Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/19986?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19986?format=api", "vulnerability_id": "VCID-48c5-a36e-dbfd", "summary": "amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance\nIn artax version before 1.0.6 and 2 before 2.0.6, cookies of `foo.bar.example.com` were leaked to `foo.bar`. Additionally, any site could set cookies for any other site. \nArtax fixed this issue by following newer browser implementations now. Cookies can only be set on domains higher or equal to the current domain, but not on any public suffixes.", "aliases": [ { "alias": "GHSA-gm98-g2wf-7c68" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/24135?format=api", "purl": "pkg:composer/amphp/artax@1.0.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/24132?format=api", "purl": "pkg:composer/amphp/artax@2.0.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.6" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/156142?format=api", "purl": "pkg:composer/amphp/artax@0.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@0.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/156143?format=api", "purl": "pkg:composer/amphp/artax@0.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@0.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/156144?format=api", "purl": "pkg:composer/amphp/artax@0.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@0.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/156145?format=api", "purl": "pkg:composer/amphp/artax@0.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@0.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/156146?format=api", "purl": "pkg:composer/amphp/artax@0.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@0.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/156147?format=api", "purl": "pkg:composer/amphp/artax@0.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@0.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/156148?format=api", "purl": "pkg:composer/amphp/artax@0.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@0.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/156149?format=api", "purl": "pkg:composer/amphp/artax@0.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@0.6.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/156150?format=api", "purl": "pkg:composer/amphp/artax@0.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@0.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/156151?format=api", "purl": "pkg:composer/amphp/artax@0.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@0.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/156152?format=api", "purl": "pkg:composer/amphp/artax@1.0.0-alpha", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.0-alpha" }, { "url": "http://public2.vulnerablecode.io/api/packages/156153?format=api", "purl": "pkg:composer/amphp/artax@1.0.0-beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.0-beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/156154?format=api", "purl": "pkg:composer/amphp/artax@1.0.0-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.0-beta2" }, { "url": "http://public2.vulnerablecode.io/api/packages/156155?format=api", "purl": "pkg:composer/amphp/artax@1.0.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.0-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/156156?format=api", "purl": "pkg:composer/amphp/artax@1.0.0-rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.0-rc2" }, { "url": "http://public2.vulnerablecode.io/api/packages/156157?format=api", "purl": "pkg:composer/amphp/artax@1.0.0-rc3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.0-rc3" }, { "url": "http://public2.vulnerablecode.io/api/packages/156158?format=api", "purl": "pkg:composer/amphp/artax@1.0.0-rc4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.0-rc4" }, { "url": "http://public2.vulnerablecode.io/api/packages/156159?format=api", "purl": "pkg:composer/amphp/artax@1.0.0-rc5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.0-rc5" }, { "url": "http://public2.vulnerablecode.io/api/packages/156160?format=api", "purl": "pkg:composer/amphp/artax@1.0.0-rc6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.0-rc6" }, { "url": "http://public2.vulnerablecode.io/api/packages/156161?format=api", "purl": "pkg:composer/amphp/artax@1.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/156162?format=api", "purl": "pkg:composer/amphp/artax@1.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/156163?format=api", "purl": "pkg:composer/amphp/artax@1.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/156164?format=api", "purl": "pkg:composer/amphp/artax@1.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/22718?format=api", "purl": "pkg:composer/amphp/artax@1.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/161819?format=api", "purl": "pkg:composer/amphp/artax@1.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/22716?format=api", "purl": "pkg:composer/amphp/artax@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/156165?format=api", "purl": "pkg:composer/amphp/artax@2.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/156166?format=api", "purl": "pkg:composer/amphp/artax@2.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/156167?format=api", "purl": "pkg:composer/amphp/artax@2.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" }, { "vulnerability": "VCID-zawz-vky5-tkgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/22720?format=api", "purl": "pkg:composer/amphp/artax@2.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/161820?format=api", "purl": "pkg:composer/amphp/artax@2.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48c5-a36e-dbfd" }, { "vulnerability": "VCID-j1u4-14p9-9fdn" }, { "vulnerability": "VCID-t4d6-pvhk-mfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.5" } ], "references": [ { "reference_url": "https://github.com/amphp/artax", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/amphp/artax" }, { "reference_url": "https://github.com/amphp/artax/commit/25668b891d2bced567bd69611c7d18b6a93d5fc4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/amphp/artax/commit/25668b891d2bced567bd69611c7d18b6a93d5fc4" }, { "reference_url": "https://github.com/amphp/artax/commit/accdadaf78f7a43305c3a97d6a964bbc550a555d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/amphp/artax/commit/accdadaf78f7a43305c3a97d6a964bbc550a555d" }, { "reference_url": "https://github.com/amphp/artax/releases/tag/v2.0.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/amphp/artax/releases/tag/v2.0.6" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/artax/2017-05-09.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/artax/2017-05-09.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-gm98-g2wf-7c68", "reference_id": "GHSA-gm98-g2wf-7c68", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gm98-g2wf-7c68" } ], "weaknesses": [ { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-48c5-a36e-dbfd" }