Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/54848?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54848?format=api", "vulnerability_id": "VCID-yyyq-za39-r3hh", "summary": "FOSUserBundle Entropy is lost in the TokenGenerator\nBecause of the usage of base_convert which looses precision for large inputs, the entropy of tokens generated by FOSUserBundle for the email confirmation and password resetting is lost. This makes these tokens much less random than they are expected to be, and so not cryptographically safe.", "aliases": [ { "alias": "GHSA-pjx8-984p-7p3x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81391?format=api", "purl": "pkg:composer/friendsofsymfony/user-bundle@1.3.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/friendsofsymfony/user-bundle@1.3.5" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81390?format=api", "purl": "pkg:composer/friendsofsymfony/user-bundle@1.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yyyq-za39-r3hh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/friendsofsymfony/user-bundle@1.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/739775?format=api", "purl": "pkg:composer/friendsofsymfony/user-bundle@1.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yyyq-za39-r3hh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/friendsofsymfony/user-bundle@1.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/51272?format=api", "purl": "pkg:composer/friendsofsymfony/user-bundle@1.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-98wp-9e1h-yfgg" }, { "vulnerability": "VCID-cp9j-3948-mud8" }, { "vulnerability": "VCID-fkq5-7t4p-jbdk" }, { "vulnerability": "VCID-ky5a-sata-5yf6" }, { "vulnerability": "VCID-nnxf-zbvz-1qdb" }, { "vulnerability": "VCID-sv3j-tu9a-pucg" }, { "vulnerability": "VCID-yyyq-za39-r3hh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/friendsofsymfony/user-bundle@1.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/51274?format=api", "purl": "pkg:composer/friendsofsymfony/user-bundle@1.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cp9j-3948-mud8" }, { "vulnerability": "VCID-fkq5-7t4p-jbdk" }, { "vulnerability": "VCID-ky5a-sata-5yf6" }, { "vulnerability": "VCID-yyyq-za39-r3hh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/friendsofsymfony/user-bundle@1.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/197821?format=api", "purl": "pkg:composer/friendsofsymfony/user-bundle@1.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cp9j-3948-mud8" }, { "vulnerability": "VCID-fkq5-7t4p-jbdk" }, { "vulnerability": "VCID-ky5a-sata-5yf6" }, { "vulnerability": "VCID-yyyq-za39-r3hh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/friendsofsymfony/user-bundle@1.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/197822?format=api", "purl": "pkg:composer/friendsofsymfony/user-bundle@1.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cp9j-3948-mud8" }, { "vulnerability": "VCID-fkq5-7t4p-jbdk" }, { "vulnerability": "VCID-ky5a-sata-5yf6" }, { "vulnerability": "VCID-yyyq-za39-r3hh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/friendsofsymfony/user-bundle@1.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51273?format=api", "purl": "pkg:composer/friendsofsymfony/user-bundle@1.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cp9j-3948-mud8" }, { "vulnerability": "VCID-ky5a-sata-5yf6" }, { "vulnerability": "VCID-yyyq-za39-r3hh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/friendsofsymfony/user-bundle@1.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/51608?format=api", "purl": "pkg:composer/friendsofsymfony/user-bundle@1.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cp9j-3948-mud8" }, { "vulnerability": "VCID-yyyq-za39-r3hh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/friendsofsymfony/user-bundle@1.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/51607?format=api", "purl": "pkg:composer/friendsofsymfony/user-bundle@1.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ky5a-sata-5yf6" }, { "vulnerability": "VCID-yyyq-za39-r3hh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/friendsofsymfony/user-bundle@1.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/197823?format=api", "purl": "pkg:composer/friendsofsymfony/user-bundle@1.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ky5a-sata-5yf6" }, { "vulnerability": "VCID-yyyq-za39-r3hh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/friendsofsymfony/user-bundle@1.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/197824?format=api", "purl": "pkg:composer/friendsofsymfony/user-bundle@1.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ky5a-sata-5yf6" }, { "vulnerability": "VCID-yyyq-za39-r3hh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/friendsofsymfony/user-bundle@1.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/51609?format=api", "purl": "pkg:composer/friendsofsymfony/user-bundle@1.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yyyq-za39-r3hh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/friendsofsymfony/user-bundle@1.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/739776?format=api", "purl": "pkg:composer/friendsofsymfony/user-bundle@1.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yyyq-za39-r3hh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/friendsofsymfony/user-bundle@1.3.4" } ], "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/friendsofsymfony/user-bundle/2014-09-04-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/friendsofsymfony/user-bundle/2014-09-04-1.yaml" }, { "reference_url": "https://github.com/FriendsOfSymfony/FOSUserBundle", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfSymfony/FOSUserBundle" }, { "reference_url": "https://github.com/FriendsOfSymfony/FOSUserBundle/commit/b3ebfea52065e9727508f5f8e6c9f7459a1b06d8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfSymfony/FOSUserBundle/commit/b3ebfea52065e9727508f5f8e6c9f7459a1b06d8" }, { "reference_url": "https://symfony.com/blog/fosuserbundle-entropy-of-generated-tokens-is-lost", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/fosuserbundle-entropy-of-generated-tokens-is-lost" }, { "reference_url": "https://github.com/advisories/GHSA-pjx8-984p-7p3x", "reference_id": "GHSA-pjx8-984p-7p3x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pjx8-984p-7p3x" } ], "weaknesses": [ { "cwe_id": 331, "name": "Insufficient Entropy", "description": "The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yyyq-za39-r3hh" }