Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/63805?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/63805?format=api", "purl": "pkg:composer/wwbn/avideo@12.4.0", "type": "composer", "namespace": "wwbn", "name": "avideo", "version": "12.4.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "14.3.0", "latest_non_vulnerable_version": "25.0.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47450?format=api", "vulnerability_id": "VCID-dys1-y27f-kybb", "summary": "WWBN AVideo Remote Code Execution\nAn issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component.", "references": [ { "reference_url": "https://github.com/WWBN/AVideo", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/WWBN/AVideo" }, { "reference_url": "https://github.com/WWBN/AVideo/commit/fcb1f79278684f02ee59130dc0304bd063d9d6d7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/WWBN/AVideo/commit/fcb1f79278684f02ee59130dc0304bd063d9d6d7" }, { "reference_url": "https://chocapikk.com/posts/2024/cve-2024-31819", "reference_id": "CVE-2024-31819", "reference_type": "", "scores": [], "url": "https://chocapikk.com/posts/2024/cve-2024-31819" }, { "reference_url": "https://github.com/Chocapikk/CVE-2024-31819", "reference_id": "CVE-2024-31819", "reference_type": "", "scores": [], "url": "https://github.com/Chocapikk/CVE-2024-31819" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31819", "reference_id": "CVE-2024-31819", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31819" }, { "reference_url": "https://github.com/advisories/GHSA-mv5w-wr5c-575p", "reference_id": "GHSA-mv5w-wr5c-575p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mv5w-wr5c-575p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69734?format=api", "purl": "pkg:composer/wwbn/avideo@14.3.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/wwbn/avideo@14.3.0" } ], "aliases": [ "CVE-2024-31819", "GHSA-mv5w-wr5c-575p" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dys1-y27f-kybb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46816?format=api", "vulnerability_id": "VCID-e1bu-y7rn-wka8", "summary": "WWBN AVideo Insufficient Entropy vulnerbaility\nAn insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via HTTP requests and bruteforce the salt offline, leading to forging a legitimate password recovery code for the admin user.", "references": [ { "reference_url": "https://github.com/WWBN/AVideo", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/WWBN/AVideo" }, { "reference_url": "https://github.com/WWBN/AVideo/commit/15fed957fb64b4055158acfc449bd7974346edb5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/WWBN/AVideo/commit/15fed957fb64b4055158acfc449bd7974346edb5" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1900" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49599", "reference_id": "CVE-2023-49599", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49599" }, { "reference_url": "https://github.com/advisories/GHSA-wqcc-qf63-c2x4", "reference_id": "GHSA-wqcc-qf63-c2x4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wqcc-qf63-c2x4" } ], "fixed_packages": [], "aliases": [ "CVE-2023-49599", "GHSA-wqcc-qf63-c2x4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e1bu-y7rn-wka8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46818?format=api", "vulnerability_id": "VCID-g2er-1sf3-6qad", "summary": "Improper Restriction of Excessive Authentication Attempts\nA login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha bypass, which can be abused by an attacker to brute force user credentials. An attacker can send a series of HTTP requests to trigger this vulnerability.", "references": [ { "reference_url": "https://github.com/WWBN/AVideo/commit/15fed957fb64b4055158acfc449bd7974346edb5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/WWBN/AVideo/commit/15fed957fb64b4055158acfc449bd7974346edb5" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1898" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49810", "reference_id": "CVE-2023-49810", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49810" }, { "reference_url": "https://github.com/advisories/GHSA-v977-h4hm-rrff", "reference_id": "GHSA-v977-h4hm-rrff", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v977-h4hm-rrff" } ], "fixed_packages": [], "aliases": [ "CVE-2023-49810", "GHSA-v977-h4hm-rrff" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g2er-1sf3-6qad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45179?format=api", "vulnerability_id": "VCID-jzaa-2qhr-tkhb", "summary": "Improper Neutralization of Special Elements used in a Command ('Command Injection')\nWWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at `plugin/CloneSite/cloneClient.json.php` which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to version 12.3. This issue is patched in commit 1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3.", "references": [ { "reference_url": "https://github.com/WWBN/AVideo/commit/1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/WWBN/AVideo/commit/1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32073", "reference_id": "CVE-2023-32073", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32073" }, { "reference_url": "https://github.com/advisories/GHSA-2mhh-27v7-3vcx", "reference_id": "GHSA-2mhh-27v7-3vcx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2mhh-27v7-3vcx" }, { "reference_url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-2mhh-27v7-3vcx", "reference_id": "GHSA-2mhh-27v7-3vcx", "reference_type": "", "scores": [], "url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-2mhh-27v7-3vcx" } ], "fixed_packages": [], "aliases": [ "CVE-2023-32073", "GHSA-2mhh-27v7-3vcx" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jzaa-2qhr-tkhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46817?format=api", "vulnerability_id": "VCID-vynh-gpdq-2yde", "summary": "Weak Password Recovery Mechanism for Forgotten Password\nA recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user.", "references": [ { "reference_url": "https://github.com/WWBN/AVideo/commit/15fed957fb64b4055158acfc449bd7974346edb5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/WWBN/AVideo/commit/15fed957fb64b4055158acfc449bd7974346edb5" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1897" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50172", "reference_id": "CVE-2023-50172", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50172" }, { "reference_url": "https://github.com/advisories/GHSA-8m5f-2xvp-2c8w", "reference_id": "GHSA-8m5f-2xvp-2c8w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8m5f-2xvp-2c8w" } ], "fixed_packages": [], "aliases": [ "CVE-2023-50172", "GHSA-8m5f-2xvp-2c8w" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vynh-gpdq-2yde" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45059?format=api", "vulnerability_id": "VCID-5mp4-vbnp-9keu", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wwbn/avideo.", "references": [ { "reference_url": "https://github.com/advisories/GHSA-2fch-hv74-fgw9", "reference_id": "GHSA-2fch-hv74-fgw9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2fch-hv74-fgw9" }, { "reference_url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-2fch-hv74-fgw9", "reference_id": "GHSA-2fch-hv74-fgw9", "reference_type": "", "scores": [], "url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-2fch-hv74-fgw9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63805?format=api", "purl": "pkg:composer/wwbn/avideo@12.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dys1-y27f-kybb" }, { "vulnerability": "VCID-e1bu-y7rn-wka8" }, { "vulnerability": "VCID-g2er-1sf3-6qad" }, { "vulnerability": "VCID-jzaa-2qhr-tkhb" }, { "vulnerability": "VCID-vynh-gpdq-2yde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/wwbn/avideo@12.4.0" } ], "aliases": [ "GHSA-2fch-hv74-fgw9", "GMS-2023-1195" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5mp4-vbnp-9keu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45077?format=api", "vulnerability_id": "VCID-b6xv-nkwh-rkgz", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in wwbn/avideo.", "references": [ { "reference_url": "https://github.com/WWBN/AVideo/commit/020415d22f36d93ed865eb61994b49caa0f7f90a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/WWBN/AVideo/commit/020415d22f36d93ed865eb61994b49caa0f7f90a" }, { "reference_url": "https://github.com/advisories/GHSA-6vrj-ph27-qfp3", "reference_id": "GHSA-6vrj-ph27-qfp3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6vrj-ph27-qfp3" }, { "reference_url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-6vrj-ph27-qfp3", "reference_id": "GHSA-6vrj-ph27-qfp3", "reference_type": "", "scores": [], "url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-6vrj-ph27-qfp3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63805?format=api", "purl": "pkg:composer/wwbn/avideo@12.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dys1-y27f-kybb" }, { "vulnerability": "VCID-e1bu-y7rn-wka8" }, { "vulnerability": "VCID-g2er-1sf3-6qad" }, { "vulnerability": "VCID-jzaa-2qhr-tkhb" }, { "vulnerability": "VCID-vynh-gpdq-2yde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/wwbn/avideo@12.4.0" } ], "aliases": [ "GHSA-6vrj-ph27-qfp3", "GMS-2023-1222" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b6xv-nkwh-rkgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44364?format=api", "vulnerability_id": "VCID-m9jh-jgt9-rbeg", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in wwbn/avideo.", "references": [ { "reference_url": "https://github.com/WWBN/AVideo/commit/236228f15a9a31be5a0e60f05dac043682e49a5e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/WWBN/AVideo/commit/236228f15a9a31be5a0e60f05dac043682e49a5e" }, { "reference_url": "https://github.com/advisories/GHSA-pgvh-p3g4-86jw", "reference_id": "GHSA-pgvh-p3g4-86jw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pgvh-p3g4-86jw" }, { "reference_url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-pgvh-p3g4-86jw", "reference_id": "GHSA-pgvh-p3g4-86jw", "reference_type": "", "scores": [], "url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-pgvh-p3g4-86jw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63805?format=api", "purl": "pkg:composer/wwbn/avideo@12.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dys1-y27f-kybb" }, { "vulnerability": "VCID-e1bu-y7rn-wka8" }, { "vulnerability": "VCID-g2er-1sf3-6qad" }, { "vulnerability": "VCID-jzaa-2qhr-tkhb" }, { "vulnerability": "VCID-vynh-gpdq-2yde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/wwbn/avideo@12.4.0" } ], "aliases": [ "GHSA-pgvh-p3g4-86jw", "GMS-2023-226" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m9jh-jgt9-rbeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45105?format=api", "vulnerability_id": "VCID-uqbe-9pmt-8ket", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wwbn/avideo.", "references": [ { "reference_url": "https://github.com/advisories/GHSA-xr9h-p2rc-rpqm", "reference_id": "GHSA-xr9h-p2rc-rpqm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xr9h-p2rc-rpqm" }, { "reference_url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-xr9h-p2rc-rpqm", "reference_id": "GHSA-xr9h-p2rc-rpqm", "reference_type": "", "scores": [], "url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-xr9h-p2rc-rpqm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63805?format=api", "purl": "pkg:composer/wwbn/avideo@12.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dys1-y27f-kybb" }, { "vulnerability": "VCID-e1bu-y7rn-wka8" }, { "vulnerability": "VCID-g2er-1sf3-6qad" }, { "vulnerability": "VCID-jzaa-2qhr-tkhb" }, { "vulnerability": "VCID-vynh-gpdq-2yde" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/wwbn/avideo@12.4.0" } ], "aliases": [ "CVE-2023-30860", "GHSA-xr9h-p2rc-rpqm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uqbe-9pmt-8ket" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/wwbn/avideo@12.4.0" }