GET

Package Instance

Lookup for vulnerable packages by Package URL.

GET /api/packages/65518?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/65518?format=api",
    "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.400",
    "type": "maven",
    "namespace": "org.jenkins-ci.main",
    "name": "jenkins-core",
    "version": "2.400",
    "qualifiers": {},
    "subpath": "",
    "is_vulnerable": true,
    "next_non_vulnerable_version": "2.401.1",
    "latest_non_vulnerable_version": "2.551",
    "affected_by_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45391?format=api",
            "vulnerability_id": "VCID-4pk4-kr33-y7gj",
            "summary": "Cross-Site Request Forgery (CSRF)\nIn Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.",
            "references": [
                {
                    "reference_url": "https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135"
                },
                {
                    "reference_url": "http://www.openwall.com/lists/oss-security/2023/06/14/5",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://www.openwall.com/lists/oss-security/2023/06/14/5"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35141",
                    "reference_id": "CVE-2023-35141",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35141"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/65519?format=api",
                    "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@2.401.1",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.401.1"
                }
            ],
            "aliases": [
                "CVE-2023-35141"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4pk4-kr33-y7gj"
        }
    ],
    "fixing_vulnerabilities": [],
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.400"
}