Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/417085?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/417085?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2014.05.1", "type": "composer", "namespace": "ezsystems", "name": "ezpublish-legacy", "version": "2014.05.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2017.12.7.4", "latest_non_vulnerable_version": "2019.03.6", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/362331?format=api", "vulnerability_id": "VCID-1n4y-a3m5-13ce", "summary": "EZSA-2018-009 Do not interpret PHP/PHAR uploads", "references": [ { "reference_url": "http://share.ez.no/community-project/security-advisories/ezsa-2018-009-do-not-interpret-php-phar-uploads", "reference_id": "", "reference_type": "", "scores": [], "url": "http://share.ez.no/community-project/security-advisories/ezsa-2018-009-do-not-interpret-php-phar-uploads" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31341?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%252B3" }, { "url": "http://public2.vulnerablecode.io/api/packages/433890?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-95mj-pnx2-gfh6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/31345?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2019.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gvfu-agv3-g7cy" }, { "vulnerability": "VCID-mfrx-h2sj-x3fg" }, { "vulnerability": "VCID-yr2r-tgv2-gqd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2019.3.0" } ], "aliases": [ "GMS-2018-67" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1n4y-a3m5-13ce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/362113?format=api", "vulnerability_id": "VCID-2xqw-e2f3-pudf", "summary": "Information disclosure in backend content tree menu.", "references": [ { "reference_url": "http://share.ez.no/community-project/security-advisories/ezsa-2017-006-information-disclosure-in-backend-content-tree-menu", "reference_id": "", "reference_type": "", "scores": [], "url": "http://share.ez.no/community-project/security-advisories/ezsa-2017-006-information-disclosure-in-backend-content-tree-menu" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/389454?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2017.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n4y-a3m5-13ce" }, { "vulnerability": "VCID-31vj-v1ax-w3ax" }, { "vulnerability": "VCID-8adf-j2sz-qke2" }, { "vulnerability": "VCID-8g2d-vzzv-3ygm" }, { "vulnerability": "VCID-8pw8-3t56-2yag" }, { "vulnerability": "VCID-95mj-pnx2-gfh6" }, { "vulnerability": "VCID-9uec-kjsb-8ygq" }, { "vulnerability": "VCID-cqdb-wk9t-9ubg" }, { "vulnerability": "VCID-hzh3-v9j1-x7fb" }, { "vulnerability": "VCID-k8yx-97wb-r7af" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.10.0" } ], "aliases": [ "GMS-2017-337" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2xqw-e2f3-pudf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/362327?format=api", "vulnerability_id": "VCID-31vj-v1ax-w3ax", "summary": "Improper Access Control\nPasswordless login for LDAP users", "references": [ { "reference_url": "http://share.ez.no/community-project/security-advisories/ezsa-2018-005-passwordless-login-for-ldap-users", "reference_id": "", "reference_type": "", "scores": [], "url": "http://share.ez.no/community-project/security-advisories/ezsa-2018-005-passwordless-login-for-ldap-users" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31333?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31327?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%2B3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%252B3" }, { "url": "http://public2.vulnerablecode.io/api/packages/433890?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-95mj-pnx2-gfh6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4" } ], "aliases": [ "GMS-2018-65" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-31vj-v1ax-w3ax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211833?format=api", "vulnerability_id": "VCID-7116-t5cw-tqab", "summary": "eZ Publish Information disclosure in backend content tree menu", "references": [ { "reference_url": "https://github.com/ezsystems/ezpublish-legacy", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ezsystems/ezpublish-legacy" }, { "reference_url": "https://github.com/ezsystems/ezpublish-legacy/commit/a4a0470f8d80f012fe14e4f8ab11c7d14375986c", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ezsystems/ezpublish-legacy/commit/a4a0470f8d80f012fe14e4f8ab11c7d14375986c" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/2017-09-11-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/2017-09-11-1.yaml" }, { "reference_url": "http://share.ez.no/community-project/security-advisories/ezsa-2017-006-information-disclosure-in-backend-content-tree-menu", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://share.ez.no/community-project/security-advisories/ezsa-2017-006-information-disclosure-in-backend-content-tree-menu" }, { "reference_url": "https://github.com/advisories/GHSA-cc2j-92jq-wgjg", "reference_id": "GHSA-cc2j-92jq-wgjg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cc2j-92jq-wgjg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31314?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2017.8.1%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.8.1%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/421347?