Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/38048?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38048?format=api", "vulnerability_id": "VCID-z3v2-mvd3-y3fw", "summary": "Authentication credentails logged in clear text\nA common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised.", "aliases": [ { "alias": "GMS-2016-15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52580?format=api", "purl": "pkg:npm/grunt-gh-pages@1.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/grunt-gh-pages@1.0.0" } ], "affected_packages": [], "references": [], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z3v2-mvd3-y3fw" }