Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/58384?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/58384?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.109", "type": "maven", "namespace": "org.apache.tomcat.embed", "name": "tomcat-embed-core", "version": "7.0.109", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "8.0.4", "latest_non_vulnerable_version": "11.0.18", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41206?format=api", "vulnerability_id": "VCID-dk58-p9py-rka9", "summary": "Improper Authentication\nA vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the `LockOut Realm`.", "references": [ { "reference_url": "https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30640", "reference_id": "CVE-2021-30640", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30640" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58384?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.109", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.109" }, { "url": "http://public2.vulnerablecode.io/api/packages/58385?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.66", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.66" }, { "url": "http://public2.vulnerablecode.io/api/packages/58386?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.46", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.46" }, { "url": "http://public2.vulnerablecode.io/api/packages/58387?format=api", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.0.6" } ], "aliases": [ "CVE-2021-30640" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dk58-p9py-rka9" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.109" }