Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/711684?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/711684?format=api", "purl": "pkg:composer/bref/bref@0.2.0", "type": "composer", "namespace": "bref", "name": "bref", "version": "0.2.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.1.17", "latest_non_vulnerable_version": "2.1.17", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47310?format=api", "vulnerability_id": "VCID-1fqv-mznx-gfge", "summary": "Slow String Operations via MultiPart Requests in Event-Driven Functions\nWhen Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object.\nDuring the conversion process, if the request is a MultiPart, each part is parsed. In the parsing process, the `Content-Type` header of each part is read using the [`Riverline/multipart-parser`](https://github.com/Riverline/multipart-parser/) library.\n\nThe library, in the `StreamedPart::parseHeaderContent` function, performs slow multi-byte string operations on the header value.\nPrecisely, the [`mb_convert_encoding`](https://www.php.net/manual/en/function.mb-convert-encoding.php) function is used with the first (`$string`) and third (`$from_encoding`) parameters read from the header value.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29186", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30024", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.3001", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.29996", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30055", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30091", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29186" }, { "reference_url": "https://github.com/brefphp/bref", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/brefphp/bref" }, { "reference_url": "https://github.com/brefphp/bref/commit/5f7c0294628dbcec6305f638ff7e2dba8a1c2f45", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-22T18:09:18Z/" } ], "url": "https://github.com/brefphp/bref/commit/5f7c0294628dbcec6305f638ff7e2dba8a1c2f45" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29186", "reference_id": "CVE-2024-29186", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29186" }, { "reference_url": "https://github.com/advisories/GHSA-j4hq-f63x-f39r", "reference_id": "GHSA-j4hq-f63x-f39r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j4hq-f63x-f39r" }, { "reference_url": "https://github.com/brefphp/bref/security/advisories/GHSA-j4hq-f63x-f39r", "reference_id": "GHSA-j4hq-f63x-f39r", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-22T18:09:18Z/" } ], "url": "https://github.com/brefphp/bref/security/advisories/GHSA-j4hq-f63x-f39r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69511?format=api", "purl": "pkg:composer/bref/bref@2.1.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/bref/bref@2.1.17" } ], "aliases": [ "CVE-2024-29186", "GHSA-j4hq-f63x-f39r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1fqv-mznx-gfge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46924?format=api", "vulnerability_id": "VCID-av6v-9gya-3kd2", "summary": "Interpretation Conflict\nBref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relies on multiple headers with the same key being set for security reasons, then Bref would lower the application security. For example, if an application sets multiple ``Content-Security-Policy`` headers, then Bref would just reflect the latest one. This vulnerability is patched in 2.1.13.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24753", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40807", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40788", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40776", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40837", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40832", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24753" }, { "reference_url": "https://github.com/brefphp/bref", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/brefphp/bref" }, { "reference_url": "https://github.com/brefphp/bref/blob/2.1.12/src/Event/Http/HttpResponse.php#L61-L90", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/brefphp/bref/blob/2.1.12/src/Event/Http/HttpResponse.php#L61-L90" }, { "reference_url": "https://github.com/brefphp/bref/commit/f834027aaf88b3885f4aa8edf6944ae920daf2dc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T19:51:56Z/" } ], "url": "https://github.com/brefphp/bref/commit/f834027aaf88b3885f4aa8edf6944ae920daf2dc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24753", "reference_id": "CVE-2024-24753", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24753" }, { "reference_url": "https://github.com/advisories/GHSA-99f9-gv72-fw9r", "reference_id": "GHSA-99f9-gv72-fw9r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-99f9-gv72-fw9r" }, { "reference_url": "https://github.com/brefphp/bref/security/advisories/GHSA-99f9-gv72-fw9r", "reference_id": "GHSA-99f9-gv72-fw9r", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T19:51:56Z/" } ], "url": "https://github.com/brefphp/bref/security/advisories/GHSA-99f9-gv72-fw9r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68669?format=api", "purl": "pkg:composer/bref/bref@2.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fqv-mznx-gfge" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/bref/bref@2.1.13" } ], "aliases": [ "CVE-2024-24753", "GHSA-99f9-gv72-fw9r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-av6v-9gya-3kd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46928?format=api", "vulnerability_id": "VCID-gm92-k23v-3bgs", "summary": "Bref's Uploaded Files Not Deleted in Event-Driven Functions\nWhen Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object.\nDuring the conversion process, if the request is a MultiPart, each part is parsed and for each which contains a file, it is extracted and saved in `/tmp` with a random filename starting with `bref_upload_`.