Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/66617?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/66617?format=api", "purl": "pkg:composer/craftcms/cms@3.8.15", "type": "composer", "namespace": "craftcms", "name": "cms", "version": "3.8.15", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.9.6", "latest_non_vulnerable_version": "5.9.9", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45893?format=api", "vulnerability_id": "VCID-ec34-nvn3-qbcb", "summary": "Craft CMS vulnerable to Remote Code Execution via validatePath bypass\nBypassing the validatePath function can lead to potential Remote Code Execution\n(Post-authentication, ALLOW_ADMIN_CHANGES=true)", "references": [ { "reference_url": "https://github.com/craftcms/cms", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/craftcms/cms" }, { "reference_url": "https://github.com/craftcms/cms/commit/0bd33861abdc60c93209cff03eeee54504d3d3b5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/craftcms/cms/commit/0bd33861abdc60c93209cff03eeee54504d3d3b5" }, { "reference_url": "https://github.com/craftcms/cms/releases/tag/3.8.15", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/craftcms/cms/releases/tag/3.8.15" }, { "reference_url": "https://github.com/craftcms/cms/releases/tag/4.4.15", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/craftcms/cms/releases/tag/4.4.15" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40035", "reference_id": "CVE-2023-40035", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40035" }, { "reference_url": "https://github.com/advisories/GHSA-44wr-rmwq-3phw", "reference_id": "GHSA-44wr-rmwq-3phw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-44wr-rmwq-3phw" }, { "reference_url": "https://github.com/craftcms/cms/security/advisories/GHSA-44wr-rmwq-3phw", "reference_id": "GHSA-44wr-rmwq-3phw", "reference_type": "", "scores": [], "url": "https://github.com/craftcms/cms/security/advisories/GHSA-44wr-rmwq-3phw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66617?format=api", "purl": "pkg:composer/craftcms/cms@3.8.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.8.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/66616?format=api", "purl": "pkg:composer/craftcms/cms@4.4.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.4.15" } ], "aliases": [ "CVE-2023-40035", "GHSA-44wr-rmwq-3phw" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ec34-nvn3-qbcb" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.8.15" }