Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/68432?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/68432?format=api", "purl": "pkg:npm/%40fastify/reply-from@9.6.0", "type": "npm", "namespace": "@fastify", "name": "reply-from", "version": "9.6.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "9.6.0", "latest_non_vulnerable_version": "12.5.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46797?format=api", "vulnerability_id": "VCID-buxh-55a9-m3bu", "summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')\nfastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with `@fastify/reply-from` could misinterpret the incoming body by passing an header `ContentType: application/json ; charset=utf-8`. This can lead to bypass of security checks. This vulnerability has been patched in '@fastify/reply-from` version 9.6.0.", "references": [ { "reference_url": "https://github.com/fastify/fastify-reply-from/commit/cbd7c17c09e6476268e34f5e499a6b923e8acc18", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/fastify/fastify-reply-from/commit/cbd7c17c09e6476268e34f5e499a6b923e8acc18" }, { "reference_url": "https://github.com/fastify/fastify-reply-from/releases/tag/v9.6.0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/fastify/fastify-reply-from/releases/tag/v9.6.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51701", "reference_id": "CVE-2023-51701", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51701" }, { "reference_url": "https://github.com/advisories/GHSA-v2v2-hph8-q5xp", "reference_id": "GHSA-v2v2-hph8-q5xp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v2v2-hph8-q5xp" }, { "reference_url": "https://github.com/fastify/fastify-reply-from/security/advisories/GHSA-v2v2-hph8-q5xp", "reference_id": "GHSA-v2v2-hph8-q5xp", "reference_type": "", "scores": [], "url": "https://github.com/fastify/fastify-reply-from/security/advisories/GHSA-v2v2-hph8-q5xp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68432?format=api", "purl": "pkg:npm/%40fastify/reply-from@9.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540fastify/reply-from@9.6.0" } ], "aliases": [ "CVE-2023-51701", "GHSA-v2v2-hph8-q5xp" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-buxh-55a9-m3bu" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540fastify/reply-from@9.6.0" }