Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/38042?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38042?format=api", "vulnerability_id": "VCID-2c84-9xxd-pub2", "summary": "CSRF vulnerability in GridFieldAddExistingAutocompleter\nGridField does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites. Amongst other default CMS interfaces, GridField is used for management of groups, users and permissions in the CMS.", "aliases": [ { "alias": "SS-2016-002" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52568?format=api", "purl": "pkg:composer/silverstripe/cms@3.1.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.1.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/52569?format=api", "purl": "pkg:composer/silverstripe/cms@3.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/52570?format=api", "purl": "pkg:composer/silverstripe/cms@3.3.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.3.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52565?format=api", "purl": "pkg:composer/silverstripe/cms@3.1.0-alpha", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2c84-9xxd-pub2" }, { "vulnerability": "VCID-5cd5-kmjz-h7bv" }, { "vulnerability": "VCID-wdcz-6vpn-ffd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.1.0-alpha" }, { "url": "http://public2.vulnerablecode.io/api/packages/52566?format=api", "purl": "pkg:composer/silverstripe/cms@3.2.0-alpha", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2c84-9xxd-pub2" }, { "vulnerability": "VCID-5cd5-kmjz-h7bv" }, { "vulnerability": "VCID-wdcz-6vpn-ffd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.2.0-alpha" }, { "url": "http://public2.vulnerablecode.io/api/packages/52567?format=api", "purl": "pkg:composer/silverstripe/cms@3.3.0-alpha", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2c84-9xxd-pub2" }, { "vulnerability": "VCID-5cd5-kmjz-h7bv" }, { "vulnerability": "VCID-wdcz-6vpn-ffd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.3.0-alpha" } ], "references": [ { "reference_url": "http://www.silverstripe.org/download/security-releases/ss-2016-002/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.silverstripe.org/download/security-releases/ss-2016-002/" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2c84-9xxd-pub2" }