Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/566668?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/566668?format=api", "purl": "pkg:npm/%40podium/proxy@4.0.0-next", "type": "npm", "namespace": "@podium", "name": "proxy", "version": "4.0.0-next", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.2.74", "latest_non_vulnerable_version": "4.2.74", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42863?format=api", "vulnerability_id": "VCID-dv2c-vqwx-b7bf", "summary": "Uncaught Exception\nPodium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a podlet server. In @podium/layout prior to version 4.6.110 and @podium/proxy prior to version 4.2.74, an attacker using the `Trailer` header as part of the request against proxy endpoints has the ability to take down the server. All Podium layouts that include podlets with proxy endpoints are affected. `@podium/layout`, which is the main way developers/users is vulnerable to this exploit, has been patched in version `4.6.110`. All earlier versions is vulnerable.`@podium/proxy`, which is the source of the vulnerability and is used by `@podium/layout` has been patched in version `4.2.74`. All earlier versions is vulnerable. It is not easily possible to work around this issue without upgrading.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24822", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00834", "scoring_system": "epss", "scoring_elements": "0.75004", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00834", "scoring_system": "epss", "scoring_elements": "0.75008", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00834", "scoring_system": "epss", "scoring_elements": "0.74981", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00834", "scoring_system": "epss", "scoring_elements": "0.74996", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00834", "scoring_system": "epss", "scoring_elements": "0.74971", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00834", "scoring_system": "epss", "scoring_elements": "0.74999", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24822" }, { "reference_url": "https://github.com/podium-lib/layout/commit/fe43e655432b0a5f07b6475f67babcc2588fb039", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/podium-lib/layout/commit/fe43e655432b0a5f07b6475f67babcc2588fb039" }, { "reference_url": "https://github.com/podium-lib/layout/releases/tag/v4.6.110", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/podium-lib/layout/releases/tag/v4.6.110" }, { "reference_url": "https://github.com/podium-lib/proxy/commit/9698a40df081217ce142d4de71f929baaa339cdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/podium-lib/proxy/commit/9698a40df081217ce142d4de71f929baaa339cdf" }, { "reference_url": "https://github.com/podium-lib/proxy/releases/tag/v4.2.74", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/podium-lib/proxy/releases/tag/v4.2.74" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24822", "reference_id": "CVE-2022-24822", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24822" }, { "reference_url": "https://github.com/advisories/GHSA-3hjg-vc7r-rcrw", "reference_id": "GHSA-3hjg-vc7r-rcrw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3hjg-vc7r-rcrw" }, { "reference_url": "https://github.com/podium-lib/proxy/security/advisories/GHSA-3hjg-vc7r-rcrw", "reference_id": "GHSA-3hjg-vc7r-rcrw", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/podium-lib/proxy/security/advisories/GHSA-3hjg-vc7r-rcrw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61284?format=api", "purl": "pkg:npm/%40podium/proxy@4.2.74", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540podium/proxy@4.2.74" } ], "aliases": [ "CVE-2022-24822", "GHSA-3hjg-vc7r-rcrw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dv2c-vqwx-b7bf" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540podium/proxy@4.0.0-next" }