Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/57422?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/57422?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-main@3.0.1", "type": "maven", "namespace": "org.apache.hadoop", "name": "hadoop-main", "version": "3.0.1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.1.1", "latest_non_vulnerable_version": "3.3.5", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40672?format=api", "vulnerability_id": "VCID-66vn-51hs-kudx", "summary": "Information Exposure\nIn Apache Hadoop, HDFS exposes extended attribute key/value pairs during `listXAttrs`, verifying only path-level search access to the directory rather than path-level read permission to the referent.", "references": [ { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1296", "reference_id": "CVE-2018-1296", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1296" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57227?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-main@2.7.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7y7d-vb5r-qfgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.7.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/57420?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-main@2.8.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/57421?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-main@2.9.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/57422?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-main@3.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.0.1" } ], "aliases": [ "CVE-2018-1296" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-66vn-51hs-kudx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42356?format=api", "vulnerability_id": "VCID-9y3h-kwt9-hbe8", "summary": "Missing Authentication for Critical Function\nWeb endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured.", "references": [ { "reference_url": "https://lists.apache.org/thread.html/r790ad0a049cde713b93589ecfd4dd2766fda0fc6807eedb6cf69f5c1%40%3Cgeneral.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r790ad0a049cde713b93589ecfd4dd2766fda0fc6807eedb6cf69f5c1%40%3Cgeneral.hadoop.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20201103-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20201103-0003/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11764", "reference_id": "CVE-2018-11764", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11764" }, { "reference_url": "https://github.com/advisories/GHSA-4fh8-pm7g-pmxq", "reference_id": "GHSA-4fh8-pm7g-pmxq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4fh8-pm7g-pmxq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57422?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-main@3.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.0.1" } ], "aliases": [ "CVE-2018-11764", "GHSA-4fh8-pm7g-pmxq" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9y3h-kwt9-hbe8" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.0.1" }