Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/42411?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42411?format=api", "vulnerability_id": "VCID-rxnd-sf2e-aqcg", "summary": "Authorization bypass in url-parse\nAuthorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.", "aliases": [ { "alias": "CVE-2022-0512" }, { "alias": "GHSA-rqff-837h-mm52" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60672?format=api", "purl": "pkg:npm/url-parse@1.5.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/url-parse@1.5.6" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56354?format=api", "purl": "pkg:npm/url-parse@0.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-257u-qjc4-afdg" }, { "vulnerability": "VCID-c1dy-p3tz-dbcs" }, { "vulnerability": "VCID-rxnd-sf2e-aqcg" }, { "vulnerability": "VCID-suhk-1g74-1khf" }, { "vulnerability": "VCID-ukj6-rn9c-b7ap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/url-parse@0.1.0" } ], "references": [ { "reference_url": "https://github.com/unshiftio/url-parse", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/unshiftio/url-parse" }, { "reference_url": "https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40" }, { "reference_url": "https://huntr.dev/bounties/6d1bc51f-1876-4f5b-a2c2-734e09e8e05b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/6d1bc51f-1876-4f5b-a2c2-734e09e8e05b" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0512", "reference_id": "CVE-2022-0512", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0512" }, { "reference_url": "https://github.com/advisories/GHSA-rqff-837h-mm52", "reference_id": "GHSA-rqff-837h-mm52", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rqff-837h-mm52" } ], "weaknesses": [ { "cwe_id": 639, "name": "Authorization Bypass Through User-Controlled Key", "description": "The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rxnd-sf2e-aqcg" }