Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/68678?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/68678?format=api", "purl": "pkg:composer/phpmailer/phpmailer@1.7.4", "type": "composer", "namespace": "phpmailer", "name": "phpmailer", "version": "1.7.4", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "5.2.0", "latest_non_vulnerable_version": "6.0.6", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46933?format=api", "vulnerability_id": "VCID-jgpk-6myg-mkds", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nPHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.", "references": [ { "reference_url": "https://cxsecurity.com/issue/WLB-2007060063", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cxsecurity.com/issue/WLB-2007060063" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34818" }, { "reference_url": "https://seclists.org/fulldisclosure/2011/Oct/223", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/fulldisclosure/2011/Oct/223" }, { "reference_url": "https://sourceforge.net/p/phpmailer/bugs/192/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceforge.net/p/phpmailer/bugs/192/" }, { "reference_url": "https://web.archive.org/web/20070714054359/http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20070714054359/http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/" }, { "reference_url": "https://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce" }, { "reference_url": "https://github.com/advisories/GHSA-6h78-85v2-mmch", "reference_id": "GHSA-6h78-85v2-mmch", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6h78-85v2-mmch" }, { "reference_url": "https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-6h78-85v2-mmch", "reference_id": "GHSA-6h78-85v2-mmch", "reference_type": "", "scores": [], "url": "https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-6h78-85v2-mmch" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68678?format=api", "purl": "pkg:composer/phpmailer/phpmailer@1.7.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@1.7.4" } ], "aliases": [ "CVE-2007-3215", "GHSA-6h78-85v2-mmch" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jgpk-6myg-mkds" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@1.7.4" }