Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/62441?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/62441?format=api", "purl": "pkg:composer/drupal/core@8.6.10", "type": "composer", "namespace": "drupal", "name": "core", "version": "8.6.10", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "8.6.12", "latest_non_vulnerable_version": "11.2.8", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43516?format=api", "vulnerability_id": "VCID-9nk8-dban-g7h9", "summary": "Drupal Core Remote Code Execution Vulnerability\nSome field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)", "references": [ { "reference_url": "https://github.com/drupal/drupal", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/drupal/drupal" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6340", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6340" }, { "reference_url": "https://www.drupal.org/sa-core-2019-003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2019-003" }, { "reference_url": "https://www.exploit-db.com/exploits/46452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/46452" }, { "reference_url": "https://www.exploit-db.com/exploits/46459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/46459" }, { "reference_url": "https://www.exploit-db.com/exploits/46510", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/46510" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_09", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.synology.com/security/advisory/Synology_SA_19_09" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6340", "reference_id": "CVE-2019-6340", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6340" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6340.yaml", "reference_id": "CVE-2019-6340.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6340.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6340.yaml", "reference_id": "CVE-2019-6340.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6340.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-3gx6-h57h-rm27", "reference_id": "GHSA-3gx6-h57h-rm27", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3gx6-h57h-rm27" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62442?format=api", "purl": "pkg:composer/drupal/core@7.62.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.62.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/62443?format=api", "purl": "pkg:composer/drupal/core@8.5.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/62441?format=api", "purl": "pkg:composer/drupal/core@8.6.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.10" } ], "aliases": [ "CVE-2019-6340", "GHSA-3gx6-h57h-rm27" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9nk8-dban-g7h9" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.10" }