Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/60282?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/60282?format=api", "purl": "pkg:maven/org.jeecgframework.boot/jeecg-boot-base-core@3.0", "type": "maven", "namespace": "org.jeecgframework.boot", "name": "jeecg-boot-base-core", "version": "3.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42464?format=api", "vulnerability_id": "VCID-dpjn-dvav-3bfc", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nJeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId.", "references": [ { "reference_url": "https://github.com/jeecgboot/jeecg-boot/issues/3347", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jeecgboot/jeecg-boot/issues/3347" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22880", "reference_id": "CVE-2022-22880", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22880" }, { "reference_url": "https://github.com/advisories/GHSA-vh2r-x97c-2vpr", "reference_id": "GHSA-vh2r-x97c-2vpr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vh2r-x97c-2vpr" } ], "fixed_packages": [], "aliases": [ "CVE-2022-22880", "GHSA-vh2r-x97c-2vpr" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dpjn-dvav-3bfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42187?format=api", "vulnerability_id": "VCID-qa9c-u811-4ubr", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nIn JeecgBoot, there is a SQL injection vulnerability that can operate the database with root privileges.", "references": [ { "reference_url": "https://github.com/jeecgboot/jeecg-boot/commit/baefc1338dd03de36384ce7d5846b08041b488d0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jeecgboot/jeecg-boot/commit/baefc1338dd03de36384ce7d5846b08041b488d0" }, { "reference_url": "https://github.com/jeecgboot/jeecg-boot/issues/3331", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jeecgboot/jeecg-boot/issues/3331" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46089", "reference_id": "CVE-2021-46089", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46089" }, { "reference_url": "https://github.com/advisories/GHSA-26hm-r6mg-963c", "reference_id": "GHSA-26hm-r6mg-963c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-26hm-r6mg-963c" } ], "fixed_packages": [], "aliases": [ "CVE-2021-46089", "GHSA-26hm-r6mg-963c" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qa9c-u811-4ubr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42616?format=api", "vulnerability_id": "VCID-rk8c-7esa-rkca", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.", "references": [ { "reference_url": "https://github.com/jeecgboot/jeecg-boot/issues/3223", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jeecgboot/jeecg-boot/issues/3223" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44585", "reference_id": "CVE-2021-44585", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44585" }, { "reference_url": "https://github.com/advisories/GHSA-q448-6c3m-cxmj", "reference_id": "GHSA-q448-6c3m-cxmj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-q448-6c3m-cxmj" } ], "fixed_packages": [], "aliases": [ "CVE-2021-44585", "GHSA-q448-6c3m-cxmj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rk8c-7esa-rkca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42470?format=api", "vulnerability_id": "VCID-s73y-ynwt-3bfe", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nJeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData.", "references": [ { "reference_url": "https://github.com/jeecgboot/jeecg-boot/issues/3348", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jeecgboot/jeecg-boot/issues/3348" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22881", "reference_id": "CVE-2022-22881", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22881" }, { "reference_url": "https://github.com/advisories/GHSA-f9pg-g9xw-r5g2", "reference_id": "GHSA-f9pg-g9xw-r5g2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f9pg-g9xw-r5g2" } ], "fixed_packages": [], "aliases": [ "CVE-2022-22881", "GHSA-f9pg-g9xw-r5g2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s73y-ynwt-3bfe" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jeecgframework.boot/jeecg-boot-base-core@3.0" }