Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/57274?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/57274?format=api", "purl": "pkg:maven/org.hswebframework.web/hsweb-commons@3.0.4", "type": "maven", "namespace": "org.hswebframework.web", "name": "hsweb-commons", "version": "3.0.4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40582?format=api", "vulnerability_id": "VCID-2xwj-t3jg-hqe3", "summary": "Cross-Site Request Forgery (CSRF)\nA CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful.", "references": [ { "reference_url": "https://github.com/hs-web/hsweb-framework/commit/40929e9b0d336a26281a5ed2e0e721d54dd8d2f2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/hs-web/hsweb-framework/commit/40929e9b0d336a26281a5ed2e0e721d54dd8d2f2" }, { "reference_url": "https://github.com/hs-web/hsweb-framework/issues/107", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/hs-web/hsweb-framework/issues/107" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20595", "reference_id": "CVE-2018-20595", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20595" }, { "reference_url": "https://github.com/advisories/GHSA-4rm3-4mq4-mfwr", "reference_id": "GHSA-4rm3-4mq4-mfwr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4rm3-4mq4-mfwr" } ], "fixed_packages": [], "aliases": [ "CVE-2018-20595", "GHSA-4rm3-4mq4-mfwr" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2xwj-t3jg-hqe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40580?format=api", "vulnerability_id": "VCID-7v6u-ypg7-bua1", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nAn issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java.", "references": [ { "reference_url": "https://github.com/hs-web/hsweb-framework/commit/b72a2275ed21240296c6539bae1049c56abb542f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/hs-web/hsweb-framework/commit/b72a2275ed21240296c6539bae1049c56abb542f" }, { "reference_url": "https://github.com/hs-web/hsweb-framework/issues/107", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/hs-web/hsweb-framework/issues/107" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20594", "reference_id": "CVE-2018-20594", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20594" }, { "reference_url": "https://github.com/advisories/GHSA-qqv6-5w6p-3pgr", "reference_id": "GHSA-qqv6-5w6p-3pgr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qqv6-5w6p-3pgr" } ], "fixed_packages": [], "aliases": [ "CVE-2018-20594", "GHSA-qqv6-5w6p-3pgr" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7v6u-ypg7-bua1" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.hswebframework.web/hsweb-commons@3.0.4" }