{"url":"http://public2.vulnerablecode.io/api/packages/62699?format=json","purl":"pkg:composer/mantisbt/mantisbt@1.3.0-rc.2","type":"composer","namespace":"mantisbt","name":"mantisbt","version":"1.3.0-rc.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.3.9","latest_non_vulnerable_version":"2.27.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43675?format=json","vulnerability_id":"VCID-f6up-847f-duef","summary":"MantisBT allows arbitrary password reset\nMantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.","references":[{"reference_url":"https://github.com/mantisbt/mantisbt","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mantisbt/mantisbt"},{"reference_url":"https://mantisbt.org/bugs/view.php?id=22690","reference_id":"","reference_type":"","scores":[],"url":"https://mantisbt.org/bugs/view.php?id=22690"},{"reference_url":"https://www.exploit-db.com/exploits/41890","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/41890"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7615","reference_id":"CVE-2017-7615","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7615"},{"reference_url":"https://github.com/advisories/GHSA-252r-f55f-ff34","reference_id":"GHSA-252r-f55f-ff34","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-252r-f55f-ff34"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62702?format=json","purl":"pkg:composer/mantisbt/mantisbt@1.3.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@1.3.10"},{"url":"http://public2.vulnerablecode.io/api/packages/62703?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.2.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/62704?format=json","purl":"pkg:composer/mantisbt/mantisbt@2.3.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.3.1"}],"aliases":["CVE-2017-7615","GHSA-252r-f55f-ff34"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f6up-847f-duef"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@1.3.0-rc.2"}