Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/57019?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/57019?format=api", "purl": "pkg:gem/rack@2.0.0", "type": "gem", "namespace": "", "name": "rack", "version": "2.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.0.6", "latest_non_vulnerable_version": "3.2.5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40437?format=api", "vulnerability_id": "VCID-1ra1-pgt2-3ubf", "summary": "Cross-site Scripting\nThere is a possible XSS vulnerability in Rack. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to HTTP or HTTPS and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not be impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.", "references": [ { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16471", "reference_id": "CVE-2018-16471", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16471" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57008?format=api", "purl": "pkg:gem/rack@2.0.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.6" } ], "aliases": [ "CVE-2018-16471" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ra1-pgt2-3ubf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44670?format=api", "vulnerability_id": "VCID-bqpn-m2fh-9kab", "summary": "Possible Denial of Service Vulnerability in Rack’s header parsing\nThere is a denial of service vulnerability in the header parsing component of Rack. Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted. Workarounds Setting `Regexp.timeout` in Ruby 3.2 is a possible workaround.", "references": [ { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27539", "reference_id": "CVE-2023-27539", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27539" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27539.yml", "reference_id": "CVE-2023-27539.YML", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27539.yml" }, { "reference_url": "https://github.com/advisories/GHSA-c6qg-cjj8-47qp", "reference_id": "GHSA-c6qg-cjj8-47qp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-c6qg-cjj8-47qp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64317?format=api", "purl": "pkg:gem/rack@2.2.6.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/64318?format=api", "purl": "pkg:gem/rack@3.0.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.6.1" } ], "aliases": [ "CVE-2023-27539", "GHSA-c6qg-cjj8-47qp", "GMS-2023-769" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bqpn-m2fh-9kab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44226?format=api", "vulnerability_id": "VCID-ebb6-b5tx-5bhf", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://discuss.rubyonrails.org/t/cve-2022-44571-possible-denial-of-service-vulnerability-in-rack-content-disposition-parsing/82126", "reference_id": "", "reference_type": "", "scores": [], "url": "https://discuss.rubyonrails.org/t/cve-2022-44571-possible-denial-of-service-vulnerability-in-rack-content-disposition-parsing/82126" }, { "reference_url": "https://github.com/rack/rack/releases/tag/v3.0.4.1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rack/rack/releases/tag/v3.0.4.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44571", "reference_id": "CVE-2022-44571", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44571" }, { "reference_url": "https://github.com/advisories/GHSA-93pm-5p5f-3ghx", "reference_id": "GHSA-93pm-5p5f-3ghx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-93pm-5p5f-3ghx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63597?format=api", "purl": "pkg:gem/rack@2.0.9.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/63598?format=api", "purl": "pkg:gem/rack@2.1.4.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/63897?format=api", "purl": "pkg:gem/rack@2.2.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/63600?format=api", "purl": "pkg:gem/rack@3.0.4.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.4.1" } ], "aliases": [ "CVE-2022-44571", "GHSA-93pm-5p5f-3ghx", "GMS-2023-65" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ebb6-b5tx-5bhf" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.0" }