Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/64091?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/64091?format=api", "purl": "pkg:pypi/saleor@3.11.12", "type": "pypi", "namespace": "", "name": "saleor", "version": "3.11.12", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.14.61", "latest_non_vulnerable_version": "3.19.15", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44560?format=api", "vulnerability_id": "VCID-4zmr-5jbx-z3ha", "summary": "Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions\nSaleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. This issue has been patched in versions 3.1.48, 3.7.59, 3.8.0, 3.9.27, 3.10.14 and 3.11.12.", "references": [ { "reference_url": "https://github.com/saleor/saleor/releases/tag/3.10.14", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saleor/saleor/releases/tag/3.10.14" }, { "reference_url": "https://github.com/saleor/saleor/releases/tag/3.11.12", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saleor/saleor/releases/tag/3.11.12" }, { "reference_url": "https://github.com/saleor/saleor/releases/tag/3.1.48", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saleor/saleor/releases/tag/3.1.48" }, { "reference_url": "https://github.com/saleor/saleor/releases/tag/3.7.59", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saleor/saleor/releases/tag/3.7.59" }, { "reference_url": "https://github.com/saleor/saleor/releases/tag/3.8.30", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saleor/saleor/releases/tag/3.8.30" }, { "reference_url": "https://github.com/saleor/saleor/releases/tag/3.9.27", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saleor/saleor/releases/tag/3.9.27" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26052", "reference_id": "CVE-2023-26052", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26052" }, { "reference_url": "https://github.com/advisories/GHSA-3hvj-3cg9-v242", "reference_id": "GHSA-3hvj-3cg9-v242", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3hvj-3cg9-v242" }, { "reference_url": "https://github.com/saleor/saleor/security/advisories/GHSA-3hvj-3cg9-v242", "reference_id": "GHSA-3hvj-3cg9-v242", "reference_type": "", "scores": [], "url": "https://github.com/saleor/saleor/security/advisories/GHSA-3hvj-3cg9-v242" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64090?format=api", "purl": "pkg:pypi/saleor@3.1.48", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.1.48" }, { "url": "http://public2.vulnerablecode.io/api/packages/64094?format=api", "purl": "pkg:pypi/saleor@3.7.59", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.7.59" }, { "url": "http://public2.vulnerablecode.io/api/packages/64095?format=api", "purl": "pkg:pypi/saleor@3.8.30", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.8.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/64092?format=api", "purl": "pkg:pypi/saleor@3.9.27", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.9.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/64093?format=api", "purl": "pkg:pypi/saleor@3.10.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.10.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/64091?format=api", "purl": "pkg:pypi/saleor@3.11.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.11.12" } ], "aliases": [ "CVE-2023-26052", "GHSA-3hvj-3cg9-v242" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4zmr-5jbx-z3ha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44580?format=api", "vulnerability_id": "VCID-sxq3-egvv-1kdc", "summary": "Saleor has Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions\nSaleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.", "references": [ { "reference_url": "https://github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1" }, { "reference_url": "https://github.com/saleor/saleor/releases/tag/3.10.14", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saleor/saleor/releases/tag/3.10.14" }, { "reference_url": "https://github.com/saleor/saleor/releases/tag/3.11.12", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saleor/saleor/releases/tag/3.11.12" }, { "reference_url": "https://github.com/saleor/saleor/releases/tag/3.1.48", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saleor/saleor/releases/tag/3.1.48" }, { "reference_url": "https://github.com/saleor/saleor/releases/tag/3.7.59", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saleor/saleor/releases/tag/3.7.59" }, { "reference_url": "https://github.com/saleor/saleor/releases/tag/3.8.30", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saleor/saleor/releases/tag/3.8.30" }, { "reference_url": "https://github.com/saleor/saleor/releases/tag/3.9.27", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saleor/saleor/releases/tag/3.9.27" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26051", "reference_id": "CVE-2023-26051", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26051" }, { "reference_url": "https://github.com/advisories/GHSA-r8qr-wwg3-2r85", "reference_id": "GHSA-r8qr-wwg3-2r85", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r8qr-wwg3-2r85" }, { "reference_url": "https://github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85", "reference_id": "GHSA-r8qr-wwg3-2r85", "reference_type": "", "scores": [], "url": "https://github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64090?format=api", "purl": "pkg:pypi/saleor@3.1.48", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.1.48" }, { "url": "http://public2.vulnerablecode.io/api/packages/64094?format=api", "purl": "pkg:pypi/saleor@3.7.59", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.7.59" }, { "url": "http://public2.vulnerablecode.io/api/packages/64095?format=api", "purl": "pkg:pypi/saleor@3.8.30", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.8.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/64092?format=api", "purl": "pkg:pypi/saleor@3.9.27", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.9.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/64093?format=api", "purl": "pkg:pypi/saleor@3.10.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.10.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/64091?format=api", "purl": "pkg:pypi/saleor@3.11.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.11.12" } ], "aliases": [ "CVE-2023-26051", "GHSA-r8qr-wwg3-2r85" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sxq3-egvv-1kdc" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/saleor@3.11.12" }