Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/67450?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/67450?format=api", "purl": "pkg:gem/encoded_id-rails@1.0.0.beta2", "type": "gem", "namespace": "", "name": "encoded_id-rails", "version": "1.0.0.beta2", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.0.0.beta2", "latest_non_vulnerable_version": "1.0.0.beta2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46254?format=api", "vulnerability_id": "VCID-x9fv-1c9p-2bet", "summary": "encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs\nThe length of URIs and the various parts (eg path segments, query parameters) is usually limited by the webserver processing the incoming request. In the case of Puma the defaults are :\n\n- path segment length: 8192\n- Max URI length: 1024 * 12\n- Max query length: 1024 * 10\n\nSee https://github.com/puma/puma/blob/master/docs/compile_options.md\n\nIf too long Puma raises:\n> Puma caught this error: HTTP element REQUEST_PATH is longer than the (8192) allowed length (was 12503) (Puma::HttpParserError)\n\nHowever due to the performance of `hashids` extremely long encoded IDs will consume a large amount of CPU and allocate a huge number of intermediate objects.\n\nFor example:", "references": [ { "reference_url": "https://github.com/stevegeek/encoded_id-rails", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/stevegeek/encoded_id-rails" }, { "reference_url": "https://github.com/stevegeek/encoded_id-rails/commit/afa495a77b8a21ad582611f9cdc2081dc4018b91", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/stevegeek/encoded_id-rails/commit/afa495a77b8a21ad582611f9cdc2081dc4018b91" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0241", "reference_id": "CVE-2024-0241", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0241" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/encoded_id-rails/CVE-2024-0241.yml", "reference_id": "CVE-2024-0241.YML", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/encoded_id-rails/CVE-2024-0241.yml" }, { "reference_url": "https://github.com/advisories/GHSA-3px7-jm2p-6h2c", "reference_id": "GHSA-3px7-jm2p-6h2c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3px7-jm2p-6h2c" }, { "reference_url": "https://github.com/stevegeek/encoded_id-rails/security/advisories/GHSA-3px7-jm2p-6h2c", "reference_id": "GHSA-3px7-jm2p-6h2c", "reference_type": "", "scores": [], "url": "https://github.com/stevegeek/encoded_id-rails/security/advisories/GHSA-3px7-jm2p-6h2c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67450?format=api", "purl": "pkg:gem/encoded_id-rails@1.0.0.beta2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/encoded_id-rails@1.0.0.beta2" } ], "aliases": [ "CVE-2024-0241", "GHSA-3px7-jm2p-6h2c", "GMS-2023-3722" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x9fv-1c9p-2bet" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/encoded_id-rails@1.0.0.beta2" }