Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/54048?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/54048?format=api", "purl": "pkg:composer/typo3/cms@8.7.5", "type": "composer", "namespace": "typo3", "name": "cms", "version": "8.7.5", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "8.7.11", "latest_non_vulnerable_version": "12.2.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38807?format=api", "vulnerability_id": "VCID-e564-zdku-9fc6", "summary": "Information Disclosure\nHTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called endpoint.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-006/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-006/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54049?format=api", "purl": "pkg:composer/typo3/cms@7.6.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/54048?format=api", "purl": "pkg:composer/typo3/cms@8.7.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5" } ], "aliases": [ "TYPO3-CORE-SA-2017-006" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e564-zdku-9fc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38829?format=api", "vulnerability_id": "VCID-h7cg-64er-uya9", "summary": "Unrestricted Upload of File with Dangerous Type\nUnrestricted File Upload vulnerability in the `fileDenyPattern` in `sysext/core/Classes/Core/SystemEnvironmentBuilder`.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/" }, { "reference_url": "http://www.securityfocus.com/bid/100620", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100620" }, { "reference_url": "http://www.securitytracker.com/id/1039295", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039295" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14251", "reference_id": "CVE-2017-14251", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14251" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54049?format=api", "purl": "pkg:composer/typo3/cms@7.6.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/54048?format=api", "purl": "pkg:composer/typo3/cms@8.7.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5" } ], "aliases": [ "CVE-2017-14251" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h7cg-64er-uya9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38806?format=api", "vulnerability_id": "VCID-jqe4-8hzb-mfea", "summary": "Arbitrary Code Execution\nDue to a missing file extension in the `fileDenyPattern`, backend user are allowed to upload *.pht files which can be executed in certain web server setups.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54049?format=api", "purl": "pkg:composer/typo3/cms@7.6.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/54048?format=api", "purl": "pkg:composer/typo3/cms@8.7.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5" } ], "aliases": [ "TYPO3-CORE-SA-2017-007" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jqe4-8hzb-mfea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38810?format=api", "vulnerability_id": "VCID-mctp-nf36-7qdn", "summary": "Information Disclosure\nFailing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-005/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54049?format=api", "purl": "pkg:composer/typo3/cms@7.6.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/54048?format=api", "purl": "pkg:composer/typo3/cms@8.7.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5" } ], "aliases": [ "TYPO3-CORE-SA-2017-005" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mctp-nf36-7qdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38804?format=api", "vulnerability_id": "VCID-wy45-2gmr-fkfg", "summary": "XSS Vulnerability\nFailing to properly encode user input, backend forms are vulnerable to Cross-Site Scripting. A valid backend user account is needed to exploit this vulnerability.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-004/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54048?format=api", "purl": "pkg:composer/typo3/cms@8.7.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5" } ], "aliases": [ "TYPO3-CORE-SA-2017-004" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wy45-2gmr-fkfg" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5" }