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2017.08.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n4y-a3m5-13ce" }, { "vulnerability": "VCID-31vj-v1ax-w3ax" }, { "vulnerability": "VCID-8adf-j2sz-qke2" }, { "vulnerability": "VCID-8g2d-vzzv-3ygm" }, { "vulnerability": "VCID-8pw8-3t56-2yag" }, { "vulnerability": "VCID-95mj-pnx2-gfh6" }, { "vulnerability": "VCID-9uec-kjsb-8ygq" }, { "vulnerability": "VCID-cqdb-wk9t-9ubg" }, { "vulnerability": "VCID-hzh3-v9j1-x7fb" }, { "vulnerability": "VCID-k8yx-97wb-r7af" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.08.1.1" } ], "aliases": [ "GHSA-cc2j-92jq-wgjg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7116-t5cw-tqab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/362328?format=api", "vulnerability_id": "VCID-8adf-j2sz-qke2", "summary": "EZSA-2018-006 XSS vulnerability in 'disabled module' error template", "references": [ { "reference_url": "http://share.ez.no/community-project/security-advisories/ezsa-2018-006-xss-vulnerability-in-disabled-module-error-template", "reference_id": "", "reference_type": "", "scores": [], "url": "http://share.ez.no/community-project/security-advisories/ezsa-2018-006-xss-vulnerability-in-disabled-module-error-template" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31331?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%252B2" }, { "url": "http://public2.vulnerablecode.io/api/packages/31337?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%2B4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%252B4" }, { "url": "http://public2.vulnerablecode.io/api/packages/433890?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-95mj-pnx2-gfh6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/31345?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2019.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gvfu-agv3-g7cy" }, { "vulnerability": "VCID-mfrx-h2sj-x3fg" }, { "vulnerability": "VCID-yr2r-tgv2-gqd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2019.3.0" } ], "aliases": [ "GMS-2018-66" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8adf-j2sz-qke2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/362280?format=api", "vulnerability_id": "VCID-8pw8-3t56-2yag", "summary": "Cross-site Scripting\nSeveral vulnerabilities in Forgot password, Information collector, XML text, and Matrix field type features", "references": [ { "reference_url": "http://share.ez.no/community-project/security-advisories/ezsa-2018-001-several-vulnerabilities-in-forgot-password-information-collector-xml-text-and-matrix-field-type-features", "reference_id": "", "reference_type": "", "scores": [], "url": "http://share.ez.no/community-project/security-advisories/ezsa-2018-001-several-vulnerabilities-in-forgot-password-information-collector-xml-text-and-matrix-field-type-features" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31320?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2017.12.2%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.2%252B1" } ], "aliases": [ "GMS-2018-64" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8pw8-3t56-2yag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361174?format=api", "vulnerability_id": "VCID-95mj-pnx2-gfh6", "summary": "Content object state fetch functions open to SQL injection\n### Impact\nThis Security Update is about a vulnerability in eZ Publish Legacy. The content object state code could be vulnerable to SQL injection. There is no known exploit, but one might be possible. If you use Legacy in any way, we strongly recommend that you install this update as soon as possible.\n\n### Patches\nThe fix is distributed via Composer, see \"Patched versions\".", "references": [ { "reference_url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2021-005-content-object-state-fetch-functions-open-to-sql-injection", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2021-005-content-object-state-fetch-functions-open-to-sql-injection" }, { "reference_url": "https://github.com/ezsystems/ezpublish-legacy", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ezsystems/ezpublish-legacy" }, { "reference_url": "https://github.com/ezsystems/ezpublish-legacy/commit/f8e3a97afd92efb9148134a4bacb35a875777a42", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ezsystems/ezpublish-legacy/commit/f8e3a97afd92efb9148134a4bacb35a875777a42" }, { "reference_url": "https://github.com/ezsystems/ezpublish-legacy/security/advisories/GHSA-jpwx-ffjq-wr4w", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ezsystems/ezpublish-legacy/security/advisories/GHSA-jpwx-ffjq-wr4w" }, { "reference_url": "https://github.com/advisories/GHSA-jpwx-ffjq-wr4w", "reference_id": "GHSA-jpwx-ffjq-wr4w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jpwx-ffjq-wr4w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382664?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2017.12.7%2B4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.7%252B4" }, { "url": "http://public2.vulnerablecode.io/api/packages/515383?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2017.12.7.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/515391?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2019.03.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2019.03.