Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/63187?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/63187?format=api", "purl": "pkg:maven/org.apache.activemq/activemq-client@5.11.1", "type": "maven", "namespace": "org.apache.activemq", "name": "activemq-client", "version": "5.11.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.11.2", "latest_non_vulnerable_version": "5.18.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43963?format=api", "vulnerability_id": "VCID-4qfe-3c55-jyfg", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nDirectory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/156643/Apache-ActiveMQ-5.11.1-Directory-Traversal-Shell-Upload.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://packetstormsecurity.com/files/156643/Apache-ActiveMQ-5.11.1-Directory-Traversal-Shell-Upload.html" }, { "reference_url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E" }, { "reference_url": "http://www.zerodayinitiative.com/advisories/ZDI-15-407", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-407" }, { "reference_url": "http://www.zerodayinitiative.com/advisories/ZDI-15-407/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-407/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1830", "reference_id": "CVE-2015-1830", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1830" }, { "reference_url": "http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt", "reference_id": "CVE-2015-1830-ANNOUNCEMENT.TXT", "reference_type": "", "scores": [], "url": "http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt" }, { "reference_url": "https://github.com/advisories/GHSA-3v63-f83x-37x4", "reference_id": "GHSA-3v63-f83x-37x4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3v63-f83x-37x4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63188?format=api", "purl": "pkg:maven/org.apache.activemq/activemq-client@5.11.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-client@5.11.2" } ], "aliases": [ "CVE-2015-1830", "GHSA-3v63-f83x-37x4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4qfe-3c55-jyfg" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-client@5.11.1" }