{"url":"http://public2.vulnerablecode.io/api/packages/421061?format=json","purl":"pkg:composer/propel/propel1@1.6.2","type":"composer","namespace":"propel","name":"propel1","version":"1.6.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.7.2","latest_non_vulnerable_version":"1.7.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/362268?format=json","vulnerability_id":"VCID-81w1-k6yj-cke2","summary":"SQL injection with limit() on MySQL\nThe `limit()` query method is vulnerable to SQL injection with MySQL.","references":[{"reference_url":"https://github.com/propelorm/Propel/issues/1052","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/propelorm/Propel/issues/1052"},{"reference_url":"https://github.com/propelorm/Propel/pull/1054","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/propelorm/Propel/pull/1054"}],"fixed_packages":[],"aliases":["GMS-2018-13"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-81w1-k6yj-cke2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/362275?format=json","vulnerability_id":"VCID-ex8h-as5w-87bv","summary":"SQL Injection\nSQL injection possible with `limit()` on MySQL.","references":[{"reference_url":"https://github.com/propelorm/Propel/issues/1052","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/propelorm/Propel/issues/1052"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31517?format=json","purl":"pkg:composer/propel/propel1@1.7.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/propel/propel1@1.7.2"}],"aliases":["GMS-2018-74"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ex8h-as5w-87bv"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/propel/propel1@1.6.2"}