Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/65020?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/65020?format=api", "purl": "pkg:maven/com.jflyfox/jflyfox_jfinal@5.1.0", "type": "maven", "namespace": "com.jflyfox", "name": "jflyfox_jfinal", "version": "5.1.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45083?format=api", "vulnerability_id": "VCID-db1h-6hd1-8fg1", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nJFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function.", "references": [ { "reference_url": "https://github.com/jflyfox/jfinal_cms/issues/54", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jflyfox/jfinal_cms/issues/54" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30349", "reference_id": "CVE-2023-30349", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30349" }, { "reference_url": "https://github.com/advisories/GHSA-8qhm-ch8h-xgjr", "reference_id": "GHSA-8qhm-ch8h-xgjr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8qhm-ch8h-xgjr" } ], "fixed_packages": [], "aliases": [ "CVE-2023-30349", "GHSA-8qhm-ch8h-xgjr" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-db1h-6hd1-8fg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45089?format=api", "vulnerability_id": "VCID-qwtz-y24w-bybw", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nCommand execution vulnerability in the ActionEnter Class ins jfinal CMS version 5.1.0 allows attackers to execute arbitrary code via a created json file to the ueditor route.", "references": [ { "reference_url": "https://github.com/jflyfox/jfinal_cms/issues/54", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jflyfox/jfinal_cms/issues/54" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26812", "reference_id": "CVE-2023-26812", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26812" }, { "reference_url": "https://github.com/advisories/GHSA-gh24-c683-79r2", "reference_id": "GHSA-gh24-c683-79r2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gh24-c683-79r2" } ], "fixed_packages": [], "aliases": [ "CVE-2023-26812", "GHSA-gh24-c683-79r2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qwtz-y24w-bybw" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.jflyfox/jflyfox_jfinal@5.1.0" }