Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/59582?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/59582?format=api", "purl": "pkg:gem/solidus_core@2.11.12", "type": "gem", "namespace": "", "name": "solidus_core", "version": "2.11.12", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.11.12", "latest_non_vulnerable_version": "3.1.5", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41726?format=api", "vulnerability_id": "VCID-c2de-ucf9-eqcp", "summary": "Authentication Bypass by CSRF Weakness\n### Impact\nThe actual vulnerability has been discovered on `solidus_auth_devise`. See [GHSA-xm34-v85h-9pg2](https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2) for details.\n\nThe security advisory here exists to provide an extra layer of security in the form of a monkey patch for users who don't update `solidus_auth_devise`. For this reason, it has been marked as low impact on this end.\n\n### Patches\nFor extra security, update `solidus_core` to versions `3.1.3`, `3.0.3` or `2.11.12`.\n\n### Workarounds\nLook at the workarounds described at [GHSA-xm34-v85h-9pg2](https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2).\n\n### References\n- [GHSA-xm34-v85h-9pg2](https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2).\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [solidus_auth_devise](https://github.com/solidusio/solidus_auth_devise/issues) or a discussion in [solidus](https://github.com/solidusio/solidus/discussions)\n* Email us at [security@solidus.io](mailto:security@soliidus.io)\n* Contact the core team on [Slack](http://slack.solidus.io/)", "references": [ { "reference_url": "https://github.com/advisories/GHSA-5629-8855-gf4g", "reference_id": "GHSA-5629-8855-gf4g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5629-8855-gf4g" }, { "reference_url": "https://github.com/solidusio/solidus/security/advisories/GHSA-5629-8855-gf4g", "reference_id": "GHSA-5629-8855-gf4g", "reference_type": "", "scores": [], "url": "https://github.com/solidusio/solidus/security/advisories/GHSA-5629-8855-gf4g" }, { "reference_url": "https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2", "reference_id": "GHSA-xm34-v85h-9pg2", "reference_type": "", "scores": [], "url": "https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59582?format=api", "purl": "pkg:gem/solidus_core@2.11.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/solidus_core@2.11.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/59583?format=api", "purl": "pkg:gem/solidus_core@3.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/solidus_core@3.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/59584?format=api", "purl": "pkg:gem/solidus_core@3.1.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/solidus_core@3.1.3" } ], "aliases": [ "GHSA-5629-8855-gf4g", "GMS-2021-4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c2de-ucf9-eqcp" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/solidus_core@2.11.12" }