Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/68539?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/68539?format=api", "purl": "pkg:composer/bagisto/bagisto@1.3.2", "type": "composer", "namespace": "bagisto", "name": "bagisto", "version": "1.3.2", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.1.0", "latest_non_vulnerable_version": "2.3.10", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47251?format=api", "vulnerability_id": "VCID-2qau-g8vu-7qee", "summary": "Bagisto vulnerable to Insecure Direct Object Reference (IDOR)\nInsecure Direct Object Reference (IDOR) in Bagisto v.1.5.0 allows an attacker to obtain sensitive information via the invoice ID parameter.", "references": [ { "reference_url": "https://github.com/bagisto/bagisto", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/bagisto/bagisto" }, { "reference_url": "https://github.com/bagisto/bagisto/commit/2a24098cb582e072c87177e0ad17be45f240ad17", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/bagisto/bagisto/commit/2a24098cb582e072c87177e0ad17be45f240ad17" }, { "reference_url": "https://github.com/bagisto/bagisto/pull/4697", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/bagisto/bagisto/pull/4697" }, { "reference_url": "https://github.com/Ek-Saini/security/blob/main/IDOR-Bagisto", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/Ek-Saini/security/blob/main/IDOR-Bagisto" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36238", "reference_id": "CVE-2023-36238", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36238" }, { "reference_url": "https://github.com/advisories/GHSA-pmc7-hmmw-g96q", "reference_id": "GHSA-pmc7-hmmw-g96q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pmc7-hmmw-g96q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68539?format=api", "purl": "pkg:composer/bagisto/bagisto@1.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/bagisto/bagisto@1.3.2" } ], "aliases": [ "CVE-2023-36238", "GHSA-pmc7-hmmw-g96q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2qau-g8vu-7qee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47132?format=api", "vulnerability_id": "VCID-9gse-2aq9-eyab", "summary": "Bagisto Cross-Site Request Forgery vulnerability\nCross Site Request Forgery vulnerability in Bagisto before v.1.3.2 allows an attacker to execute arbitrary code via a crafted HTML script.", "references": [ { "reference_url": "https://github.com/bagisto/bagisto", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/bagisto/bagisto" }, { "reference_url": "https://github.com/bagisto/bagisto/commit/265aa14db1490005fa4e0d6fe714835abb689813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/bagisto/bagisto/commit/265aa14db1490005fa4e0d6fe714835abb689813" }, { "reference_url": "https://github.com/bagisto/bagisto/commits/v1.3.2/?after=2dbb988388bc480af4bc8e880caed500772cfbc7+139", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/bagisto/bagisto/commits/v1.3.2/?after=2dbb988388bc480af4bc8e880caed500772cfbc7+139" }, { "reference_url": "https://github.com/Ek-Saini/security/blob/main/CSRF-Bagisto", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/Ek-Saini/security/blob/main/CSRF-Bagisto" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36237", "reference_id": "CVE-2023-36237", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36237" }, { "reference_url": "https://github.com/advisories/GHSA-7p7q-fjfw-v3gf", "reference_id": "GHSA-7p7q-fjfw-v3gf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7p7q-fjfw-v3gf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68539?format=api", "purl": "pkg:composer/bagisto/bagisto@1.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/bagisto/bagisto@1.3.2" } ], "aliases": [ "CVE-2023-36237", "GHSA-7p7q-fjfw-v3gf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9gse-2aq9-eyab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46842?format=api", "vulnerability_id": "VCID-v3xa-jemf-p7dc", "summary": "Cross-site Scripting in Bagisto\nCross Site Scripting vulnerability in webkil Bagisto v1.3.1 and before allows an attacker to execute arbitrary code via a crafted SVG file uplad.", "references": [ { "reference_url": "https://bagisto.com/en", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bagisto.com/en" }, { "reference_url": "https://github.com/bagisto/bagisto/commit/7bbf0c4bb565fc2601f031f9bbcdfa06e24dbd45", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/bagisto/bagisto/commit/7bbf0c4bb565fc2601f031f9bbcdfa06e24dbd45" }, { "reference_url": "https://github.com/bagisto/bagisto/pull/4764/commits/7bbf0c4bb565fc2601f031f9bbcdfa06e24dbd45", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/bagisto/bagisto/pull/4764/commits/7bbf0c4bb565fc2601f031f9bbcdfa06e24dbd45" }, { "reference_url": "https://github.com/Ek-Saini/security/blob/main/XSS_via_fileupload-bagisto", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/Ek-Saini/security/blob/main/XSS_via_fileupload-bagisto" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36236", "reference_id": "CVE-2023-36236", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36236" }, { "reference_url": "https://github.com/advisories/GHSA-c962-g533-823f", "reference_id": "GHSA-c962-g533-823f", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-c962-g533-823f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68539?format=api", "purl": "pkg:composer/bagisto/bagisto@1.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/bagisto/bagisto@1.3.2" } ], "aliases": [ "CVE-2023-36236", "GHSA-c962-g533-823f" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v3xa-jemf-p7dc" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/bagisto/bagisto@1.3.2" }