Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/142297?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/142297?format=api", "purl": "pkg:npm/acorn@6.0.0", "type": "npm", "namespace": "", "name": "acorn", "version": "6.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "6.4.1", "latest_non_vulnerable_version": "7.1.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33436?format=api", "vulnerability_id": "VCID-4t4e-47cq-2ffx", "summary": "Withdrawn: ESLint dependencies are vulnerable (ReDoS and Prototype Pollution)\n**Withdrawn**\nGitHub has withdrawn this advisory in place of GHSA-vh95-rmgr-6w4m and GHSA-6chw-6frg-f759.\nThe reason for withdrawing is that some mistakes were made during the ingestion of CVE-2020-7598\nwhich caused this advisory to be published with incorrect information.\n\nIn order to provide accurate advisory information, new advisories were created:\n\n- minimist: https://github.com/advisories/GHSA-vh95-rmgr-6w4m\n- acorn: https://github.com/advisories/GHSA-6chw-6frg-f759", "references": [ { "reference_url": "https://github.com/advisories/GHSA-6chw-6frg-f759", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6chw-6frg-f759" }, { "reference_url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m" }, { "reference_url": "https://github.com/advisories/GHSA-7fhm-mqm4-2wp7", "reference_id": "GHSA-7fhm-mqm4-2wp7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7fhm-mqm4-2wp7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72703?format=api", "purl": "pkg:npm/acorn@6.4.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/acorn@6.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/72704?format=api", "purl": "pkg:npm/acorn@7.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/acorn@7.1.1" } ], "aliases": [ "GHSA-7fhm-mqm4-2wp7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4t4e-47cq-2ffx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32454?format=api", "vulnerability_id": "VCID-9eyp-2a6k-xya4", "summary": "Regular Expression Denial of Service in Acorn\nAffected versions of acorn are vulnerable to Regular Expression Denial of Service.\nA regex in the form of /[x-\\ud800]/u causes the parser to enter an infinite loop.\nThe string is not valid UTF16 which usually results in it being sanitized before reaching the parser.\nIf an application processes untrusted input and passes it directly to acorn,\nattackers may leverage the vulnerability leading to Denial of Service.", "references": [ { "reference_url": "https://github.com/acornjs/acorn/commit/793c0e569ed1158672e3a40aeed1d8518832b802", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/acornjs/acorn/commit/793c0e569ed1158672e3a40aeed1d8518832b802" }, { "reference_url": "https://github.com/acornjs/acorn/issues/929", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/acornjs/acorn/issues/929" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-ACORN-559469", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-ACORN-559469" }, { "reference_url": "https://www.npmjs.com/advisories/1488", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1488" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72703?format=api", "purl": "pkg:npm/acorn@6.4.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/acorn@6.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/72704?format=api", "purl": "pkg:npm/acorn@7.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/acorn@7.1.1" } ], "aliases": [ "GHSA-6chw-6frg-f759", "GMS-2020-702" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9eyp-2a6k-xya4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266976?format=api", "vulnerability_id": "VCID-znj9-9zem-s3c9", "summary": "Regular Expression Denial of Service\nA regex in the form of `/[x-\\ud800]/u` causes the parser to enter an infinite loop. The string is not valid UTF16 which usually results in it being sanitized before reaching the parser.", "references": [ { "reference_url": "https://github.com/acornjs/acorn/commit/793c0e569ed1158672e3a40aeed1d8518832b802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/acornjs/acorn/commit/793c0e569ed1158672e3a40aeed1d8518832b802" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-ACORN-559469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://snyk.io/vuln/SNYK-JS-ACORN-559469" }, { "reference_url": "https://www.npmjs.com/advisories/1488", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.npmjs.com/advisories/1488" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72703?format=api", "purl": "pkg:npm/acorn@6.4.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/acorn@6.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/72704?format=api", "purl": "pkg:npm/acorn@7.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/acorn@7.1.1" } ], "aliases": [ "GMS-2020-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-znj9-9zem-s3c9" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/acorn@6.0.0" }