{"url":"http://public2.vulnerablecode.io/api/packages/92727?format=json","purl":"pkg:composer/bolt/bolt@1.1.4","type":"composer","namespace":"bolt","name":"bolt","version":"1.1.4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.6.10","latest_non_vulnerable_version":"3.7.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11894?format=json","vulnerability_id":"VCID-b295-8xxv-nkhh","summary":"Incorrect Permission Assignment for Critical Resource\nBolt does not properly restrict access to `_profiler routes`, related to `EventListener/ProfilerListener.php` and `Provider/EventListenerServiceProvider.php`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16754","reference_id":"","reference_type":"","scores":[{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59771","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16754"},{"reference_url":"https://github.com/bolt/bolt","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bolt/bolt"},{"reference_url":"https://github.com/bolt/bolt/commit/aa21787241945457a2e4abc8b079672935fe0840","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bolt/bolt/commit/aa21787241945457a2e4abc8b079672935fe0840"},{"reference_url":"https://github.com/bolt/bolt/releases/tag/v3.3.6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bolt/bolt/releases/tag/v3.3.6"},{"reference_url":"http://www.securityfocus.com/bid/101777","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/101777"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16754","reference_id":"CVE-2017-16754","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16754"},{"reference_url":"https://github.com/advisories/GHSA-wr23-m9m2-jjf4","reference_id":"GHSA-wr23-m9m2-jjf4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wr23-m9m2-jjf4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53604?format=json","purl":"pkg:composer/bolt/bolt@3.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eguu-bg4n-n3ch"},{"vulnerability":"VCID-qud7-1j2r-sfcr"},{"vulnerability":"VCID-ue5a-zvaw-mqhh"},{"vulnerability":"VCID-v5c2-upgr-vbfp"},{"vulnerability":"VCID-zcgn-7td2-xuhu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/bolt/bolt@3.3.6"}],"aliases":["CVE-2017-16754","GHSA-wr23-m9m2-jjf4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b295-8xxv-nkhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10709?format=json","vulnerability_id":"VCID-c36x-2dcq-kyd4","summary":"Remote Code Execution\nThe Bolt CMS does not allow the upload or editing of PHP files in its admin area, which should prevent code execution once an attacker gained admin credentials. However, when uploading, the actual file type is not checked. The theme editor allows for the renaming of uploaded files, and it does not check the file extension or file type when doing so. Because of this, an attacker can gain code execution. Please note that admin credentials are required.","references":[{"reference_url":"http://blog.curesec.com/article/blog/Bolt-224-Code-Execution-44.html","reference_id":"","reference_type":"","scores":[],"url":"http://blog.curesec.com/article/blog/Bolt-224-Code-Execution-44.html"},{"reference_url":"https://github.com/bolt/bolt/pull/3815","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bolt/bolt/pull/3815"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51281?format=json","purl":"pkg:composer/bolt/bolt@2.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b295-8xxv-nkhh"},{"vulnerability":"VCID-eguu-bg4n-n3ch"},{"vulnerability":"VCID-qud7-1j2r-sfcr"},{"vulnerability":"VCID-ue5a-zvaw-mqhh"},{"vulnerability":"VCID-v5c2-upgr-vbfp"},{"vulnerability":"VCID-zcgn-7td2-xuhu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/bolt/bolt@2.2.5"}],"aliases":["GMS-2015-20"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c36x-2dcq-kyd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140157?format=json","vulnerability_id":"VCID-eguu-bg4n-n3ch","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15484","reference_id":"","reference_type":"","scores":[{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.54005","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15484"},{"reference_url":"https://github.com/bolt/bolt","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bolt/bolt"},{"reference_url":"https://github.com/bolt/bolt/pull/7801","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bolt/bolt/pull/7801"},{"reference_url":"https://github.com/bolt/bolt/releases/tag/v3.6.10","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bolt/bolt/releases/tag/v3.6.10"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15484","reference_id":"CVE-2019-15484","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15484"},{"reference_url":"https://github.com/advisories/GHSA-fp8m-xw3f-6h7x","reference_id":"GHSA-fp8m-xw3f-6h7x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fp8m-xw3f-6h7x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74329?format=json","purl":"pkg:composer/bolt/bolt@3.6.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/bolt/bolt@3.6.10"}],"aliases":["CVE-2019-15484","GHSA-fp8m-xw3f-6h7x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eguu-bg4n-n3ch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13431?format=json","vulnerability_id":"VCID-qud7-1j2r-sfcr","summary":"Unrestricted Upload of File with Dangerous Type\n`Controller/Async/FilesystemManager.php` in the filemanager in Bolt allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a `.php` extension.