Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/50449?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50449?format=api", "vulnerability_id": "VCID-327c-vdne-j7ar", "summary": "Moderate severity vulnerability that affects rails-html-sanitizer\nWithdrawn, accidental duplicate publish.\n\nCross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes.", "aliases": [ { "alias": "GHSA-qc8j-m8j3-rjq6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21576?format=api", "purl": "pkg:gem/rails-html-sanitizer@1.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-63em-3vdj-j3cu" }, { "vulnerability": "VCID-782b-usu3-bbhd" }, { "vulnerability": "VCID-apxn-up79-x3ge" }, { "vulnerability": "VCID-cphr-tdzs-x7ar" }, { "vulnerability": "VCID-ete9-xwuw-puf8" }, { "vulnerability": "VCID-rhb1-h2b8-jucb" }, { "vulnerability": "VCID-rz3c-6h7r-6bam" }, { "vulnerability": "VCID-ueen-aybd-tqh2" }, { "vulnerability": "VCID-wxfr-bs81-augc" }, { "vulnerability": "VCID-xby9-avva-a3e5" }, { "vulnerability": "VCID-zcs7-hzze-u3a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails-html-sanitizer@1.0.3" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/139678?format=api", "purl": "pkg:gem/rails-html-sanitizer@1.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ece-9xu2-z7ea" }, { "vulnerability": "VCID-327c-vdne-j7ar" }, { "vulnerability": "VCID-6158-4ade-h7ba" }, { "vulnerability": "VCID-63em-3vdj-j3cu" }, { "vulnerability": "VCID-782b-usu3-bbhd" }, { "vulnerability": "VCID-apxn-up79-x3ge" }, { "vulnerability": "VCID-cphr-tdzs-x7ar" }, { "vulnerability": "VCID-ete9-xwuw-puf8" }, { "vulnerability": "VCID-nc6s-6usd-gkeb" }, { "vulnerability": "VCID-rhb1-h2b8-jucb" }, { "vulnerability": "VCID-rz3c-6h7r-6bam" }, { "vulnerability": "VCID-ueen-aybd-tqh2" }, { "vulnerability": "VCID-xby9-avva-a3e5" }, { "vulnerability": "VCID-zcs7-hzze-u3a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails-html-sanitizer@1.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/139679?format=api", "purl": "pkg:gem/rails-html-sanitizer@1.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ece-9xu2-z7ea" }, { "vulnerability": "VCID-327c-vdne-j7ar" }, { "vulnerability": "VCID-6158-4ade-h7ba" }, { "vulnerability": "VCID-63em-3vdj-j3cu" }, { "vulnerability": "VCID-782b-usu3-bbhd" }, { "vulnerability": "VCID-apxn-up79-x3ge" }, { "vulnerability": "VCID-cphr-tdzs-x7ar" }, { "vulnerability": "VCID-ete9-xwuw-puf8" }, { "vulnerability": "VCID-nc6s-6usd-gkeb" }, { "vulnerability": "VCID-rhb1-h2b8-jucb" }, { "vulnerability": "VCID-rz3c-6h7r-6bam" }, { "vulnerability": "VCID-ueen-aybd-tqh2" }, { "vulnerability": "VCID-xby9-avva-a3e5" }, { "vulnerability": "VCID-zcs7-hzze-u3a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails-html-sanitizer@1.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/21574?format=api", "purl": "pkg:gem/rails-html-sanitizer@1.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ece-9xu2-z7ea" }, { "vulnerability": "VCID-327c-vdne-j7ar" }, { "vulnerability": "VCID-6158-4ade-h7ba" }, { "vulnerability": "VCID-63em-3vdj-j3cu" }, { "vulnerability": "VCID-782b-usu3-bbhd" }, { "vulnerability": "VCID-an3h-1c9y-f3bp" }, { "vulnerability": "VCID-apxn-up79-x3ge" }, { "vulnerability": "VCID-cphr-tdzs-x7ar" }, { "vulnerability": "VCID-ete9-xwuw-puf8" }, { "vulnerability": "VCID-nc6s-6usd-gkeb" }, { "vulnerability": "VCID-rhb1-h2b8-jucb" }, { "vulnerability": "VCID-rz3c-6h7r-6bam" }, { "vulnerability": "VCID-ueen-aybd-tqh2" }, { "vulnerability": "VCID-ujza-s7ug-9fcp" }, { "vulnerability": "VCID-xby9-avva-a3e5" }, { "vulnerability": "VCID-zcs7-hzze-u3a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails-html-sanitizer@1.0.2" } ], "references": [ { "reference_url": "https://github.com/advisories/GHSA-qc8j-m8j3-rjq6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qc8j-m8j3-rjq6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7578", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7578" } ], "weaknesses": [], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-327c-vdne-j7ar" }