Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/66110?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/66110?format=api", "purl": "pkg:nuget/UmbracoCms@12.0.0", "type": "nuget", "namespace": "", "name": "UmbracoCms", "version": "12.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "12.0.1", "latest_non_vulnerable_version": "12.3.4", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46621?format=api", "vulnerability_id": "VCID-1rkh-7s4e-vyen", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nUmbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Versions 8.18.10, 10.8.1, and 12.3.0 contain a patch for this issue.", "references": [ { "reference_url": "https://github.com/umbraco/Umbraco-CMS", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/umbraco/Umbraco-CMS" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49089", "reference_id": "CVE-2023-49089", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49089" }, { "reference_url": "https://github.com/advisories/GHSA-6324-52pr-h4p5", "reference_id": "GHSA-6324-52pr-h4p5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6324-52pr-h4p5" }, { "reference_url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6324-52pr-h4p5", "reference_id": "GHSA-6324-52pr-h4p5", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6324-52pr-h4p5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68116?format=api", "purl": "pkg:nuget/UmbracoCms@12.3.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@12.3.0" } ], "aliases": [ "CVE-2023-49089", "GHSA-6324-52pr-h4p5" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1rkh-7s4e-vyen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46618?format=api", "vulnerability_id": "VCID-2exh-k5tm-r3cy", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nUmbraco is an ASP.NET content management system (CMS). Starting in 10.0.0 and prior to versions 10.8.1 and 12.3.4, Umbraco contains a cross-site scripting (XSS) vulnerability enabling attackers to bring malicious content into a website or application. Versions 10.8.1 and 12.3.4 contain a patch for this issue.", "references": [ { "reference_url": "https://github.com/umbraco/Umbraco-CMS", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/umbraco/Umbraco-CMS" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48313", "reference_id": "CVE-2023-48313", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48313" }, { "reference_url": "https://github.com/advisories/GHSA-v98m-398x-269r", "reference_id": "GHSA-v98m-398x-269r", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v98m-398x-269r" }, { "reference_url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-v98m-398x-269r", "reference_id": "GHSA-v98m-398x-269r", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-v98m-398x-269r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68121?format=api", "purl": "pkg:nuget/UmbracoCms@12.3.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@12.3.4" } ], "aliases": [ "CVE-2023-48313", "GHSA-v98m-398x-269r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2exh-k5tm-r3cy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46612?format=api", "vulnerability_id": "VCID-6hye-45tx-auc9", "summary": "Incorrect Authorization\nUmbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, users with low privileges (Editor, etc.) are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.", "references": [ { "reference_url": "https://github.com/umbraco/Umbraco-CMS", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/umbraco/Umbraco-CMS" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49273", "reference_id": "CVE-2023-49273", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49273" }, { "reference_url": "https://github.com/advisories/GHSA-cfr5-7p54-4qg8", "reference_id": "GHSA-cfr5-7p54-4qg8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cfr5-7p54-4qg8" }, { "reference_url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-cfr5-7p54-4qg8", "reference_id": "GHSA-cfr5-7p54-4qg8", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-cfr5-7p54-4qg8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68121?format=api", "purl": "pkg:nuget/UmbracoCms@12.3.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@12.3.4" } ], "aliases": [ "CVE-2023-49273", "GHSA-cfr5-7p54-4qg8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6hye-45tx-auc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46620?format=api", "vulnerability_id": "VCID-azpt-qmk7-1ueu", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nUmbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0 contain a patch for this issue. Some workarounds are available. Implement the server side file validation or serve all media from an different host (e.g cdn) than where Umbraco is hosted.", "references": [ { "reference_url": "https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation" }, { "reference_url": "https://github.com/umbraco/Umbraco-CMS", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/umbraco/Umbraco-CMS" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49279", "reference_id": "CVE-2023-49279", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49279" }, { "reference_url": "https://github.com/advisories/GHSA-6xmx-85x3-4cv2", "reference_id": "GHSA-6xmx-85x3-4cv2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6xmx-85x3-4cv2" }, { "reference_url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2", "reference_id": "GHSA-6xmx-85x3-4cv2", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68132?format=api", "purl": "pkg:nuget/UmbracoCms@12.