GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/54844?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54844?format=api",
    "vulnerability_id": "VCID-6pq5-ehf4-cuau",
    "summary": "amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance\nIn artax version before 1.0.6 and 2 before 2.0.6, cookies of `foo.bar.example.com` were leaked to `foo.bar`. Additionally, any site could set cookies for any other site.\nArtax fixed this issue by following newer browser implementations now. Cookies can only be set on domains higher or equal to the current domain, but not on any public suffixes.",
    "aliases": [
        {
            "alias": "GHSA-gm98-g2wf-7c68"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/53541?format=api",
            "purl": "pkg:composer/amphp/artax@1.0.6",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.6"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/53538?format=api",
            "purl": "pkg:composer/amphp/artax@2.0.6",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.6"
        }
    ],
    "affected_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/52831?format=api",
            "purl": "pkg:composer/amphp/artax@2.0.0",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-6pq5-ehf4-cuau"
                },
                {
                    "vulnerability": "VCID-bq2j-t19h-zyad"
                },
                {
                    "vulnerability": "VCID-ksam-dbjr-8ugw"
                },
                {
                    "vulnerability": "VCID-yb95-bbrp-n7da"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.0"
        }
    ],
    "references": [
        {
            "reference_url": "https://github.com/amphp/artax",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "MODERATE",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://github.com/amphp/artax"
        },
        {
            "reference_url": "https://github.com/amphp/artax/commit/25668b891d2bced567bd69611c7d18b6a93d5fc4",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "MODERATE",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://github.com/amphp/artax/commit/25668b891d2bced567bd69611c7d18b6a93d5fc4"
        },
        {
            "reference_url": "https://github.com/amphp/artax/commit/accdadaf78f7a43305c3a97d6a964bbc550a555d",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "MODERATE",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://github.com/amphp/artax/commit/accdadaf78f7a43305c3a97d6a964bbc550a555d"
        },
        {
            "reference_url": "https://github.com/amphp/artax/releases/tag/v2.0.6",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "MODERATE",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://github.com/amphp/artax/releases/tag/v2.0.6"
        },
        {
            "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/artax/2017-05-09.yaml",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "MODERATE",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/artax/2017-05-09.yaml"
        },
        {
            "reference_url": "https://github.com/advisories/GHSA-gm98-g2wf-7c68",
            "reference_id": "GHSA-gm98-g2wf-7c68",
            "reference_type": "",
            "scores": [],
            "url": "https://github.com/advisories/GHSA-gm98-g2wf-7c68"
        }
    ],
    "weaknesses": [
        {
            "cwe_id": 937,
            "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities",
            "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."
        },
        {
            "cwe_id": 1035,
            "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities",
            "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."
        }
    ],
    "exploits": [],
    "severity_range_score": "4.0 - 6.9",
    "exploitability": "0.5",
    "weighted_severity": "6.2",
    "risk_score": 3.1,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6pq5-ehf4-cuau"
}