Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/55884?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/55884?format=api", "purl": "pkg:composer/symfony/security-bundle@2.8.41", "type": "composer", "namespace": "symfony", "name": "security-bundle", "version": "2.8.41", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.4.11", "latest_non_vulnerable_version": "6.2.6", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39965?format=api", "vulnerability_id": "VCID-ef86-hqv4-6kaz", "summary": "Cross-Site Request Forgery (CSRF)\nBy default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.", "references": [ { "reference_url": "https://symfony.com/cve-2018-11406", "reference_id": "CVE-2018-11406", "reference_type": "", "scores": [], "url": "https://symfony.com/cve-2018-11406" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55884?format=api", "purl": "pkg:composer/symfony/security-bundle@2.8.41", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@2.8.41" }, { "url": "http://public2.vulnerablecode.io/api/packages/55885?format=api", "purl": "pkg:composer/symfony/security-bundle@3.4.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@3.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/55886?format=api", "purl": "pkg:composer/symfony/security-bundle@4.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@4.0.11" } ], "aliases": [ "CVE-2018-11406" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ef86-hqv4-6kaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39970?format=api", "vulnerability_id": "VCID-tx26-92jc-rkff", "summary": "URL Redirection to Untrusted Site (Open Redirect)\nThe security handlers in the Security component in Symfony have an Open redirect vulnerability when `security.http_utils` is inlined by a container.", "references": [ { "reference_url": "https://symfony.com/cve-2018-11408", "reference_id": "CVE-2018-11408", "reference_type": "", "scores": [], "url": "https://symfony.com/cve-2018-11408" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55883?format=api", "purl": "pkg:composer/symfony/security-bundle@2.7.48", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@2.7.48" }, { "url": "http://public2.vulnerablecode.io/api/packages/55884?format=api", "purl": "pkg:composer/symfony/security-bundle@2.8.41", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@2.8.41" }, { "url": "http://public2.vulnerablecode.io/api/packages/55885?format=api", "purl": "pkg:composer/symfony/security-bundle@3.4.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@3.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/55886?format=api", "purl": "pkg:composer/symfony/security-bundle@4.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@4.0.11" } ], "aliases": [ "CVE-2018-11408" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tx26-92jc-rkff" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@2.8.41" }