Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/55070?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55070?format=api", "vulnerability_id": "VCID-5a1s-8e8c-qkdx", "summary": "Sylius Resource Bundle Cross-Site Request Forgery vulnerability\nSylius 1.0.0 to 1.0.16, 1.1.0 to 1.1.8, 1.2.0 to 1.2.1 versions of AdminBundle and ResourceBundle are affected by this security issue.\n\nThis issue has been fixed in Sylius 1.0.17, 1.1.9 and 1.2.2. Development branch for 1.3 release has also been fixed.", "aliases": [ { "alias": "GHSA-65v7-wg35-2qpm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81661?format=api", "purl": "pkg:composer/sylius/resource-bundle@1.0.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g1vh-b6q7-1ya7" }, { "vulnerability": "VCID-q8qd-8pyx-jyaa" }, { "vulnerability": "VCID-ywcd-9aje-jqa6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.0.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/81662?format=api", "purl": "pkg:composer/sylius/resource-bundle@1.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g1vh-b6q7-1ya7" }, { "vulnerability": "VCID-q8qd-8pyx-jyaa" }, { "vulnerability": "VCID-ywcd-9aje-jqa6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/81663?format=api", "purl": "pkg:composer/sylius/resource-bundle@1.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g1vh-b6q7-1ya7" }, { "vulnerability": "VCID-q8qd-8pyx-jyaa" }, { "vulnerability": "VCID-ywcd-9aje-jqa6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.2.2" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81658?format=api", "purl": "pkg:composer/sylius/resource-bundle@1.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5a1s-8e8c-qkdx" }, { "vulnerability": "VCID-g1vh-b6q7-1ya7" }, { "vulnerability": "VCID-q8qd-8pyx-jyaa" }, { "vulnerability": "VCID-ywcd-9aje-jqa6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/81659?format=api", "purl": "pkg:composer/sylius/resource-bundle@1.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5a1s-8e8c-qkdx" }, { "vulnerability": "VCID-g1vh-b6q7-1ya7" }, { "vulnerability": "VCID-q8qd-8pyx-jyaa" }, { "vulnerability": "VCID-ywcd-9aje-jqa6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/81660?format=api", "purl": "pkg:composer/sylius/resource-bundle@1.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5a1s-8e8c-qkdx" }, { "vulnerability": "VCID-g1vh-b6q7-1ya7" }, { "vulnerability": "VCID-q8qd-8pyx-jyaa" }, { "vulnerability": "VCID-ywcd-9aje-jqa6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.2.0" } ], "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/sylius/2018-07-09.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/sylius/2018-07-09.yaml" }, { "reference_url": "https://github.com/Sylius/SyliusResourceBundle", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Sylius/SyliusResourceBundle" }, { "reference_url": "https://github.com/Sylius/SyliusResourceBundle/commit/9720ac5a0a39ea2c2a395ef16a94a00aa86c418b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Sylius/SyliusResourceBundle/commit/9720ac5a0a39ea2c2a395ef16a94a00aa86c418b" }, { "reference_url": "https://sylius.com/blog/csrf-vulnerability-in-admin-panel", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://sylius.com/blog/csrf-vulnerability-in-admin-panel" }, { "reference_url": "https://github.com/advisories/GHSA-65v7-wg35-2qpm", "reference_id": "GHSA-65v7-wg35-2qpm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-65v7-wg35-2qpm" } ], "weaknesses": [ { "cwe_id": 352, "name": "Cross-Site Request Forgery (CSRF)", "description": "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5a1s-8e8c-qkdx" }