Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/76229?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/76229?format=api", "purl": "pkg:golang/github.com/opencontainers/image-spec@1.0.2", "type": "golang", "namespace": "github.com/opencontainers", "name": "image-spec", "version": "1.0.2", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43131?format=api", "vulnerability_id": "VCID-dbme-xuy9-pyec", "summary": "Clarify `mediaType` handling\n### Impact\nIn the OCI Image Specification version 1.0.1 and prior, manifest and index documents are not self-describing and documents with a single digest could be interpreted as either a manifest or an index.\n\n### Patches\nThe Image Specification will be updated to recommend that both manifest and index documents contain a `mediaType` field to identify the type of document.\nRelease [v1.0.2](https://github.com/opencontainers/image-spec/releases/tag/v1.0.2) includes these updates.\n\n### Workarounds\nSoftware attempting to deserialize an ambiguous document may reject the document if it contains both “manifests” and “layers” fields or “manifests” and “config” fields.\n\n### References\nhttps://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in https://github.com/opencontainers/image-spec\n* Email us at [security@opencontainers.org](mailto:security@opencontainers.org)\n* https://github.com/opencontainers/image-spec/commits/v1.0.2", "references": [ { "reference_url": "https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m" }, { "reference_url": "https://github.com/opencontainers/image-spec", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencontainers/image-spec" }, { "reference_url": "https://github.com/opencontainers/image-spec/commit/693428a734f5bab1a84bd2f990d92ef1111cd60c", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencontainers/image-spec/commit/693428a734f5bab1a84bd2f990d92ef1111cd60c" }, { "reference_url": "https://github.com/opencontainers/image-spec/releases/tag/v1.0.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencontainers/image-spec/releases/tag/v1.0.2" }, { "reference_url": "https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76229?format=api", "purl": "pkg:golang/github.com/opencontainers/image-spec@1.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:golang/github.com/opencontainers/image-spec@1.0.2" } ], "aliases": [ "GHSA-77vh-xpmg-72qh" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dbme-xuy9-pyec" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:golang/github.com/opencontainers/image-spec@1.0.2" }