Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/50728?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50728?format=api", "vulnerability_id": "VCID-d5e8-hpy3-9qfv", "summary": "Flowise has Insufficient Password Salt Rounds\nThe default bcrypt salt rounds is set to 5, which is below the recommended minimum for security.", "aliases": [ { "alias": "GHSA-x2g5-fvc2-gqvp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74477?format=api", "purl": "pkg:npm/flowise@3.0.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/flowise@3.0.13" } ], "affected_packages": [], "references": [ { "reference_url": "https://github.com/FlowiseAI/Flowise", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FlowiseAI/Flowise" }, { "reference_url": "https://github.com/FlowiseAI/Flowise/pull/5665", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FlowiseAI/Flowise/pull/5665" }, { "reference_url": "https://github.com/advisories/GHSA-x2g5-fvc2-gqvp", "reference_id": "GHSA-x2g5-fvc2-gqvp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x2g5-fvc2-gqvp" }, { "reference_url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-x2g5-fvc2-gqvp", "reference_id": "GHSA-x2g5-fvc2-gqvp", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-x2g5-fvc2-gqvp" } ], "weaknesses": [ { "cwe_id": 328, "name": "Use of Weak Hash", "description": "The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack)." }, { "cwe_id": 916, "name": "Use of Password Hash With Insufficient Computational Effort", "description": "The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d5e8-hpy3-9qfv" }