Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/59958?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/59958?format=api", "purl": "pkg:composer/oro/platform@4.2.8", "type": "composer", "namespace": "oro", "name": "platform", "version": "4.2.8", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "5.0.7", "latest_non_vulnerable_version": "5.1.4", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41951?format=api", "vulnerability_id": "VCID-htv9-tpny-7ycn", "summary": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')\nOroPlatform is a PHP Business Application Platform. an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that is vulnerable to Prototype Pollution. This issue has been patched Users unable to upgrade may configure a firewall to drop requests containing next strings: `__proto__`, `constructor[prototype]`, and `constructor.prototype` to mitigate this issue.", "references": [ { "reference_url": "https://github.com/oroinc/platform/commit/62c26936b3adee9c20255dcd9f8ee5c299b464a9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/oroinc/platform/commit/62c26936b3adee9c20255dcd9f8ee5c299b464a9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43852", "reference_id": "CVE-2021-43852", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43852" }, { "reference_url": "https://github.com/oroinc/platform/security/advisories/GHSA-jx5q-g37m-h5hj", "reference_id": "GHSA-jx5q-g37m-h5hj", "reference_type": "", "scores": [], "url": "https://github.com/oroinc/platform/security/advisories/GHSA-jx5q-g37m-h5hj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59958?format=api", "purl": "pkg:composer/oro/platform@4.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@4.2.8" } ], "aliases": [ "CVE-2021-43852", "GHSA-jx5q-g37m-h5hj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-htv9-tpny-7ycn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42050?format=api", "vulnerability_id": "VCID-j1uw-vqqx-uuh2", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in oro/platform.", "references": [ { "reference_url": "https://github.com/advisories/GHSA-rrgw-3hg3-9x8c", "reference_id": "GHSA-rrgw-3hg3-9x8c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rrgw-3hg3-9x8c" }, { "reference_url": "https://github.com/oroinc/platform-er/security/advisories/GHSA-rrgw-3hg3-9x8c", "reference_id": "GHSA-rrgw-3hg3-9x8c", "reference_type": "", "scores": [], "url": "https://github.com/oroinc/platform-er/security/advisories/GHSA-rrgw-3hg3-9x8c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60145?format=api", "purl": "pkg:composer/oro/platform@3.1.29", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@3.1.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/60146?format=api", "purl": "pkg:composer/oro/platform@4.1.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@4.1.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/59958?format=api", "purl": "pkg:composer/oro/platform@4.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@4.2.8" } ], "aliases": [ "GHSA-rrgw-3hg3-9x8c", "GMS-2022-24" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j1uw-vqqx-uuh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41950?format=api", "vulnerability_id": "VCID-mp7m-9665-uqb6", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nOroPlatform is a PHP Business Application Platform.An attacker must have permission to create or edit an email template. For successful payload, execution the attacked user must preview a vulnerable email template. There are no workarounds that address this vulnerability. Users are advised to upgrade as soon as is possible.", "references": [ { "reference_url": "https://github.com/oroinc/platform/commit/2a089c971fc70bc63baf8770d29ee515ce5a415a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/oroinc/platform/commit/2a089c971fc70bc63baf8770d29ee515ce5a415a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41236", "reference_id": "CVE-2021-41236", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41236" }, { "reference_url": "https://github.com/oroinc/platform/security/advisories/GHSA-qv7g-j98v-8pp7", "reference_id": "GHSA-qv7g-j98v-8pp7", "reference_type": "", "scores": [], "url": "https://github.com/oroinc/platform/security/advisories/GHSA-qv7g-j98v-8pp7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59957?format=api", "purl": "pkg:composer/oro/platform@4.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@4.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/59958?format=api", "purl": "pkg:composer/oro/platform@4.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@4.2.8" } ], "aliases": [ "CVE-2021-41236", "GHSA-qv7g-j98v-8pp7" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mp7m-9665-uqb6" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/oro/platform@4.2.8" }