Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/34818?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/34818?format=api", "purl": "pkg:maven/io.jenkins.blueocean/blueocean@1.11", "type": "maven", "namespace": "io.jenkins.blueocean", "name": "blueocean", "version": "1.11", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.23.3", "latest_non_vulnerable_version": "1.27.5.1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10285?format=api", "vulnerability_id": "VCID-bmfa-vgay-2fbt", "summary": "Cross-Site Request Forgery (CSRF)\nA data modification vulnerability exists in Jenkins Blue Ocean Plugins in `blueocean-core-js/src/js/bundleStartup.js`, `blueocean-core-js/src/js/fetch.ts`, `blueocean-core-js/src/js/i18n/i18n.js`, `blueocean-core-js/src/js/urlconfig.js`, `blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java`, `blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java`, `blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly` that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHBA-2019:0326", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHBA-2019:0326" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2019:0327", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHBA-2019:0327" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003012.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003012.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-1003012", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.35671", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36182", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36167", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36116", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.35885", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.35853", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.35766", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.35649", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.35719", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.3574", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36066", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36261", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36295", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.3613", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36179", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36197", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36203", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36166", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.3614", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-1003012" }, { "reference_url": "https://github.com/jenkinsci/blueocean-plugin/commit/1a03020b5a50c1e3f47d4b0902ec7fc78d3c86ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/blueocean-plugin/commit/1a03020b5a50c1e3f47d4b0902ec7fc78d3c86ce" }, { "reference_url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1201", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1201" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1670298", "reference_id": "1670298", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1670298" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:blue_ocean:*:*:*:*:*:jenkins:*:*", "reference_id": "cpe:2.3:a:jenkins:blue_ocean:*:*:*:*:*:jenkins:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:blue_ocean:*:*:*:*:*:jenkins:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1003012", "reference_id": "CVE-2019-1003012", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1003012" }, { "reference_url": "https://github.com/advisories/GHSA-qxh5-5r5p-5gvf", "reference_id": "GHSA-qxh5-5r5p-5gvf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qxh5-5r5p-5gvf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83853?format=api", "purl": "pkg:maven/io.jenkins.blueocean/blueocean@1.10.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.jenkins.blueocean/blueocean@1.10.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/34818?format=api", "purl": "pkg:maven/io.jenkins.blueocean/blueocean@1.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.jenkins.blueocean/blueocean@1.11" } ], "aliases": [ "CVE-2019-1003012", "GHSA-qxh5-5r5p-5gvf" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bmfa-vgay-2fbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10287?format=api", "vulnerability_id": "VCID-gmw4-qd6z-aqht", "summary": "Cross-site Scripting\nAn cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins in `blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java`, `blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export/ExportConfig.java`, `blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java`, `blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java`, `blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly' that allows attackers with permission to edit a user's description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHBA-2019:0326", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHBA-2019:0326" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2019:0327", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHBA-2019:0327" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003013.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003013.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-1003013", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18842", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18946", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18955", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18847", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18828", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18783", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18662", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18746", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18849", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.1881", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19035", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.1917", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19222", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18938", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19017", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19071", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19077", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.1903", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18978", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18932", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-1003013" }, { "reference_url": "https://github.com/jenkinsci/blueocean-plugin/commit/62775e78532b756826bb237775b64a5052624b57", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/blueocean-plugin/commit/62775e78532b756826bb237775b64a5052624b57" }, { "reference_url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1204", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1204" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1670299", "reference_id": "1670299", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1670299" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:blue_ocean:*:*:*:*:*:jenkins:*:*", "reference_id": "cpe:2.3:a:jenkins:blue_ocean:*:*:*:*:*:jenkins:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:blue_ocean:*:*:*:*:*:jenkins:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1003013", "reference_id": "CVE-2019-1003013", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" }, { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1003013" }, { "reference_url": "https://github.com/advisories/GHSA-7fjr-5hph-c2mh", "reference_id": "GHSA-7fjr-5hph-c2mh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7fjr-5hph-c2mh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83853?format=api", "purl": "pkg:maven/io.jenkins.blueocean/blueocean@1.10.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.jenkins.blueocean/blueocean@1.10.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/34818?format=api", "purl": "pkg:maven/io.jenkins.blueocean/blueocean@1.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.jenkins.blueocean/blueocean@1.11" } ], "aliases": [ "CVE-2019-1003013", "GHSA-7fjr-5hph-c2mh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gmw4-qd6z-aqht" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.jenkins.blueocean/blueocean@1.11" }