Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/60541?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/60541?format=api", "purl": "pkg:npm/handlebars@4.7.7", "type": "npm", "namespace": "", "name": "handlebars", "version": "4.7.7", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.0.7", "latest_non_vulnerable_version": "4.7.7", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42343?format=api", "vulnerability_id": "VCID-3ej8-4wrb-dqed", "summary": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')\nThe package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.", "references": [ { "reference_url": "https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210618-0007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210618-0007/" }, { "reference_url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1279031", "reference_id": "", "reference_type": "", "scores": [], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1279031" }, { "reference_url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1279032", "reference_id": "", "reference_type": "", "scores": [], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1279032" }, { "reference_url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279030", "reference_id": "", "reference_type": "", "scores": [], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279030" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029", "reference_id": "", "reference_type": "", "scores": [], "url": "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029" }, { "reference_url": "https://www.npmjs.com/package/handlebars", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.npmjs.com/package/handlebars" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23383", "reference_id": "CVE-2021-23383", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23383" }, { "reference_url": "https://github.com/advisories/GHSA-765h-qjxv-5f44", "reference_id": "GHSA-765h-qjxv-5f44", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-765h-qjxv-5f44" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60541?format=api", "purl": "pkg:npm/handlebars@4.7.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/handlebars@4.7.7" } ], "aliases": [ "CVE-2021-23383", "GHSA-765h-qjxv-5f44" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ej8-4wrb-dqed" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/handlebars@4.7.7" }