Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/63253?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/63253?format=api", "purl": "pkg:pypi/nova@13.0.0", "type": "pypi", "namespace": "", "name": "nova", "version": "13.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "13.1.4", "latest_non_vulnerable_version": "2015.1.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44000?format=api", "vulnerability_id": "VCID-wn3h-y5yh-bbb3", "summary": "OpenStack Nova logs sensitive context from notification exceptions\nAn issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1508", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1508" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1595", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1595" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/3f985f1eda6f29180878a3d21c20c5057179486a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openstack/nova/commit/3f985f1eda6f29180878a3d21c20c5057179486a" }, { "reference_url": "https://github.com/openstack/nova/commit/acb19160d4d348e29a21ad57c61c7369352c4d1c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openstack/nova/commit/acb19160d4d348e29a21ad57c61c7369352c4d1c" }, { "reference_url": "https://github.com/openstack/nova/commit/c2c91ce44592fc5dc2aacee1cf7f5b5cfd2e9a0a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openstack/nova/commit/c2c91ce44592fc5dc2aacee1cf7f5b5cfd2e9a0a" }, { "reference_url": "https://github.com/openstack/nova/commit/e193201fa1de5b08b29adefd8c149935c5529598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openstack/nova/commit/e193201fa1de5b08b29adefd8c149935c5529598" }, { "reference_url": "https://launchpad.net/bugs/1673569", "reference_id": "", "reference_type": "", "scores": [], "url": "https://launchpad.net/bugs/1673569" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7214", "reference_id": "CVE-2017-7214", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7214" }, { "reference_url": "https://github.com/advisories/GHSA-f4g4-cj8f-3cr9", "reference_id": "GHSA-f4g4-cj8f-3cr9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f4g4-cj8f-3cr9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63255?format=api", "purl": "pkg:pypi/nova@13.1.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@13.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/63256?format=api", "purl": "pkg:pypi/nova@14.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@14.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/63257?format=api", "purl": "pkg:pypi/nova@15.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@15.0.2" } ], "aliases": [ "CVE-2017-7214", "GHSA-f4g4-cj8f-3cr9" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wn3h-y5yh-bbb3" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@13.0.0" }