Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/64861?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/64861?format=api", "purl": "pkg:maven/org.xwiki.platform/xwiki-platform-localization-source-wiki@4.3-milestone-2", "type": "maven", "namespace": "org.xwiki.platform", "name": "xwiki-platform-localization-source-wiki", "version": "4.3-milestone-2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "13.10.11", "latest_non_vulnerable_version": "15.10-rc-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47446?format=api", "vulnerability_id": "VCID-7tcf-gnan-cbga", "summary": "XWiki Platform: Remote code execution from edit in multilingual wikis via translations\nIn multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations (script right for user-scope translations, wiki admin for translations on the wiki). This can be exploited for remote code execution if the translation value is not properly escaped where it is used. To reproduce, in a multilingual wiki, as a user without script or admin right, edit a translation of `AppWithinMinutes.Translations` and in the line `platform.appwithinminutes.description=` add `{{async}}{{groovy}}println(\"Hello from Translation\"){{/groovy}}{{/async}}` at the end. Then open the app with in minutes home page (`AppWithinMinutes.WebHome`) in the same locale. If translations are still working and \"Hello from Translation\" is displayed at the end of the introduction, the installation is vulnerable.", "references": [ { "reference_url": "https://github.com/xwiki/xwiki-platform", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/xwiki/xwiki-platform" }, { "reference_url": "https://github.com/xwiki/xwiki-platform/commit/2a9ce88f33663c53c9c63b2ea573f4720ea2efb9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/xwiki/xwiki-platform/commit/2a9ce88f33663c53c9c63b2ea573f4720ea2efb9" }, { "reference_url": "https://github.com/xwiki/xwiki-platform/commit/73aef9648bbff04b697837f1b906932f0d5caacb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/xwiki/xwiki-platform/commit/73aef9648bbff04b697837f1b906932f0d5caacb" }, { "reference_url": "https://github.com/xwiki/xwiki-platform/commit/c4c8d61c30de72298d805ccc82df2a307f131c54", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/xwiki/xwiki-platform/commit/c4c8d61c30de72298d805ccc82df2a307f131c54" }, { "reference_url": "https://jira.xwiki.org/browse/XWIKI-21411", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jira.xwiki.org/browse/XWIKI-21411" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31983", "reference_id": "CVE-2024-31983", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31983" }, { "reference_url": "https://github.com/advisories/GHSA-xxp2-9c9g-7wmj", "reference_id": "GHSA-xxp2-9c9g-7wmj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xxp2-9c9g-7wmj" }, { "reference_url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xxp2-9c9g-7wmj", "reference_id": "GHSA-xxp2-9c9g-7wmj", "reference_type": "", "scores": [], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xxp2-9c9g-7wmj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69723?format=api", "purl": "pkg:maven/org.xwiki.platform/xwiki-platform-localization-source-wiki@14.10.20", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-localization-source-wiki@14.10.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/69724?format=api", "purl": "pkg:maven/org.xwiki.platform/xwiki-platform-localization-source-wiki@15.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-localization-source-wiki@15.5.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/69725?format=api", "purl": "pkg:maven/org.xwiki.platform/xwiki-platform-localization-source-wiki@15.10-rc-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-localization-source-wiki@15.10-rc-1" } ], "aliases": [ "CVE-2024-31983", "GHSA-xxp2-9c9g-7wmj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7tcf-gnan-cbga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45000?format=api", "vulnerability_id": "VCID-htw6-eyey-k3au", "summary": "Uncaught Exception\nXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. This will lead to a broken page. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no workarounds other than fixing any way to create a document that fail to load.", "references": [ { "reference_url": "https://jira.xwiki.org/browse/XWIKI-20460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jira.xwiki.org/browse/XWIKI-20460" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29520", "reference_id": "CVE-2023-29520", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29520" }, { "reference_url": "https://github.com/advisories/GHSA-9jq5-xwqw-q8j3", "reference_id": "GHSA-9jq5-xwqw-q8j3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9jq5-xwqw-q8j3" }, { "reference_url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9jq5-xwqw-q8j3", "reference_id": "GHSA-9jq5-xwqw-q8j3", "reference_type": "", "scores": [], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9jq5-xwqw-q8j3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64864?format=api", "purl": "pkg:maven/org.xwiki.platform/xwiki-platform-localization-source-wiki@13.10.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-localization-source-wiki@13.10.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/64865?format=api", "purl": "pkg:maven/org.xwiki.platform/xwiki-platform-localization-source-wiki@14.4.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-localization-source-wiki@14.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/64866?format=api", "purl": "pkg:maven/org.xwiki.platform/xwiki-platform-localization-source-wiki@14.10.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-localization-source-wiki@14.10.1" } ], "aliases": [ "CVE-2023-29520", "GHSA-9jq5-xwqw-q8j3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-htw6-eyey-k3au" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-localization-source-wiki@4.3-milestone-2" }