{"url":"http://public2.vulnerablecode.io/api/packages/54075?format=json","purl":"pkg:composer/ezsystems/ezpublish-legacy@2017.8.0","type":"composer","namespace":"ezsystems","name":"ezpublish-legacy","version":"2017.8.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2017.12.7.4","latest_non_vulnerable_version":"2019.03.6","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38830?format=json","vulnerability_id":"VCID-mcch-nd3r-1kee","summary":"Information disclosure in backend content tree menu\nIf a view has been disabled in site.ini `SiteAccessRules` Rules, and an attacker accesses the backend with the URL to this module, then the tree menu may be displayed. Since the tree menu may contain hidden items, this may lead to information disclosure.","references":[{"reference_url":"https://github.com/ezsystems/ezpublish-legacy/commit/a4a0470f8d80f012fe14e4f8ab11c7d14375986c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ezsystems/ezpublish-legacy/commit/a4a0470f8d80f012fe14e4f8ab11c7d14375986c"},{"reference_url":"http://share.ez.no/community-project/security-advisories/ezsa-2017-006-information-disclosure-in-backend-content-tree-menu","reference_id":"","reference_type":"","scores":[],"url":"http://share.ez.no/community-project/security-advisories/ezsa-2017-006-information-disclosure-in-backend-content-tree-menu"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54076?format=json","purl":"pkg:composer/ezsystems/ezpublish-legacy@2017.8.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/212937?format=json","purl":"pkg:composer/ezsystems/ezpublish-legacy@2017.08.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-ruwv-rqgr"},{"vulnerability":"VCID-2975-xhf4-ckcj"},{"vulnerability":"VCID-29ju-364n-qkch"},{"vulnerability":"VCID-2adj-kpzr-eycv"},{"vulnerability":"VCID-a651-ayct-2fa1"},{"vulnerability":"VCID-bmkb-zcyd-6kdk"},{"vulnerability":"VCID-eaqz-xw6f-6yeb"},{"vulnerability":"VCID-f41r-p9hu-hyhx"},{"vulnerability":"VCID-gnad-89bk-x7cq"},{"vulnerability":"VCID-rkq7-5cdy-k7d8"},{"vulnerability":"VCID-ufw5-emg4-cqd6"},{"vulnerability":"VCID-ukn1-91je-x7hw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.08.1"}],"aliases":["EZSA-2017-006"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mcch-nd3r-1kee"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.8.0"}