{"url":"http://public2.vulnerablecode.io/api/packages/66825?format=json","purl":"pkg:npm/buttercup@2.20.3","type":"npm","namespace":"","name":"buttercup","version":"2.20.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"7.4.0","latest_non_vulnerable_version":"7.4.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45984?format=json","vulnerability_id":"VCID-w4dd-y1ur-zqfe","summary":"Use of Password Hash With Insufficient Computational Effort\nButtercup v2.20.3 allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/","references":[{"reference_url":"https://buttercup.pw/","reference_id":"","reference_type":"","scores":[],"url":"https://buttercup.pw/"},{"reference_url":"https://github.com/buttercup/buttercup-core/commit/77fbcdfe4caf57486a3c83c07fc6d36bb0e1d3e1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/buttercup/buttercup-core/commit/77fbcdfe4caf57486a3c83c07fc6d36bb0e1d3e1"},{"reference_url":"https://github.com/buttercup/buttercup-core/issues/336","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/buttercup/buttercup-core/issues/336"},{"reference_url":"https://github.com/tristao-marinho/CVE-2023-41646/","reference_id":"CVE-2023-41646","reference_type":"","scores":[],"url":"https://github.com/tristao-marinho/CVE-2023-41646/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41646","reference_id":"CVE-2023-41646","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41646"},{"reference_url":"https://github.com/advisories/GHSA-7cwq-p8cr-h9qg","reference_id":"GHSA-7cwq-p8cr-h9qg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7cwq-p8cr-h9qg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66826?format=json","purl":"pkg:npm/buttercup@7.4.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/buttercup@7.4.0"}],"aliases":["CVE-2023-41646","GHSA-7cwq-p8cr-h9qg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w4dd-y1ur-zqfe"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/buttercup@2.20.3"}