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@12.2.0" } ], "aliases": [ "CVE-2023-49279", "GHSA-6xmx-85x3-4cv2" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-azpt-qmk7-1ueu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46623?format=api", "vulnerability_id": "VCID-ehsc-c1uh-tua1", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nUmbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can be used to collect valid usernames. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.", "references": [ { "reference_url": "https://github.com/umbraco/Umbraco-CMS", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/umbraco/Umbraco-CMS" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49278", "reference_id": "CVE-2023-49278", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49278" }, { "reference_url": "https://github.com/advisories/GHSA-7x74-h8cw-qhxq", "reference_id": "GHSA-7x74-h8cw-qhxq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7x74-h8cw-qhxq" }, { "reference_url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-7x74-h8cw-qhxq", "reference_id": "GHSA-7x74-h8cw-qhxq", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-7x74-h8cw-qhxq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68121?format=api", "purl": "pkg:nuget/UmbracoCms@12.3.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@12.3.4" } ], "aliases": [ "CVE-2023-49278", "GHSA-7x74-h8cw-qhxq" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ehsc-c1uh-tua1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45648?format=api", "vulnerability_id": "VCID-m8gs-zxzd-e3hu", "summary": "Improper Access Control\nUmbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.", "references": [ { "reference_url": "https://github.com/umbraco/Umbraco-CMS", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/umbraco/Umbraco-CMS" }, { "reference_url": "https://github.com/umbraco/Umbraco-CMS/commit/1f26f2c6f3428833892cde5c6d8441fb041e410e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/umbraco/Umbraco-CMS/commit/1f26f2c6f3428833892cde5c6d8441fb041e410e" }, { "reference_url": "https://github.com/umbraco/Umbraco-CMS/commit/20a4e475c8d7b91d263e4e103ef19f3644e7b569", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/umbraco/Umbraco-CMS/commit/20a4e475c8d7b91d263e4e103ef19f3644e7b569" }, { "reference_url": "https://github.com/umbraco/Umbraco-CMS/commit/82eae48d098b9deecbdf86cf288b2b18020e1fed", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/umbraco/Umbraco-CMS/commit/82eae48d098b9deecbdf86cf288b2b18020e1fed" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37267", "reference_id": "CVE-2023-37267", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37267" }, { "reference_url": "https://github.com/advisories/GHSA-h8wc-r4jh-mg7m", "reference_id": "GHSA-h8wc-r4jh-mg7m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h8wc-r4jh-mg7m" }, { "reference_url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-h8wc-r4jh-mg7m", "reference_id": "GHSA-h8wc-r4jh-mg7m", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-h8wc-r4jh-mg7m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66113?format=api", "purl": "pkg:nuget/UmbracoCms@12.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@12.0.1" } ], "aliases": [ "CVE-2023-37267", "GHSA-h8wc-r4jh-mg7m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m8gs-zxzd-e3hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46617?format=api", "vulnerability_id": "VCID-xu9a-vwjv-5ycb", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nUmbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a user enumeration attack is possible when SMTP is not set up correctly, but reset password is enabled. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.", "references": [ { "reference_url": "https://github.com/umbraco/Umbraco-CMS", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/umbraco/Umbraco-CMS" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49274", "reference_id": "CVE-2023-49274", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49274" }, { "reference_url": "https://github.com/advisories/GHSA-8qp8-9rpw-j46c", "reference_id": "GHSA-8qp8-9rpw-j46c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8qp8-9rpw-j46c" }, { "reference_url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-8qp8-9rpw-j46c", "reference_id": "GHSA-8qp8-9rpw-j46c", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-8qp8-9rpw-j46c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68121?format=api", "purl": "pkg:nuget/UmbracoCms@12.3.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@12.3.4" } ], "aliases": [ "CVE-2023-49274", "GHSA-8qp8-9rpw-j46c" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xu9a-vwjv-5ycb" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@12.0.0" }