Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/64085?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/64085?format=api", "purl": "pkg:pypi/saleor@3.7.0", "type": "pypi", "namespace": "", "name": "saleor", "version": "3.7.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.7.59", "latest_non_vulnerable_version": "3.19.15", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44560?format=api", "vulnerability_id": "VCID-4zmr-5jbx-z3ha", "summary": "Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions\nSaleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. This issue has been patched in versions 3.1.48, 3.7.59, 3.8.0, 3.9.27, 3.10.14 and 3.11.12.", "references": [ { "reference_url": "https://github.com/saleor/saleor", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saleor/saleor" }, { "reference_url": "https://github.com/saleor/saleor/releases/tag/3.10.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saleor/saleor/releases/tag/3.10.14" }, { "reference_url": "https://github.com/saleor/saleor/releases/tag/3.11.12", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saleor/saleor/releases/tag/3.11.12" }, { "reference_url": "https://github.com/saleor/saleor/releases/tag/3.1.48", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saleor/saleor/releases/tag/3.1.48" }, { "reference_url": "https://github.com/saleor/saleor/releases/tag/3.7.59", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saleor/saleor/releases/tag/3.7.59" }, { "reference_url": "https://github.com/saleor/saleor/releases/tag/3.8.30", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saleor/saleor/releases/tag/3.8.30" }, { "reference_url": "https://github.com/saleor/saleor/releases/tag/3.9.27", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saleor/saleor/releases/tag/3.9.27" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26052", "reference_id": "CVE-2023-26052", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26052" }, { "reference_url": "https://github.com/advisories/GHSA-3hvj-3cg9-v242", "reference_id": "GHSA-3hvj-3cg9-v242", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3hvj-3cg9-v242" }, { "reference_url": "https://github.com/saleor/saleor/security/advisories/GHSA-3hvj-3cg9-v242", "reference_id": "GHSA-3hvj-3cg9-v242", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saleor/saleor/security/advisories/GHSA-3hvj-3cg9-v242" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64094?format=api", "purl": "pkg:pypi/saleor@3.7.59", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.7.59" }, { "url": "http://public2.vulnerablecode.io/api/packages/64095?format=api", "purl": "pkg:pypi/saleor@3.8.30", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.8.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/64092?format=api", "purl": "pkg:pypi/saleor@3.9.27", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.9.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/64093?format=api", "purl": "pkg:pypi/saleor@3.10.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.10.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/64091?format=api", "purl": "pkg:pypi/saleor@3.11.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.11.12" } ], "aliases": [ "CVE-2023-26052", "GHSA-3hvj-3cg9-v242" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4zmr-5jbx-z3ha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44580?format=api", "vulnerability_id": "VCID-sxq3-egvv-1kdc", "summary": "Saleor has Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions\nSaleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.", "references": [ { "reference_url": "https://github.com/saleor/saleor", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saleor/saleor" }, { "reference_url": "https://github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1" }, { "reference_url": "https://github.com/saleor/saleor/releases/tag/3.10.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saleor/saleor/releases/tag/3.10.14" }, { "reference_url": "https://github.com/saleor/saleor/releases/tag/3.11.12", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saleor/saleor/releases/tag/3.11.12" }, { "reference_url": "https://github.com/saleor/saleor/releases/tag/3.1.48", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saleor/saleor/releases/tag/3.1.48" }, { "reference_url": "https://github.com/saleor/saleor/releases/tag/3.7.59", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saleor/saleor/releases/tag/3.7.59" }, { "reference_url": "https://github.com/saleor/saleor/releases/tag/3.8.30", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saleor/saleor/releases/tag/3.8.30" }, { "reference_url": "https://github.com/saleor/saleor/releases/tag/3.9.27", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saleor/saleor/releases/tag/3.9.27" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26051", "reference_id": "CVE-2023-26051", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26051" }, { "reference_url": "https://github.com/advisories/GHSA-r8qr-wwg3-2r85", "reference_id": "GHSA-r8qr-wwg3-2r85", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r8qr-wwg3-2r85" }, { "reference_url": "https://github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85", "reference_id": "GHSA-r8qr-wwg3-2r85", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64094?format=api", "purl": "pkg:pypi/saleor@3.7.59", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.7.59" }, { "url": "http://public2.vulnerablecode.io/api/packages/64095?format=api", "purl": "pkg:pypi/saleor@3.8.30", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.8.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/64092?format=api", "purl": "pkg:pypi/saleor@3.9.27", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.9.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/64093?format=api", "purl": "pkg:pypi/saleor@3.10.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.10.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/64091?format=api", "purl": "pkg:pypi/saleor@3.11.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.11.12" } ], "aliases": [ "CVE-2023-26051", "GHSA-r8qr-wwg3-2r85" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sxq3-egvv-1kdc" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.7.0" }