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/382663?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2019.3.6%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2019.3.6%252B1" } ], "aliases": [ "GHSA-jpwx-ffjq-wr4w", "GMS-2021-112" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-95mj-pnx2-gfh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211834?format=api", "vulnerability_id": "VCID-9uec-kjsb-8ygq", "summary": "eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities", "references": [ { "reference_url": "https://github.com/ezsystems/ezpublish-legacy", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ezsystems/ezpublish-legacy" }, { "reference_url": "https://github.com/ezsystems/ezpublish-legacy/commit/6db0e6b7739481f27d954548388bd3f0ed2c6fdd", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ezsystems/ezpublish-legacy/commit/6db0e6b7739481f27d954548388bd3f0ed2c6fdd" }, { "reference_url": "https://github.com/ezsystems/ezpublish-legacy/commit/917711eb7ffe2b52a3e9fe12505f6810a63696f7", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ezsystems/ezpublish-legacy/commit/917711eb7ffe2b52a3e9fe12505f6810a63696f7" }, { "reference_url": "https://github.com/ezsystems/ezpublish-legacy/commit/efcd2b61b15eaaf74e0ff28d6c723cf28e655dab", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ezsystems/ezpublish-legacy/commit/efcd2b61b15eaaf74e0ff28d6c723cf28e655dab" }, { "reference_url": "https://github.com/ezsystems/ezpublish-legacy/commit/f9ffaf590b63b4f552142cfd4441afbbfb3f19b1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ezsystems/ezpublish-legacy/commit/f9ffaf590b63b4f552142cfd4441afbbfb3f19b1" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/2018-02-26-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/2018-02-26-1.yaml" }, { "reference_url": "https://web.archive.org/web/20210614192631/http://share.ez.no/community-project/security-advisories/ezsa-2018-001-several-vulnerabilities-in-forgot-password-information-collector-xml-text-and-matrix-field-type-features", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210614192631/http://share.ez.no/community-project/security-advisories/ezsa-2018-001-several-vulnerabilities-in-forgot-password-information-collector-xml-text-and-matrix-field-type-features" }, { "reference_url": "https://github.com/advisories/GHSA-82rv-45pc-v28w", "reference_id": "GHSA-82rv-45pc-v28w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-82rv-45pc-v28w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31320?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2017.12.2%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.2%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/433881?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2017.12.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n4y-a3m5-13ce" }, { "vulnerability": "VCID-31vj-v1ax-w3ax" }, { "vulnerability": "VCID-8adf-j2sz-qke2" }, { "vulnerability": "VCID-8g2d-vzzv-3ygm" }, { "vulnerability": "VCID-95mj-pnx2-gfh6" }, { "vulnerability": "VCID-cqdb-wk9t-9ubg" }, { "vulnerability": "VCID-hzh3-v9j1-x7fb" }, { "vulnerability": "VCID-k8yx-97wb-r7af" }, { "vulnerability": "VCID-mfrx-h2sj-x3fg" }, { "vulnerability": "VCID-yr2r-tgv2-gqd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.2.1" } ], "aliases": [ "GHSA-82rv-45pc-v28w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9uec-kjsb-8ygq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211838?format=api", "vulnerability_id": "VCID-cqdb-wk9t-9ubg", "summary": "Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads", "references": [ { "reference_url": "https://github.com/ezsystems/ezplatform/commit/9a0c52dc4535e4b3ce379f80222dc53f705a2cfd", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ezsystems/ezplatform/commit/9a0c52dc4535e4b3ce379f80222dc53f705a2cfd" }, { "reference_url": "https://github.com/ezsystems/ezpublish-legacy", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ezsystems/ezpublish-legacy" }, { "reference_url": "https://github.com/ezsystems/ezpublish-legacy/commit/d21957bf202b091ab39dfb5be300f6c30be3933e", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ezsystems/ezpublish-legacy/commit/d21957bf202b091ab39dfb5be300f6c30be3933e" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/2018-11-21-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/2018-11-21-1.yaml" }, { "reference_url": "http://share.ez.no/community-project/security-advisories/ezsa-2018-009-do-not-interpret-php-phar-uploads", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://share.ez.no/community-project/security-advisories/ezsa-2018-009-do-not-interpret-php-phar-uploads" }, { "reference_url": "https://web.archive.org/web/20210614192208/https://share.ez.no/community-project/security-advisories/ezsa-2018-009-do-not-interpret-php-phar-uploads", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210614192208/https://share.ez.no/community-project/security-advisories/ezsa-2018-009-do-not-interpret-php-phar-uploads" }, { "reference_url": "https://github.com/advisories/GHSA-pqjm-xcp8-wgmm", "reference_id": "GHSA-pqjm-xcp8-wgmm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pqjm-xcp8-wgmm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31341?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%252B3" }, { "url": "http://public2.vulnerablecode.io/api/packages/456055?