Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/58740?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/58740?format=api", "purl": "pkg:composer/contao/contao@4.10.0", "type": "composer", "namespace": "contao", "name": "contao", "version": "4.10.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.11.7", "latest_non_vulnerable_version": "5.1.4", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41358?format=api", "vulnerability_id": "VCID-82d1-8yn8-sydv", "summary": "Cross site scripting via HTML attributes in the back end\nIt is possible for untrusted users to inject malicious code into HTML attributes in the back end, which will be executed both in the element preview (back end) and on the website (front end).\n\nInstallations are only affected if there are untrusted back end users who have the rights to modify HTML fields (e.g. TinyMCE).", "references": [ { "reference_url": "https://contao.org/en/news/contao-4-9-16-and-4-11-5-are-available.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://contao.org/en/news/contao-4-9-16-and-4-11-5-are-available.html" }, { "reference_url": "https://contao.org/en/security-advisories/cross-site-scripting-via-html-attributes-in-the-back-end.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://contao.org/en/security-advisories/cross-site-scripting-via-html-attributes-in-the-back-end.html" }, { "reference_url": "https://github.com/contao/contao", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/contao/contao" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35955", "reference_id": "CVE-2021-35955", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35955" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2021-35955.yaml", "reference_id": "CVE-2021-35955.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2021-35955.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2021-35955.yaml", "reference_id": "CVE-2021-35955.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2021-35955.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-hr3h-x6gq-rqcp", "reference_id": "GHSA-hr3h-x6gq-rqcp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hr3h-x6gq-rqcp" }, { "reference_url": "https://github.com/contao/contao/security/advisories/GHSA-hr3h-x6gq-rqcp", "reference_id": "GHSA-hr3h-x6gq-rqcp", "reference_type": "", "scores": [], "url": "https://github.com/contao/contao/security/advisories/GHSA-hr3h-x6gq-rqcp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58743?format=api", "purl": "pkg:composer/contao/contao@4.11.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.11.7" } ], "aliases": [ "CVE-2021-35955", "GHSA-hr3h-x6gq-rqcp" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-82d1-8yn8-sydv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41299?format=api", "vulnerability_id": "VCID-rj3d-jeyz-vye5", "summary": "Improper Privilege Management\nContao is an open source CMS that allows creation of websites and scalable web applications.All users are advised to update to Contao As a workaround users may disable the form generator or disable the login for untrusted back end users.", "references": [ { "reference_url": "https://contao.org/en/security-advisories/privilege-escalation-with-the-form-generator.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://contao.org/en/security-advisories/privilege-escalation-with-the-form-generator.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37627", "reference_id": "CVE-2021-37627", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37627" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2021-37627.yaml", "reference_id": "CVE-2021-37627.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2021-37627.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2021-37627.yaml", "reference_id": "CVE-2021-37627.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2021-37627.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-hq5m-mqmx-fw6m", "reference_id": "GHSA-hq5m-mqmx-fw6m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hq5m-mqmx-fw6m" }, { "reference_url": "https://github.com/contao/contao/security/advisories/GHSA-hq5m-mqmx-fw6m", "reference_id": "GHSA-hq5m-mqmx-fw6m", "reference_type": "", "scores": [], "url": "https://github.com/contao/contao/security/advisories/GHSA-hq5m-mqmx-fw6m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58743?format=api", "purl": "pkg:composer/contao/contao@4.11.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.11.7" } ], "aliases": [ "CVE-2021-37627", "GHSA-hq5m-mqmx-fw6m" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rj3d-jeyz-vye5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41301?format=api", "vulnerability_id": "VCID-t2u3-tgg3-cbb9", "summary": "Code Injection\nContao is an open source CMS that allows you to create websites and scalable web applications.Update to Contao to resolve. If you cannot update then disable the login for untrusted back end users.", "references": [ { "reference_url": "https://contao.org/en/security-advisories/php-file-inclusion-via-insert-tags.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://contao.org/en/security-advisories/php-file-inclusion-via-insert-tags.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37626", "reference_id": "CVE-2021-37626", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37626" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2021-37626.yaml", "reference_id": "CVE-2021-37626.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2021-37626.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2021-37626.yaml", "reference_id": "CVE-2021-37626.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2021-37626.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-r6mv-ppjc-4hgr", "reference_id": "GHSA-r6mv-ppjc-4hgr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r6mv-ppjc-4hgr" }, { "reference_url": "https://github.com/contao/contao/security/advisories/GHSA-r6mv-ppjc-4hgr", "reference_id": "GHSA-r6mv-ppjc-4hgr", "reference_type": "", "scores": [], "url": "https://github.com/contao/contao/security/advisories/GHSA-r6mv-ppjc-4hgr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58743?format=api", "purl": "pkg:composer/contao/contao@4.11.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.11.7" } ], "aliases": [ "CVE-2021-37626", "GHSA-r6mv-ppjc-4hgr" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t2u3-tgg3-cbb9" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.10.0" }