Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/66611?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/66611?format=api", "purl": "pkg:maven/org.xwiki.platform/xwiki-platform-appwithinminutes-ui@4.3-milestone-2", "type": "maven", "namespace": "org.xwiki.platform", "name": "xwiki-platform-appwithinminutes-ui", "version": "4.3-milestone-2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "13.10.11", "latest_non_vulnerable_version": "15.1-rc-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45885?format=api", "vulnerability_id": "VCID-rfw8-d1zs-ruck", "summary": "XWiki Platform privilege escalation (PR) from account through AWM content fields\nAny registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation.", "references": [ { "reference_url": "https://github.com/xwiki/xwiki-platform/commit/dfb1cde173e363ca5c12eb3654869f9719820262", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/xwiki/xwiki-platform/commit/dfb1cde173e363ca5c12eb3654869f9719820262" }, { "reference_url": "https://jira.xwiki.org/browse/XWIKI-7369", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jira.xwiki.org/browse/XWIKI-7369" }, { "reference_url": "https://github.com/advisories/GHSA-5mf8-v43w-mfxp", "reference_id": "GHSA-5mf8-v43w-mfxp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5mf8-v43w-mfxp" }, { "reference_url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5mf8-v43w-mfxp", "reference_id": "GHSA-5mf8-v43w-mfxp", "reference_type": "", "scores": [], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5mf8-v43w-mfxp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65714?format=api", "purl": "pkg:maven/org.xwiki.platform/xwiki-platform-appwithinminutes-ui@14.10.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-appwithinminutes-ui@14.10.5" } ], "aliases": [ "CVE-2023-40177", "GHSA-5mf8-v43w-mfxp" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rfw8-d1zs-ruck" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-appwithinminutes-ui@4.3-milestone-2" }