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2017.12.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8g2d-vzzv-3ygm" }, { "vulnerability": "VCID-95mj-pnx2-gfh6" }, { "vulnerability": "VCID-mfrx-h2sj-x3fg" }, { "vulnerability": "VCID-yr2r-tgv2-gqd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/31337?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%2B4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%252B4" }, { "url": "http://public2.vulnerablecode.io/api/packages/433890?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-95mj-pnx2-gfh6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/31340?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2018.9.1%2B3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.9.1%252B3" }, { "url": "http://public2.vulnerablecode.io/api/packages/515384?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2018.09.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-95mj-pnx2-gfh6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.09.1.3" } ], "aliases": [ "GHSA-pqjm-xcp8-wgmm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cqdb-wk9t-9ubg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288989?format=api", "vulnerability_id": "VCID-fp81-5fw4-vuda", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000431", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.5294", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.53069", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.53084", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.53066", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000431" }, { "reference_url": "https://github.com/ezsystems/ezpublish-legacy/commit/c7174295fa0b9bd81bd4af908082464b0b80f278", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ezsystems/ezpublish-legacy/commit/c7174295fa0b9bd81bd4af908082464b0b80f278" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/CVE-2017-1000431.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/CVE-2017-1000431.yaml" }, { "reference_url": "http://share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000431", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000431" }, { "reference_url": "https://web.archive.org/web/20210408035246/http://share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210408035246/http://share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search" }, { "reference_url": "https://github.com/advisories/GHSA-m98q-p5gq-q5ff", "reference_id": "GHSA-m98q-p5gq-q5ff", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m98q-p5gq-q5ff" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/389461?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2017.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f584-5rr3-xyh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/417097?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2017.08.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n4y-a3m5-13ce" }, { "vulnerability": "VCID-2xqw-e2f3-pudf" }, { "vulnerability": "VCID-31vj-v1ax-w3ax" }, { "vulnerability": "VCID-7116-t5cw-tqab" }, { "vulnerability": "VCID-8adf-j2sz-qke2" }, { "vulnerability": "VCID-8g2d-vzzv-3ygm" }, { "vulnerability": "VCID-8pw8-3t56-2yag" }, { "vulnerability": "VCID-95mj-pnx2-gfh6" }, { "vulnerability": "VCID-9uec-kjsb-8ygq" }, { "vulnerability": "VCID-cqdb-wk9t-9ubg" }, { "vulnerability": "VCID-f584-5rr3-xyh5" }, { "vulnerability": "VCID-hzh3-v9j1-x7fb" }, { "vulnerability": "VCID-k8yx-97wb-r7af" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.08.0" } ], "aliases": [ "CVE-2017-1000431", "GHSA-m98q-p5gq-q5ff" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fp81-5fw4-vuda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211837?format=api", "vulnerability_id": "VCID-hzh3-v9j1-x7fb", "summary": "eZ Publish Legacy Passwordless login for LDAP users", "references": [ { "reference_url": "https://github.com/ezsystems/ezpublish-legacy", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ezsystems/ezpublish-legacy" }, { "reference_url": "https://github.com/ezsystems/ezpublish-legacy/commit/01930a95637389301f762be1439f726013e58aba", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ezsystems/ezpublish-legacy/commit/01930a95637389301f762be1439f726013e58aba" }, { "reference_url": "https://github.com/ezsystems/ezpublish-legacy/pull/1394", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ezsystems/ezpublish-legacy/pull/1394" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/2018-10-31-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/2018-10-31-1.yaml" }, { "reference_url": "https://issues.ibexa.co/browse/EZP-29703", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.ibexa.co/browse/EZP-29703" }, { "reference_url": "https://web.archive.org/web/20201027063527/https://magento.com/security/news/new-zend-framework-1-security-vulnerability", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201027063527/https://magento.com/security/news/new-zend-framework-1-security-vulnerability" }, { "reference_url": "https://web.archive.org/web/20210614184552/https://share.ez.no/community-project/security-advisories/ezsa-2018-005-passwordless-login-for-ldap-users", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210614184552/https://share.ez.no/community-project/security-advisories/ezsa-2018-005-passwordless-login-for-ldap-users" }, { "reference_url": "https://github.com/advisories/GHSA-p9mp-vq4v-v5m5", "reference_id": "GHSA-p9mp-vq4v-v5m5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p9mp-vq4v-v5m5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31333?