Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/68364?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/68364?format=api", "purl": "pkg:maven/org.infinispan/infinispan-cachestore-jdbc-common@14.0.25.Final", "type": "maven", "namespace": "org.infinispan", "name": "infinispan-cachestore-jdbc-common", "version": "14.0.25.Final", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "14.0.25.Final", "latest_non_vulnerable_version": "15.0.0.Dev07", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46742?format=api", "vulnerability_id": "VCID-v2gy-xwcz-xfaz", "summary": "Infinispan caches credentials in clear text\nA flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7676", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7676" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242156" }, { "reference_url": "https://github.com/infinispan/infinispan", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/infinispan/infinispan" }, { "reference_url": "https://github.com/infinispan/infinispan/commit/7140fc9b026ec55786c1aa78bb3cd8bf951fad47", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/infinispan/infinispan/commit/7140fc9b026ec55786c1aa78bb3cd8bf951fad47" }, { "reference_url": "https://github.com/infinispan/infinispan/commit/fd3e18ec3b1a4e7fcfd79392f5bf78792a2b8c61", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/infinispan/infinispan/commit/fd3e18ec3b1a4e7fcfd79392f5bf78792a2b8c61" }, { "reference_url": "https://github.com/infinispan/infinispan/pull/11555", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/infinispan/infinispan/pull/11555" }, { "reference_url": "https://github.com/infinispan/infinispan/pull/11995", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/infinispan/infinispan/pull/11995" }, { "reference_url": "https://issues.redhat.com/browse/ISPN-15202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://issues.redhat.com/browse/ISPN-15202" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240125-0004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20240125-0004" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-5384", "reference_id": "CVE-2023-5384", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2023-5384" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5384", "reference_id": "CVE-2023-5384", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5384" }, { "reference_url": "https://github.com/advisories/GHSA-gg57-587f-h5v6", "reference_id": "GHSA-gg57-587f-h5v6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gg57-587f-h5v6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68364?format=api", "purl": "pkg:maven/org.infinispan/infinispan-cachestore-jdbc-common@14.0.25.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.infinispan/infinispan-cachestore-jdbc-common@14.0.25.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/68363?format=api", "purl": "pkg:maven/org.infinispan/infinispan-cachestore-jdbc-common@15.0.0.Dev07", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.infinispan/infinispan-cachestore-jdbc-common@15.0.0.Dev07" } ], "aliases": [ "CVE-2023-5384", "GHSA-gg57-587f-h5v6" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v2gy-xwcz-xfaz" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.infinispan/infinispan-cachestore-jdbc-common@14.0.25.Final" }