Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/38617?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38617?format=api", "vulnerability_id": "VCID-kyy8-szgp-bkfh", "summary": "Cross-Site Request Forgery (CSRF)\nA malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.", "aliases": [ { "alias": "CVE-2017-7662" }, { "alias": "GHSA-f5ch-36rg-vfcc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53571?format=api", "purl": "pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/53570?format=api", "purl": "pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/62101?format=api", "purl": "pkg:maven/org.apache.cxf.fediz/fediz-oidc@1.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/fediz-oidc@1.3.2" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53567?format=api", "purl": "pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-65a6-3ngq-kke9" }, { "vulnerability": "VCID-kyy8-szgp-bkfh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/53568?format=api", "purl": "pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-65a6-3ngq-kke9" }, { "vulnerability": "VCID-kyy8-szgp-bkfh" }, { "vulnerability": "VCID-zw44-zqrm-jycc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.0" } ], "references": [ { "reference_url": "https://github.com/apache/cxf-fediz/commit/c68e4820816c19241568f4a8fe8600bffb0243cd", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/cxf-fediz/commit/c68e4820816c19241568f4a8fe8600bffb0243cd" }, { "reference_url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E" }, { "reference_url": "http://www.securitytracker.com/id/1038498", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1038498" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7662", "reference_id": "CVE-2017-7662", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7662" }, { "reference_url": "http://cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.asc", "reference_id": "CVE-2017-7662.TXT.ASC", "reference_type": "", "scores": [], "url": "http://cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.asc" }, { "reference_url": "https://github.com/advisories/GHSA-f5ch-36rg-vfcc", "reference_id": "GHSA-f5ch-36rg-vfcc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f5ch-36rg-vfcc" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 352, "name": "Cross-Site Request Forgery (CSRF)", "description": "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kyy8-szgp-bkfh" }