Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/56691?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/56691?format=api", "purl": "pkg:maven/org.springframework/spring-core@4.2.2", "type": "maven", "namespace": "org.springframework", "name": "spring-core", "version": "4.2.2", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "4.2.9", "latest_non_vulnerable_version": "6.2.11", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38630?format=api", "vulnerability_id": "VCID-2ke4-ywbk-2qha", "summary": "Improper Input Validation\nUnder some situations, the Spring Framework is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.", "references": [ { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html" }, { "reference_url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector/" }, { "reference_url": "http://pivotal.io/security/cve-2015-5211", "reference_id": "CVE-2015-5211", "reference_type": "", "scores": [], "url": "http://pivotal.io/security/cve-2015-5211" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2015-5211", "reference_id": "CVE-2015-5211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/cve-2015-5211" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5211", "reference_id": "CVE-2015-5211", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5211" }, { "reference_url": "https://pivotal.io/security/cve-2015-5211", "reference_id": "CVE-2015-5211", "reference_type": "", "scores": [], "url": "https://pivotal.io/security/cve-2015-5211" }, { "reference_url": "https://github.com/advisories/GHSA-pgf9-h69p-pcgf", "reference_id": "GHSA-pgf9-h69p-pcgf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pgf9-h69p-pcgf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56692?format=api", "purl": "pkg:maven/org.springframework/spring-core@3.2.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@3.2.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/56691?format=api", "purl": "pkg:maven/org.springframework/spring-core@4.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.2.2" } ], "aliases": [ "CVE-2015-5211", "GHSA-pgf9-h69p-pcgf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2ke4-ywbk-2qha" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.2.2" }