Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/573756?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/573756?format=api", "purl": "pkg:npm/acorn@5.7.3", "type": "npm", "namespace": "", "name": "acorn", "version": "5.7.3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.7.4", "latest_non_vulnerable_version": "7.1.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32454?format=api", "vulnerability_id": "VCID-9eyp-2a6k-xya4", "summary": "Regular Expression Denial of Service in Acorn\nAffected versions of acorn are vulnerable to Regular Expression Denial of Service.\nA regex in the form of /[x-\\ud800]/u causes the parser to enter an infinite loop.\nThe string is not valid UTF16 which usually results in it being sanitized before reaching the parser.\nIf an application processes untrusted input and passes it directly to acorn,\nattackers may leverage the vulnerability leading to Denial of Service.", "references": [ { "reference_url": "https://github.com/acornjs/acorn/commit/793c0e569ed1158672e3a40aeed1d8518832b802", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/acornjs/acorn/commit/793c0e569ed1158672e3a40aeed1d8518832b802" }, { "reference_url": "https://github.com/acornjs/acorn/issues/929", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/acornjs/acorn/issues/929" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-ACORN-559469", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-ACORN-559469" }, { "reference_url": "https://www.npmjs.com/advisories/1488", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1488" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72702?format=api", "purl": "pkg:npm/acorn@5.7.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/acorn@5.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/72703?format=api", "purl": "pkg:npm/acorn@6.4.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/acorn@6.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/72704?format=api", "purl": "pkg:npm/acorn@7.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/acorn@7.1.1" } ], "aliases": [ "GHSA-6chw-6frg-f759", "GMS-2020-702" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9eyp-2a6k-xya4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266976?format=api", "vulnerability_id": "VCID-znj9-9zem-s3c9", "summary": "Regular Expression Denial of Service\nA regex in the form of `/[x-\\ud800]/u` causes the parser to enter an infinite loop. The string is not valid UTF16 which usually results in it being sanitized before reaching the parser.", "references": [ { "reference_url": "https://github.com/acornjs/acorn/commit/793c0e569ed1158672e3a40aeed1d8518832b802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/acornjs/acorn/commit/793c0e569ed1158672e3a40aeed1d8518832b802" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-ACORN-559469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://snyk.io/vuln/SNYK-JS-ACORN-559469" }, { "reference_url": "https://www.npmjs.com/advisories/1488", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.npmjs.com/advisories/1488" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72702?format=api", "purl": "pkg:npm/acorn@5.7.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/acorn@5.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/72703?format=api", "purl": "pkg:npm/acorn@6.4.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/acorn@6.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/72704?format=api", "purl": "pkg:npm/acorn@7.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/acorn@7.1.1" } ], "aliases": [ "GMS-2020-1" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-znj9-9zem-s3c9" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/acorn@5.7.3" }