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/433896?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2017.12.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n4y-a3m5-13ce" }, { "vulnerability": "VCID-8adf-j2sz-qke2" }, { "vulnerability": "VCID-8g2d-vzzv-3ygm" }, { "vulnerability": "VCID-95mj-pnx2-gfh6" }, { "vulnerability": "VCID-cqdb-wk9t-9ubg" }, { "vulnerability": "VCID-k8yx-97wb-r7af" }, { "vulnerability": "VCID-mfrx-h2sj-x3fg" }, { "vulnerability": "VCID-yr2r-tgv2-gqd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31332?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%2B2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%252B2" }, { "url": "http://public2.vulnerablecode.io/api/packages/433897?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n4y-a3m5-13ce" }, { "vulnerability": "VCID-8adf-j2sz-qke2" }, { "vulnerability": "VCID-95mj-pnx2-gfh6" }, { "vulnerability": "VCID-cqdb-wk9t-9ubg" }, { "vulnerability": "VCID-k8yx-97wb-r7af" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/31335?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2018.9.1%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.9.1%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/433898?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2018.09.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n4y-a3m5-13ce" }, { "vulnerability": "VCID-8adf-j2sz-qke2" }, { "vulnerability": "VCID-95mj-pnx2-gfh6" }, { "vulnerability": "VCID-cqdb-wk9t-9ubg" }, { "vulnerability": "VCID-k8yx-97wb-r7af" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.09.1.1" } ], "aliases": [ "GHSA-p9mp-vq4v-v5m5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hzh3-v9j1-x7fb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211836?format=api", "vulnerability_id": "VCID-k8yx-97wb-r7af", "summary": "eZ Publish Legacy Cross-site Scripting (XSS) in 'disabled module' error template", "references": [ { "reference_url": "https://github.com/ezsystems/ezpublish-legacy", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ezsystems/ezpublish-legacy" }, { "reference_url": "https://github.com/ezsystems/ezpublish-legacy/commit/4697bff700e8cf95d5847ea19dad3479a77b02d9", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ezsystems/ezpublish-legacy/commit/4697bff700e8cf95d5847ea19dad3479a77b02d9" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/2018-11-01-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/2018-11-01-1.yaml" }, { "reference_url": "http://share.ez.no/community-project/security-advisories/ezsa-2018-006-xss-vulnerability-in-disabled-module-error-template", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://share.ez.no/community-project/security-advisories/ezsa-2018-006-xss-vulnerability-in-disabled-module-error-template" }, { "reference_url": "https://web.archive.org/web/20210614172734/http://share.ez.no/community-project/security-advisories/ezsa-2018-006-xss-vulnerability-in-disabled-module-error-template", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210614172734/http://share.ez.no/community-project/security-advisories/ezsa-2018-006-xss-vulnerability-in-disabled-module-error-template" }, { "reference_url": "https://github.com/advisories/GHSA-2vh3-cj9j-mcj5", "reference_id": "GHSA-2vh3-cj9j-mcj5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2vh3-cj9j-mcj5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31331?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%252B2" }, { "url": "http://public2.vulnerablecode.io/api/packages/434429?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2017.12.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n4y-a3m5-13ce" }, { "vulnerability": "VCID-8g2d-vzzv-3ygm" }, { "vulnerability": "VCID-95mj-pnx2-gfh6" }, { "vulnerability": "VCID-cqdb-wk9t-9ubg" }, { "vulnerability": "VCID-mfrx-h2sj-x3fg" }, { "vulnerability": "VCID-yr2r-tgv2-gqd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/31327?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%2B3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%252B3" }, { "url": "http://public2.vulnerablecode.io/api/packages/434430?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n4y-a3m5-13ce" }, { "vulnerability": "VCID-95mj-pnx2-gfh6" }, { "vulnerability": "VCID-cqdb-wk9t-9ubg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/31330?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2018.9.1%2B2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.9.1%252B2" }, { "url": "http://public2.vulnerablecode.io/api/packages/434431?format=api", "purl": "pkg:composer/ezsystems/ezpublish-legacy@2018.09.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n4y-a3m5-13ce" }, { "vulnerability": "VCID-95mj-pnx2-gfh6" }, { "vulnerability": "VCID-cqdb-wk9t-9ubg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.09.1.2" } ], "aliases": [ "GHSA-2vh3-cj9j-mcj5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k8yx-97wb-r7af" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2014.05.1" }