{"url":"http://public2.vulnerablecode.io/api/packages/57382?format=json","purl":"pkg:maven/org.vivoweb/vitro-project@1.11.0","type":"maven","namespace":"org.vivoweb","name":"vitro-project","version":"1.11.0","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.11.0","latest_non_vulnerable_version":"1.11.0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40648?format=json","vulnerability_id":"VCID-d7bu-anc7-wybe","summary":"Improper Input Validation\nSPARQL Injection in VIVO Vitro allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of `FILTER%20regex` in a `/individual?uri=` request.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6986","reference_id":"CVE-2019-6986","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6986"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57382?format=json","purl":"pkg:maven/org.vivoweb/vitro-project@1.11.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.vivoweb/vitro-project@1.11.0"}],"aliases":["CVE-2019-6986"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d7bu-anc7-wybe"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.vivoweb/vitro-project@1.11.0"}