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9185","reference_id":"","reference_type":"","scores":[{"value":"0.01035","scoring_system":"epss","scoring_elements":"0.77684","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9185"},{"reference_url":"https://github.com/bolt/bolt","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bolt/bolt"},{"reference_url":"https://github.com/bolt/bolt/blob/v3.6.5/changelog.md","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bolt/bolt/blob/v3.6.5/changelog.md"},{"reference_url":"https://github.com/bolt/bolt/pull/7745","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bolt/bolt/pull/7745"},{"reference_url":"https://github.com/bolt/bolt/releases/tag/v3.6.5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bolt/bolt/releases/tag/v3.6.5"},{"reference_url":"https://www.hacksecproject.com/?p=293","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.hacksecproject.com/?p=293"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9185","reference_id":"CVE-2019-9185","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9185"},{"reference_url":"https://github.com/advisories/GHSA-gmg5-f2gm-p3h7","reference_id":"GHSA-gmg5-f2gm-p3h7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gmg5-f2gm-p3h7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56545?format=json","purl":"pkg:composer/bolt/bolt@3.6.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eguu-bg4n-n3ch"},{"vulnerability":"VCID-ue5a-zvaw-mqhh"},{"vulnerability":"VCID-zcgn-7td2-xuhu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/bolt/bolt@3.6.5"}],"aliases":["CVE-2019-9185","GHSA-gmg5-f2gm-p3h7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qud7-1j2r-sfcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140158?format=json","vulnerability_id":"VCID-ue5a-zvaw-mqhh","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15485","reference_id":"","reference_type":"","scores":[{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.54005","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15485"},{"reference_url":"https://github.com/bolt/bolt/pull/7800","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bolt/bolt/pull/7800"},{"reference_url":"https://github.com/bolt/bolt/releases/tag/v3.6.10","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bolt/bolt/releases/tag/v3.6.10"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15485","reference_id":"CVE-2019-15485","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15485"},{"reference_url":"https://github.com/advisories/GHSA-cj8p-53v9-2c26","reference_id":"GHSA-cj8p-53v9-2c26","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cj8p-53v9-2c26"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74329?format=json","purl":"pkg:composer/bolt/bolt@3.6.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/bolt/bolt@3.6.10"}],"aliases":["CVE-2019-15485","GHSA-cj8p-53v9-2c26"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ue5a-zvaw-mqhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13161?format=json","vulnerability_id":"VCID-v5c2-upgr-vbfp","summary":"Cross-site Scripting\nBolt CMS allows XSS via text input.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19933","reference_id":"","reference_type":"","scores":[{"value":"0.02243","scoring_system":"epss","scoring_elements":"0.8484","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19933"},{"reference_url":"https://github.com/bolt/bolt","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bolt/bolt"},{"reference_url":"https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting"},{"reference_url":"https://www.exploit-db.com/exploits/46014","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/46014"},{"reference_url":"https://www.exploit-db.com/exploits/46014/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/46014/"},{"reference_url":"https://www.raifberkaydincel.com/bolt-cms-xss-vulnerability.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.raifberkaydincel.com/bolt-cms-xss-vulnerability.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46014.txt","reference_id":"CVE-2018-19933","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46014.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19933","reference_id":"CVE-2018-19933","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19933"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56129?format=json","purl":"pkg:composer/bolt/bolt@3.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eguu-bg4n-n3ch"},{"vulnerability":"VCID-qud7-1j2r-sfcr"},{"vulnerability":"VCID-ue5a-zvaw-mqhh"},{"vulnerability":"VCID-zcgn-7td2-xuhu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/bolt/bolt@3.6.2"}],"aliases":["CVE-2018-19933","GHSA-gjx6-58xh-p7pw"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v5c2-upgr-vbfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140156?format=json","vulnerability_id":"VCID-zcgn-7td2-xuhu","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15483","reference_id":"","reference_type":"","scores":[{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45035","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15483"},{"reference_url":"https://github.com/bolt/bolt","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bolt/bolt"},{"reference_url":"https://github.com/bolt/bolt/pull/7802","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bolt/bolt/pull/7802"},{"reference_url":"https://github.com/bolt/bolt/releases/tag/v3.6.10","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bolt/bolt/releases/tag/v3.6.10"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15483","reference_id":"CVE-2019-15483","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15483"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74329?format=json","purl":"pkg:composer/bolt/bolt@3.6.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/bolt/bolt@3.6.10"}],"aliases":["CVE-2019-15483","GHSA-ph84-vg7q-fqq8"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zcgn-7td2-xuhu"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/bolt/bolt@1.1.4"}