Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/772058?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/772058?format=api", "purl": "pkg:npm/%40backstage/plugin-app-backend@0.0.0-nightly-20220624024747", "type": "npm", "namespace": "@backstage", "name": "plugin-app-backend", "version": "0.0.0-nightly-20220624024747", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.3.75", "latest_non_vulnerable_version": "0.3.75", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55935?format=api", "vulnerability_id": "VCID-4tbs-8bx4-mbgr", "summary": "Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend\nConfiguration supplied through `APP_CONFIG_*` environment variables, for example `APP_CONFIG_backend_listen_port=7007`, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if the configuration schema specified that they should have backend or secret visibility. This was an intended feature of the `APP_CONFIG_*` way of supplying configuration, but now clearly goes against the expected behavior of the configuration system. This behavior leads to a risk of potentially exposing sensitive configuration details intended to remain private or restricted to backend processes.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47762.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47762.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47762", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40472", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40458", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40487", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40514", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40512", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47762" }, { "reference_url": "https://github.com/backstage/backstage", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/backstage/backstage" }, { "reference_url": "https://github.com/backstage/backstage/commit/323e6129073c5cb4cc106a1239eaec31a129554f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T17:39:32Z/" } ], "url": "https://github.com/backstage/backstage/commit/323e6129073c5cb4cc106a1239eaec31a129554f" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316342", "reference_id": "2316342", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316342" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47762", "reference_id": "CVE-2024-47762", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47762" }, { "reference_url": "https://github.com/advisories/GHSA-qc4v-xq2m-65wc", "reference_id": "GHSA-qc4v-xq2m-65wc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qc4v-xq2m-65wc" }, { "reference_url": "https://github.com/backstage/backstage/security/advisories/GHSA-qc4v-xq2m-65wc", "reference_id": "GHSA-qc4v-xq2m-65wc", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T17:39:32Z/" } ], "url": "https://github.com/backstage/backstage/security/advisories/GHSA-qc4v-xq2m-65wc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82841?format=api", "purl": "pkg:npm/%40backstage/plugin-app-backend@0.3.75", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540backstage/plugin-app-backend@0.3.75" } ], "aliases": [ "CVE-2024-47762", "GHSA-qc4v-xq2m-65wc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4tbs-8bx4-mbgr" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540backstage/plugin-app-backend@0.0.0-nightly-20220624024747" }