{"url":"http://public2.vulnerablecode.io/api/packages/59471?format=json","purl":"pkg:maven/com.vaadin/vaadin-bom@14.4.5","type":"maven","namespace":"com.vaadin","name":"vaadin-bom","version":"14.4.5","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"14.6.8","latest_non_vulnerable_version":"20.0.6","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41659?format=json","vulnerability_id":"VCID-9wm5-kz4z-g7hg","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMissing output sanitization in test sources in vaadin-menu-bar allows remote attackers to execute malicious JavaScript in browser by opening crafted URL","references":[{"reference_url":"https://github.com/vaadin/vaadin-menu-bar/pull/126","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/vaadin/vaadin-menu-bar/pull/126"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33611","reference_id":"CVE-2021-33611","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33611"},{"reference_url":"https://vaadin.com/security/cve-2021-33611","reference_id":"CVE-2021-33611","reference_type":"","scores":[],"url":"https://vaadin.com/security/cve-2021-33611"},{"reference_url":"https://github.com/advisories/GHSA-93c4-vf86-3rj7","reference_id":"GHSA-93c4-vf86-3rj7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-93c4-vf86-3rj7"},{"reference_url":"https://github.com/vaadin/platform/security/advisories/GHSA-93c4-vf86-3rj7","reference_id":"GHSA-93c4-vf86-3rj7","reference_type":"","scores":[],"url":"https://github.com/vaadin/platform/security/advisories/GHSA-93c4-vf86-3rj7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59471?format=json","purl":"pkg:maven/com.vaadin/vaadin-bom@14.4.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@14.4.5"}],"aliases":["CVE-2021-33611","GHSA-93c4-vf86-3rj7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9wm5-kz4z-g7hg"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@14.4.5"}