symfony/security-http@3.4.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@3.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/55838?format=api", "purl": "pkg:composer/symfony/security-http@4.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@4.0.11" } ], "aliases": [ "CVE-2018-11406" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ef86-hqv4-6kaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39963?format=api", "vulnerability_id": "VCID-vyug-krcw-jyef", "summary": "Session Fixation\nA session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.", "references": [ { "reference_url": "https://symfony.com/cve-2018-11385", "reference_id": "CVE-2018-11385", "reference_type": "", "scores": [], "url": "https://symfony.com/cve-2018-11385" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55835?format=api", "purl": "pkg:composer/symfony/security-http@2.7.48", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@2.7.48" }, { "url": "http://public2.vulnerablecode.io/api/packages/55836?format=api", "purl": "pkg:composer/symfony/security-http@2.8.41", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@2.8.41" }, { "url": "http://public2.vulnerablecode.io/api/packages/55837?format=api", "purl": "pkg:composer/symfony/security-http@3.4.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@3.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/55838?format=api", "purl": "pkg:composer/symfony/security-http@4.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@4.0.11" } ], "aliases": [ "CVE-2018-11385" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vyug-krcw-jyef" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@4.0.11" }