Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/40911?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40911?format=api", "vulnerability_id": "VCID-5kwa-7kx3-kfga", "summary": "Weak Password Recovery Mechanism for Forgotten Password\nContao has a Weak Password Recovery Mechanism for a Forgotten Password.", "aliases": [ { "alias": "CVE-2019-10641" }, { "alias": "GHSA-vcgg-hp4r-87gx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63016?format=api", "purl": "pkg:composer/contao/contao@4.4.37", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.4.37" }, { "url": "http://public2.vulnerablecode.io/api/packages/62090?format=api", "purl": "pkg:composer/contao/contao@4.7.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.7.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/57835?format=api", "purl": "pkg:composer/contao/core@3.5.39", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.5.39" }, { "url": "http://public2.vulnerablecode.io/api/packages/57829?format=api", "purl": "pkg:composer/contao/core-bundle@4.4.37", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.4.37" }, { "url": "http://public2.vulnerablecode.io/api/packages/57830?format=api", "purl": "pkg:composer/contao/core-bundle@4.7.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.7.3" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58738?format=api", "purl": "pkg:composer/contao/contao@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kwa-7kx3-kfga" }, { "vulnerability": "VCID-82d1-8yn8-sydv" }, { "vulnerability": "VCID-crsc-bhc9-y3f9" }, { "vulnerability": "VCID-epmj-qf23-xffd" }, { "vulnerability": "VCID-rj3d-jeyz-vye5" }, { "vulnerability": "VCID-t2u3-tgg3-cbb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/58739?format=api", "purl": "pkg:composer/contao/contao@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kwa-7kx3-kfga" }, { "vulnerability": "VCID-82d1-8yn8-sydv" }, { "vulnerability": "VCID-epmj-qf23-xffd" }, { "vulnerability": "VCID-rj3d-jeyz-vye5" }, { "vulnerability": "VCID-t2u3-tgg3-cbb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/51725?format=api", "purl": "pkg:composer/contao/core@3.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5639-8xt3-8ugc" }, { "vulnerability": "VCID-5kwa-7kx3-kfga" }, { "vulnerability": "VCID-ejwd-wgb2-47e2" }, { "vulnerability": "VCID-u721-yafq-bkc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/57827?format=api", "purl": "pkg:composer/contao/core-bundle@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kwa-7kx3-kfga" }, { "vulnerability": "VCID-82d1-8yn8-sydv" }, { "vulnerability": "VCID-jbcs-b2p9-myhz" }, { "vulnerability": "VCID-jzx2-et8q-7qhm" }, { "vulnerability": "VCID-nepv-9985-37g4" }, { "vulnerability": "VCID-r1h5-ag74-dbaw" }, { "vulnerability": "VCID-rj3d-jeyz-vye5" }, { "vulnerability": "VCID-t2u3-tgg3-cbb9" }, { "vulnerability": "VCID-wyd5-t8at-8bba" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/57828?format=api", "purl": "pkg:composer/contao/core-bundle@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3fux-z15d-13g1" }, { "vulnerability": "VCID-5kwa-7kx3-kfga" }, { "vulnerability": "VCID-82d1-8yn8-sydv" }, { "vulnerability": "VCID-azpb-eq6c-e7bw" }, { "vulnerability": "VCID-rj3d-jeyz-vye5" }, { "vulnerability": "VCID-t2u3-tgg3-cbb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.5.0" } ], "references": [ { "reference_url": "https://contao.org/en/news/security-vulnerability-cve-2019-10641.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://contao.org/en/news/security-vulnerability-cve-2019-10641.html" }, { "reference_url": "https://github.com/contao/contao/commit/74c7dfafa0dfa5363a9463b486522d5d526e28fe", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/contao/contao/commit/74c7dfafa0dfa5363a9463b486522d5d526e28fe" }, { "reference_url": "https://github.com/contao/contao/commit/b92e27bc7c9e59226077937f840c74ffd0f672e8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/contao/contao/commit/b92e27bc7c9e59226077937f840c74ffd0f672e8" }, { "reference_url": "https://github.com/contao/core/commit/119a1b5bd9e62d27ca2838727084d04f3b7fcd32", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/contao/core/commit/119a1b5bd9e62d27ca2838727084d04f3b7fcd32" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10641", "reference_id": "CVE-2019-10641", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10641" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-10641.yaml", "reference_id": "CVE-2019-10641.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-10641.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-10641.yaml", "reference_id": "CVE-2019-10641.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-10641.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2019-10641.yaml", "reference_id": "CVE-2019-10641.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2019-10641.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-vcgg-hp4r-87gx", "reference_id": "GHSA-vcgg-hp4r-87gx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vcgg-hp4r-87gx" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 640, "name": "Weak Password Recovery Mechanism for Forgotten Password", "description": "The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5kwa-7kx3-kfga" }