{"url":"http://public2.vulnerablecode.io/api/packages/56791?format=json","purl":"pkg:maven/com.orientechnologies/orientdb-studio@2.1.0","type":"maven","namespace":"com.orientechnologies","name":"orientdb-studio","version":"2.1.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.1.1","latest_non_vulnerable_version":"2.1.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40354?format=json","vulnerability_id":"VCID-m9dw-fhtn-dffn","summary":"Improper Input Validation\nThe Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2918","reference_id":"CVE-2015-2918","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2918"},{"reference_url":"https://github.com/advisories/GHSA-g4gg-9f62-jfph","reference_id":"GHSA-g4gg-9f62-jfph","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g4gg-9f62-jfph"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56793?format=json","purl":"pkg:maven/com.orientechnologies/orientdb-studio@2.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.orientechnologies/orientdb-studio@2.1.1"}],"aliases":["CVE-2015-2918","GHSA-g4gg-9f62-jfph"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m9dw-fhtn-dffn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40372?format=json","vulnerability_id":"VCID-xs9z-avgh-t3by","summary":"Cross-Site Request Forgery (CSRF)\nThe JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request.","references":[{"reference_url":"https://github.com/orientechnologies/orientdb/issues/4824","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/orientechnologies/orientdb/issues/4824"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2912","reference_id":"CVE-2015-2912","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2912"},{"reference_url":"https://github.com/advisories/GHSA-p8ww-vv84-c2rm","reference_id":"GHSA-p8ww-vv84-c2rm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p8ww-vv84-c2rm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56793?format=json","purl":"pkg:maven/com.orientechnologies/orientdb-studio@2.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.orientechnologies/orientdb-studio@2.1.1"}],"aliases":["CVE-2015-2912","GHSA-p8ww-vv84-c2rm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xs9z-avgh-t3by"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.orientechnologies/orientdb-studio@2.1.0"}