Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/373024?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/373024?format=api", "purl": "pkg:golang/github.com/snapcore/snapd@2.62.0", "type": "golang", "namespace": "github.com/snapcore", "name": "snapd", "version": "2.62.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "0.0.0-20240524114846-68ee9c6aa916", "latest_non_vulnerable_version": "2.63.1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47969?format=api", "vulnerability_id": "VCID-4g5y-gcrx-d7ad", "summary": "In snapd versions prior to 2.62, snapd failed to properly check the\ndestination of symbolic links when extracting a snap. The snap format \nis a squashfs file-system image and so can contain symbolic links and\nother file types. Various file entries within the snap squashfs image\n(such as icons and desktop files etc) are directly read by snapd when\nit is extracted. An attacker who could convince a user to install a\nmalicious snap which contained symbolic links at these paths could then \ncause snapd to write out the contents of the symbolic link destination\ninto a world-readable directory. This in-turn could allow an unprivileged\nuser to gain access to privileged information.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29069", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11084", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29069" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29069", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29069" }, { "reference_url": "https://github.com/snapcore/snapd", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/snapcore/snapd" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29069", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29069" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2024-3009", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pkg.go.dev/vuln/GO-2024-3009" }, { "reference_url": "https://github.com/snapcore/snapd/pull/13682", "reference_id": "13682", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-26T13:27:42Z/" } ], "url": "https://github.com/snapcore/snapd/pull/13682" }, { "reference_url": "https://usn.ubuntu.com/6940-1/", "reference_id": "USN-6940-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6940-1/" }, { "reference_url": "https://usn.ubuntu.com/6940-2/", "reference_id": "USN-6940-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6940-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373024?format=api", "purl": "pkg:golang/github.com/snapcore/snapd@2.62.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:golang/github.com/snapcore/snapd@2.62.0" } ], "aliases": [ "CVE-2024-29069", "GHSA-69p6-gp5x-j269" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4g5y-gcrx-d7ad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47920?format=api", "vulnerability_id": "VCID-awda-tuhp-d3gm", "summary": "In snapd versions prior to 2.62, snapd failed to properly check the file\ntype when extracting a snap. The snap format is a squashfs file-system\nimage and so can contain files that are non-regular files (such as pipes \nor sockets etc). Various file entries within the snap squashfs image\n(such as icons etc) are directly read by snapd when it is extracted. An \nattacker who could convince a user to install a malicious snap which\ncontained non-regular files at these paths could then cause snapd to block\nindefinitely trying to read from such files and cause a denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29068", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08296", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29068", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29068" }, { "reference_url": "https://github.com/snapcore/snapd", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H" }, { "value": "5.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/snapcore/snapd" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29068", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H" }, { "value": "5.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29068" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2024-3008", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H" }, { "value": "5.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pkg.go.dev/vuln/GO-2024-3008" }, { "reference_url": "https://github.com/snapcore/snapd/pull/13682", "reference_id": "13682", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H" }, { "value": "5.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-25T20:21:23Z/" } ], "url": "https://github.com/snapcore/snapd/pull/13682" }, { "reference_url": "https://github.com/snapcore/snapd/commit/b66fee81606a1c05f965a876ccbaf44174194063", "reference_id": "b66fee81606a1c05f965a876ccbaf44174194063", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H" }, { "value": "5.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-25T20:21:23Z/" } ], "url": "https://github.com/snapcore/snapd/commit/b66fee81606a1c05f965a876ccbaf44174194063" }, { "reference_url": "https://usn.ubuntu.com/6940-1/", "reference_id": "USN-6940-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6940-1/" }, { "reference_url": "https://usn.ubuntu.com/6940-2/", "reference_id": "USN-6940-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6940-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373024?format=api", "purl": "pkg:golang/github.com/snapcore/snapd@2.62.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:golang/github.com/snapcore/snapd@2.62.0" } ], "aliases": [ "CVE-2024-29068", "GHSA-64jh-cjwc-w8q6" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-awda-tuhp-d3gm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54009?format=api", "vulnerability_id": "VCID-pa1f-ehv3-9kb2", "summary": "In snapd versions prior to 2.62, when using AppArmor for enforcement of \nsandbox permissions, snapd failed to restrict writes to the $HOME/bin\npath. In Ubuntu, when this path exists, it is automatically added to\nthe users PATH. An attacker who could convince a user to install a\nmalicious snap which used the 'home' plug could use this vulnerability\nto install arbitrary scripts into the users PATH which may then be run\nby the user outside of the expected snap sandbox and hence allow them\nto escape confinement.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1724.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1724.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1724", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11003", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1724" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1724", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1724" }, { "reference_url": "https://github.com/snapcore/snapd", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/snapcore/snapd" }, { "reference_url": "https://gld.mcphail.uk/posts/explaining-cve-2024-1724", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gld.mcphail.uk/posts/explaining-cve-2024-1724" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1724", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1724" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2024-3007", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pkg.go.dev/vuln/GO-2024-3007" }, { "reference_url": "https://github.com/snapcore/snapd/pull/13689", "reference_id": "13689", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-25T19:25:43Z/" } ], "url": "https://github.com/snapcore/snapd/pull/13689" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299945", "reference_id": "2299945", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299945" }, { "reference_url": "https://github.com/snapcore/snapd/commit/aa191f97713de8dc3ce3ac818539f0b976eb8ef6", "reference_id": "aa191f97713de8dc3ce3ac818539f0b976eb8ef6", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-25T19:25:43Z/" } ], "url": "https://github.com/snapcore/snapd/commit/aa191f97713de8dc3ce3ac818539f0b976eb8ef6" }, { "reference_url": "https://gld.mcphail.uk/posts/explaining-cve-2024-1724/", "reference_id": "explaining-cve-2024-1724", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-25T19:25:43Z/" } ], "url": "https://gld.mcphail.uk/posts/explaining-cve-2024-1724/" }, { "reference_url": "https://usn.ubuntu.com/6940-1/", "reference_id": "USN-6940-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6940-1/" }, { "reference_url": "https://usn.ubuntu.com/6940-2/", "reference_id": "USN-6940-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6940-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373024?format=api", "purl": "pkg:golang/github.com/snapcore/snapd@2.62.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:golang/github.com/snapcore/snapd@2.62.0" } ], "aliases": [ "CVE-2024-1724", "GHSA-4mh8-9689-38vr" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pa1f-ehv3-9kb2" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:golang/github.com/snapcore/snapd@2.62.0" }