Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/62627?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/62627?format=api", "purl": "pkg:maven/org.jboss.resteas/resteasy-jaxrs@3.0.7.Final", "type": "maven", "namespace": "org.jboss.resteas", "name": "resteasy-jaxrs", "version": "3.0.7.Final", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.0.25.Final", "latest_non_vulnerable_version": "3.5.0.CR1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43558?format=api", "vulnerability_id": "VCID-kbwr-xd1h-sbbs", "summary": "Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP\nRed Hat JBoss EAP version 3.0.7.Final until 3.0.25.Final, 3.5.0.CR1, and 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0478", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0481", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0481" }, { "reference_url": "https://github.com/resteasy/Resteasy", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/resteasy/Resteasy" }, { "reference_url": "https://issues.jboss.org/browse/RESTEASY-1704", "reference_id": "", "reference_type": "", "scores": [], "url": "https://issues.jboss.org/browse/RESTEASY-1704" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7561", "reference_id": "CVE-2017-7561", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7561" }, { "reference_url": "https://github.com/advisories/GHSA-57q5-x8jf-g7h8", "reference_id": "GHSA-57q5-x8jf-g7h8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-57q5-x8jf-g7h8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62630?format=api", "purl": "pkg:maven/org.jboss.resteas/resteasy-jaxrs@3.0.25.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteas/resteasy-jaxrs@3.0.25.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/62631?format=api", "purl": "pkg:maven/org.jboss.resteas/resteasy-jaxrs@3.5.0.CR1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteas/resteasy-jaxrs@3.5.0.CR1" } ], "aliases": [ "CVE-2017-7561", "GHSA-57q5-x8jf-g7h8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kbwr-xd1h-sbbs" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteas/resteasy-jaxrs@3.0.7.Final" }