Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/60725?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/60725?format=api", "purl": "pkg:composer/appwrite/server-ce@0.12.2", "type": "composer", "namespace": "appwrite", "name": "server-ce", "version": "0.12.2", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47110?format=api", "vulnerability_id": "VCID-qx2s-2peg-2fa6", "summary": "Appwrite Directory Traversal vulnerability\nThe ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, `APP_STORAGE_CERTIFICATES/.well-known/acme-challenge` must exist on disk. (This pathname is automatically created if the user chooses to install Let's Encrypt certificates via Appwrite.)", "references": [ { "reference_url": "https://dubell.io/unauthenticated-lfi-in-appwrite-0.5.0-0.12.1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://dubell.io/unauthenticated-lfi-in-appwrite-0.5.0-0.12.1" }, { "reference_url": "https://github.com/appwrite/appwrite", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/appwrite/appwrite" }, { "reference_url": "https://github.com/appwrite/appwrite/blob/0.12.0/app/controllers/general.php#L539", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/appwrite/appwrite/blob/0.12.0/app/controllers/general.php#L539" }, { "reference_url": "https://github.com/appwrite/appwrite/commit/892f6fa4ba0d44e2435ffad1a84542400cfb7a9b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/appwrite/appwrite/commit/892f6fa4ba0d44e2435ffad1a84542400cfb7a9b" }, { "reference_url": "https://github.com/appwrite/appwrite/pull/2780", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/appwrite/appwrite/pull/2780" }, { "reference_url": "https://github.com/appwrite/appwrite/releases/tag/0.12.2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/appwrite/appwrite/releases/tag/0.12.2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25377", "reference_id": "CVE-2022-25377", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25377" }, { "reference_url": "https://github.com/advisories/GHSA-wfm3-gq9h-mrjm", "reference_id": "GHSA-wfm3-gq9h-mrjm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wfm3-gq9h-mrjm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60725?format=api", "purl": "pkg:composer/appwrite/server-ce@0.12.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/appwrite/server-ce@0.12.2" } ], "aliases": [ "CVE-2022-25377", "GHSA-wfm3-gq9h-mrjm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qx2s-2peg-2fa6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42437?format=api", "vulnerability_id": "VCID-x7wu-vcge-33g6", "summary": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')\nThis affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution vulnerability.", "references": [ { "reference_url": "https://github.com/appwrite/appwrite/pull/2778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/appwrite/appwrite/pull/2778" }, { "reference_url": "https://github.com/appwrite/appwrite/releases/tag/0.11.1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/appwrite/appwrite/releases/tag/0.11.1" }, { "reference_url": "https://github.com/appwrite/appwrite/releases/tag/0.12.2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/appwrite/appwrite/releases/tag/0.12.2" }, { "reference_url": "https://github.com/litespeed-js/litespeed.js/pull/18", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/litespeed-js/litespeed.js/pull/18" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-LITESPEEDJS-2359250", "reference_id": "", "reference_type": "", "scores": [], "url": "https://snyk.io/vuln/SNYK-JS-LITESPEEDJS-2359250" }, { "reference_url": "https://snyk.io/vuln/SNYK-PHP-APPWRITESERVERCE-2401820", "reference_id": "", "reference_type": "", "scores": [], "url": "https://snyk.io/vuln/SNYK-PHP-APPWRITESERVERCE-2401820" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23682", "reference_id": "CVE-2021-23682", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23682" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60724?format=api", "purl": "pkg:composer/appwrite/server-ce@0.11.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/appwrite/server-ce@0.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60725?format=api", "purl": "pkg:composer/appwrite/server-ce@0.12.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/appwrite/server-ce@0.12.2" } ], "aliases": [ "CVE-2021-23682" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x7wu-vcge-33g6" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/appwrite/server-ce@0.12.2" }