Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/59600?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/59600?format=api", "purl": "pkg:composer/oro/crm@4.1.15", "type": "composer", "namespace": "oro", "name": "crm", "version": "4.1.15", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.2.6", "latest_non_vulnerable_version": "5.1.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41735?format=api", "vulnerability_id": "VCID-yuv4-cckd-tqdj", "summary": "Cross-Site Request Forgery (CSRF)\nOroCRM is an open source Client Relationship Management (CRM) application. There are no workarounds that address this vulnerability and all users are advised to update their package.", "references": [ { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39198", "reference_id": "CVE-2021-39198", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39198" }, { "reference_url": "https://github.com/oroinc/crm/security/advisories/GHSA-vf7h-6246-hm43", "reference_id": "GHSA-vf7h-6246-hm43", "reference_type": "", "scores": [], "url": "https://github.com/oroinc/crm/security/advisories/GHSA-vf7h-6246-hm43" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59604?format=api", "purl": "pkg:composer/oro/crm@4.2.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/oro/crm@4.2.6" } ], "aliases": [ "CVE-2021-39198", "GHSA-vf7h-6246-hm43" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yuv4-cckd-tqdj" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/oro/crm@4.1.15" }