Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/373096?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/373096?format=api", "purl": "pkg:golang/github.com/traefik/traefik/v3@3.0.2", "type": "golang", "namespace": "github.com/traefik/traefik", "name": "v3", "version": "3.0.2", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.0.3", "latest_non_vulnerable_version": "3.7.3", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/359740?format=api", "vulnerability_id": "VCID-cgdu-5wed-pfda", "summary": "Traefik has unexpected behavior with IPv4-mapped IPv6 addresses\n### Impact\n\nThere is a vulnerability in [Go managing various Is methods (IsPrivate, IsLoopback, etc) for IPv4-mapped IPv6 addresses](https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ).\n\nThey didn't work as expected returning false for addresses which would return true in their traditional IPv4 forms.\n\n### References\n\n- [CVE-2024-24790](https://www.cve.org/CVERecord?id=CVE-2024-24790)\n\n### Patches\n\n- https://github.com/traefik/traefik/releases/tag/v2.11.4\n- https://github.com/traefik/traefik/releases/tag/v3.0.2\n\n### Workarounds\n\nNo workaround.\n\n### For more information\n\nIf you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).", "references": [ { "reference_url": "https://github.com/traefik/traefik", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/traefik/traefik" }, { "reference_url": "https://github.com/traefik/traefik/releases/tag/v2.11.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/traefik/traefik/releases/tag/v2.11.4" }, { "reference_url": "https://github.com/traefik/traefik/releases/tag/v3.0.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/traefik/traefik/releases/tag/v3.0.2" }, { "reference_url": "https://github.com/traefik/traefik/security/advisories/GHSA-7jmw-8259-q9jx", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/traefik/traefik/security/advisories/GHSA-7jmw-8259-q9jx" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2024-2917", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pkg.go.dev/vuln/GO-2024-2917" }, { "reference_url": "https://www.cve.org/CVERecord?id=CVE-2024-24790", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cve.org/CVERecord?id=CVE-2024-24790" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373096?format=api", "purl": "pkg:golang/github.com/traefik/traefik/v3@3.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:golang/github.com/traefik/traefik/v3@3.0.2" } ], "aliases": [ "GHSA-7jmw-8259-q9jx" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cgdu-5wed-pfda" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:golang/github.com/traefik/traefik/v3@3.0.2" }