\n\nThe function implementing the logic follows:\n\n```php\nprivate static function parseBodyAndUploadedFiles(HttpRequestEvent $event): array\n{\n$bodyString = $event->getBody();\n$files = [];\n$parsedBody = null;\n$contentType = $event->getContentType();\nif ($contentType !== null && $event->getMethod() === 'POST') {\nif (str_starts_with($contentType, 'application/x-www-form-urlencoded')) {\nparse_str($bodyString, $parsedBody);\n} else {\n$document = new Part(\"Content-type: $contentType\\r\\n\\r\\n\" . $bodyString);\nif ($document->isMultiPart()) {\n$parsedBody = [];\nforeach ($document->getParts() as $part) {\nif ($part->isFile()) {\n$tmpPath = tempnam(sys_get_temp_dir(), 'bref_upload_');\nif ($tmpPath === false) {\nthrow new RuntimeException('Unable to create a temporary directory');\n}\nfile_put_contents($tmpPath, $part->getBody());\n$file = new UploadedFile($tmpPath, filesize($tmpPath), UPLOAD_ERR_OK, $part->getFileName(), $part->getMimeType());\n\nself::parseKeyAndInsertValueInArray($files, $part->getName(), $file);\n} else {\nself::parseKeyAndInsertValueInArray($parsedBody, $part->getName(), $part->getBody());\n}\n}\n}\n}\n}\nreturn [$files, $parsedBody];\n}\n```\n\nThe flow mimics what plain PHP does but it does not delete the temporary files when the request has been processed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24752", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34017", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33988", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33966", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33999", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34031", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24752" }, { "reference_url": "https://github.com/brefphp/bref", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/brefphp/bref" }, { "reference_url": "https://github.com/brefphp/bref/blob/2.1.12/src/Event/Http/Psr7Bridge.php#L94-L125", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/brefphp/bref/blob/2.1.12/src/Event/Http/Psr7Bridge.php#L94-L125" }, { "reference_url": "https://github.com/brefphp/bref/commit/350788de12880b6fd64c4c318ba995388bec840e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T17:05:38Z/" } ], "url": "https://github.com/brefphp/bref/commit/350788de12880b6fd64c4c318ba995388bec840e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24752", "reference_id": "CVE-2024-24752", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24752" }, { "reference_url": "https://github.com/advisories/GHSA-x4hh-frx8-98r5", "reference_id": "GHSA-x4hh-frx8-98r5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x4hh-frx8-98r5" }, { "reference_url": "https://github.com/brefphp/bref/security/advisories/GHSA-x4hh-frx8-98r5", "reference_id": "GHSA-x4hh-frx8-98r5", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T17:05:38Z/" } ], "url": "https://github.com/brefphp/bref/security/advisories/GHSA-x4hh-frx8-98r5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68669?format=api", "purl": "pkg:composer/bref/bref@2.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fqv-mznx-gfge" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/bref/bref@2.1.13" } ], "aliases": [ "CVE-2024-24752", "GHSA-x4hh-frx8-98r5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gm92-k23v-3bgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46929?format=api", "vulnerability_id": "VCID-rt9g-9qva-m3e6", "summary": "Interpretation Conflict\nBref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content added in the `$files` or `$parsedBody` arrays. The conversion process produces a different output compared to the one of plain PHP when keys ending with and open square bracket ([) are used. Based on the application logic the difference in the body parsing might lead to vulnerabilities and/or undefined behaviors. This vulnerability is patched in 2.1.13.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24754", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45561", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45534", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45521", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45546", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45566", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24754" }, { "reference_url": "https://github.com/brefphp/bref", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/brefphp/bref" }, { "reference_url": "https://github.com/brefphp/bref/blob/2.1.12/src/Event/Http/Psr7Bridge.php#L130-L168", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/brefphp/bref/blob/2.1.12/src/Event/Http/Psr7Bridge.php#L130-L168" }, { "reference_url": "https://github.com/brefphp/bref/commit/c77d9f5abf021f29fa96b5720b7b84adbd199092", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:38:19Z/" } ], "url": "https://github.com/brefphp/bref/commit/c77d9f5abf021f29fa96b5720b7b84adbd199092" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24754", "reference_id": "CVE-2024-24754", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24754" }, { "reference_url": "https://github.com/advisories/GHSA-82vx-mm6r-gg8w", "reference_id": "GHSA-82vx-mm6r-gg8w", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-82vx-mm6r-gg8w" }, { "reference_url": "https://github.com/brefphp/bref/security/advisories/GHSA-82vx-mm6r-gg8w", "reference_id": "GHSA-82vx-mm6r-gg8w", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:38:19Z/" } ], "url": "https://github.com/brefphp/bref/security/advisories/GHSA-82vx-mm6r-gg8w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68669?format=api", "purl": "pkg:composer/bref/bref@2.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fqv-mznx-gfge" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/bref/bref@2.1.13" } ], "aliases": [ "CVE-2024-24754", "GHSA-82vx-mm6r-gg8w" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rt9g-9qva-m3e6" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/bref/bref@0.2.0" }