Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/33451?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/33451?format=api", "purl": "pkg:maven/org.xwiki.platform/xwiki-platform-notifications-ui@15.10.1", "type": "maven", "namespace": "org.xwiki.platform", "name": "xwiki-platform-notifications-ui", "version": "15.10.1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37863?format=api", "vulnerability_id": "VCID-vm8k-by6t-ufgf", "summary": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing notifications on some pages because of this. This vulnerability is present in XWiki since 13.2-rc-1. This vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0-rc-1. The patch consists in checking properly the rights of the user before performing any action on the filters. Users are advised to upgrade. It's possible to fix manually the vulnerability by editing the document `XWiki.Notifications.Code.NotificationPreferenceService` to apply the changes performed in commit e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46978", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00473", "scoring_system": "epss", "scoring_elements": "0.65273", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00473", "scoring_system": "epss", "scoring_elements": "0.65172", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46978" }, { "reference_url": "https://github.com/xwiki/xwiki-platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/xwiki/xwiki-platform" }, { "reference_url": "https://github.com/xwiki/xwiki-platform/commit/4771573dac88e0cf04e30f1a8dfa183c048d503a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/xwiki/xwiki-platform/commit/4771573dac88e0cf04e30f1a8dfa183c048d503a" }, { "reference_url": "https://github.com/xwiki/xwiki-platform/commit/99193a7e9a203b5bb8b2583ac96f5f4d56b9aa1a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/xwiki/xwiki-platform/commit/99193a7e9a203b5bb8b2583ac96f5f4d56b9aa1a" }, { "reference_url": "https://github.com/xwiki/xwiki-platform/commit/b9180b874a22e383ad5f2cd9e25bfed4594d4955", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/xwiki/xwiki-platform/commit/b9180b874a22e383ad5f2cd9e25bfed4594d4955" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46978", "reference_id": "CVE-2024-46978", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46978" }, { "reference_url": "https://github.com/xwiki/xwiki-platform/commit/e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4", "reference_id": "e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-20T13:34:23Z/" } ], "url": "https://github.com/xwiki/xwiki-platform/commit/e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4" }, { "reference_url": "https://github.com/advisories/GHSA-r95w-889q-x2gx", "reference_id": "GHSA-r95w-889q-x2gx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r95w-889q-x2gx" }, { "reference_url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r95w-889q-x2gx", "reference_id": "GHSA-r95w-889q-x2gx", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-20T13:34:23Z/" } ], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r95w-889q-x2gx" }, { "reference_url": "https://jira.xwiki.org/browse/XWIKI-20337", "reference_id": "XWIKI-20337", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-20T13:34:23Z/" } ], "url": "https://jira.xwiki.org/browse/XWIKI-20337" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33453?format=api", "purl": "pkg:maven/org.xwiki.platform/xwiki-platform-notifications-ui@14.10.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-notifications-ui@14.10.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/33455?format=api", "purl": "pkg:maven/org.xwiki.platform/xwiki-platform-notifications-ui@15.5.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-notifications-ui@15.5.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/33451?format=api", "purl": "pkg:maven/org.xwiki.platform/xwiki-platform-notifications-ui@15.10.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-notifications-ui@15.10.1" } ], "aliases": [ "CVE-2024-46978", "GHSA-r95w-889q-x2gx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vm8k-by6t-ufgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37845?format=api", "vulnerability_id": "VCID-zpcj-46qf-3fdx", "summary": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to get access to notification filters of any user by using a URL such as `<hostname>xwiki/bin/get/XWiki/Notifications/Code/NotificationFilterPreferenceLivetableResults?outputSyntax=plain&type=custom&user=<username>`. This vulnerability impacts all versions of XWiki since 13.2-rc-1. The filters do not provide much information (they mainly contain references which are public data in XWiki), though some info could be used in combination with other vulnerabilities. This vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0RC1. The patch consists in checking the rights of the user when sending the data. Users are advised to upgrade. It's possible to workaround the vulnerability by applying manually the patch: it's possible for an administrator to edit directly the document `XWiki.Notifications.Code.NotificationFilterPreferenceLivetableResults` to apply the same changes as in the patch. See commit c8c6545f9bde6f5aade994aa5b5903a67b5c2582.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46979", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.60041", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59933", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46979" }, { "reference_url": "https://github.com/xwiki/xwiki-platform", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/xwiki/xwiki-platform" }, { "reference_url": "https://github.com/xwiki/xwiki-platform/commit/29e5edbb2b7068ada17290cea41e0aa8144e1294", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/xwiki/xwiki-platform/commit/29e5edbb2b7068ada17290cea41e0aa8144e1294" }, { "reference_url": "https://github.com/xwiki/xwiki-platform/commit/a0352922a1a61e0e858a9be89d73f0665630a63a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/xwiki/xwiki-platform/commit/a0352922a1a61e0e858a9be89d73f0665630a63a" }, { "reference_url": "https://github.com/xwiki/xwiki-platform/commit/ed090d1aa228848d3860968c437b72db3b09119f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/xwiki/xwiki-platform/commit/ed090d1aa228848d3860968c437b72db3b09119f" }, { "reference_url": "https://github.com/xwiki/xwiki-platform/commit/c8c6545f9bde6f5aade994aa5b5903a67b5c2582", "reference_id": "c8c6545f9bde6f5aade994aa5b5903a67b5c2582", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-18T18:53:20Z/" } ], "url": "https://github.com/xwiki/xwiki-platform/commit/c8c6545f9bde6f5aade994aa5b5903a67b5c2582" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46979", "reference_id": "CVE-2024-46979", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46979" }, { "reference_url": "https://github.com/advisories/GHSA-pg4m-3gp6-hw4w", "reference_id": "GHSA-pg4m-3gp6-hw4w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pg4m-3gp6-hw4w" }, { "reference_url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pg4m-3gp6-hw4w", "reference_id": "GHSA-pg4m-3gp6-hw4w", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-18T18:53:20Z/" } ], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pg4m-3gp6-hw4w" }, { "reference_url": "https://jira.xwiki.org/browse/XWIKI-20336", "reference_id": "XWIKI-20336", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-18T18:53:20Z/" } ], "url": "https://jira.xwiki.org/browse/XWIKI-20336" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33453?format=api", "purl": "pkg:maven/org.xwiki.platform/xwiki-platform-notifications-ui@14.10.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-notifications-ui@14.10.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/33455?format=api", "purl": "pkg:maven/org.xwiki.platform/xwiki-platform-notifications-ui@15.5.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-notifications-ui@15.5.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/33451?format=api", "purl": "pkg:maven/org.xwiki.platform/xwiki-platform-notifications-ui@15.10.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-notifications-ui@15.10.1" } ], "aliases": [ "CVE-2024-46979", "GHSA-pg4m-3gp6-hw4w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zpcj-46qf-3fdx" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-notifications-ui@15.10.1" }