Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/71483?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/71483?format=api", "purl": "pkg:npm/better-auth@1.4.2", "type": "npm", "namespace": "", "name": "better-auth", "version": "1.4.2", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.1.6", "latest_non_vulnerable_version": "1.6.2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21701?format=api", "vulnerability_id": "VCID-fs78-rxdg-aqap", "summary": "Better Auth affected by external request basePath modification DoS\nAffected versions of Better Auth allow an external request to configure `baseURL` when it isn’t defined through any other means. This can be abused to poison the router’s base path, causing all routes to return 404 for all users.\n\nThis issue is only exploitable when `baseURL` is not explicitly configured (e.g., `BETTER_AUTH_URL` is missing) *and* the attacker is able to make the very first request to the server after startup. In properly configured environments or typical managed hosting platforms, this fallback behavior cannot be reached.", "references": [ { "reference_url": "https://github.com/better-auth/better-auth", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/better-auth/better-auth" }, { "reference_url": "https://github.com/better-auth/better-auth/releases/tag/v1.4.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/better-auth/better-auth/releases/tag/v1.4.2" }, { "reference_url": "https://github.com/ray-project/ray/commit/70e7c72780bdec075dba6cad1afe0832772bfe09", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ray-project/ray/commit/70e7c72780bdec075dba6cad1afe0832772bfe09" }, { "reference_url": "https://github.com/advisories/GHSA-569q-mpph-wgww", "reference_id": "GHSA-569q-mpph-wgww", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-569q-mpph-wgww" }, { "reference_url": "https://github.com/better-auth/better-auth/security/advisories/GHSA-569q-mpph-wgww", "reference_id": "GHSA-569q-mpph-wgww", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/better-auth/better-auth/security/advisories/GHSA-569q-mpph-wgww" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71483?format=api", "purl": "pkg:npm/better-auth@1.4.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/better-auth@1.4.2" } ], "aliases": [ "GHSA-569q-mpph-wgww" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fs78-rxdg-aqap" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/better-auth@1.4.2" }