Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/60717?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/60717?format=api", "purl": "pkg:composer/drupal/core-recommended@9.3.6", "type": "composer", "namespace": "drupal", "name": "core-recommended", "version": "9.3.6", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "10.2.9", "latest_non_vulnerable_version": "11.0.8", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42433?format=api", "vulnerability_id": "VCID-2g67-a42m-qfbh", "summary": "Improper Input Validation\nDrupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.", "references": [ { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4" }, { "reference_url": "https://www.drupal.org/sa-core-2022-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2022-003" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25271", "reference_id": "CVE-2022-25271", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25271" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60715?format=api", "purl": "pkg:composer/drupal/core-recommended@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4p4c-7rdc-37fa" }, { "vulnerability": "VCID-5jy9-mhbb-nuh7" }, { "vulnerability": "VCID-9dfs-rpqy-6kfa" }, { "vulnerability": "VCID-j7bj-atys-qfg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@8.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/60716?format=api", "purl": "pkg:composer/drupal/core-recommended@9.2.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@9.2.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/60717?format=api", "purl": "pkg:composer/drupal/core-recommended@9.3.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@9.3.6" } ], "aliases": [ "CVE-2022-25271", "GHSA-fmfv-x8mp-5767" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2g67-a42m-qfbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42465?format=api", "vulnerability_id": "VCID-ydy1-x277-1fhj", "summary": "Incorrect Authorization\nThe Quick Edit module does not properly check entity access in some circumstances. This could result in users with the \"access in-place editing\" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2022-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2022-004" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25270", "reference_id": "CVE-2022-25270", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25270" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60716?format=api", "purl": "pkg:composer/drupal/core-recommended@9.2.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@9.2.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/60717?format=api", "purl": "pkg:composer/drupal/core-recommended@9.3.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@9.3.6" } ], "aliases": [ "CVE-2022-25270", "GHSA-73q4-j324-2qcc" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ydy1-x277-1fhj" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core-recommended@9.3.6" }