Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/62983?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/62983?format=api", "purl": "pkg:pypi/nova@12.0.4", "type": "pypi", "namespace": "", "name": "nova", "version": "12.0.4", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "13.1.4", "latest_non_vulnerable_version": "2015.1.2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43841?format=api", "vulnerability_id": "VCID-6bmt-zgqg-5bdv", "summary": "OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption\nA resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. oslo.concurrency has been updated to support process limits ('prlimit'), which is needed to fix this flaw.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1268303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1268303" }, { "reference_url": "https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5" }, { "reference_url": "https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f" }, { "reference_url": "https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397" }, { "reference_url": "https://launchpad.net/bugs/1449062", "reference_id": "", "reference_type": "", "scores": [], "url": "https://launchpad.net/bugs/1449062" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/10/06/8", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2016/10/06/8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-5162", "reference_id": "CVE-2015-5162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2015-5162" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5162", "reference_id": "CVE-2015-5162", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5162" }, { "reference_url": "https://github.com/advisories/GHSA-g2j5-7vgx-6xrx", "reference_id": "GHSA-g2j5-7vgx-6xrx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g2j5-7vgx-6xrx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62983?format=api", "purl": "pkg:pypi/nova@12.0.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@12.0.4" } ], "aliases": [ "CVE-2015-5162", "GHSA-g2j5-7vgx-6xrx" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6bmt-zgqg-5bdv" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@12.0.4" }