Test (v1)

This document uses the v1 API, which will eventually be deprecated, as further Snyk developments are now focused on the REST API. For more details, see the v1 API.

Test package.json & yarn.lock File

post

Test for issues in yarn files.You can test your yarn packages for issues according to their manifest file & lockfile using this action. It takes a JSON object containing a "target" package.json and a yarn.lock.

Required permissions

View Organization
Test Packages

Query parameters

orgstringOptional

The organization to test the package with. See "The Snyk organization for a request" above.

Example: 9695cbb1-3a87-4d6f-8ae1-61a1c37ee9f7

Body

and

anyOptionalExample:

{"encoding":"plain","files":{"target":{"contents":"{ \"name\": \"shallow-goof\", \"version\": \"0.0.1\", \"description\": \"A vulnerable demo application\", \"homepage\": \"https://snyk.io/\", \"repository\": { \"type\": \"git\", \"url\": \"https://github.com/Snyk/shallow-goof\" }, \"dependencies\": { \"node-uuid\": \"1.4.0\", \"qs\": \"0.0.6\" } }"},"additional":[{"contents":"# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.\\r\\n# yarn lockfile v1\\r\\n\\r\\n\\r\\[email protected]:\\r\\n  version \\\"1.4.0\\\"\\r\\n  resolved \\\"https:\\/\\/registry.yarnpkg.com\\/node-uuid\\/-\\/node-uuid-1.4.0.tgz#07f9b2337572ff6275c775e1d48513f3a45d7a65\\\"\\r\\n  integrity sha1-B\\/myM3Vy\\/2J1x3Xh1IUT86RdemU=\\r\\n\\r\\[email protected]:\\r\\n  version \\\"0.0.6\\\"\\r\\n  resolved \\\"https:\\/\\/registry.yarnpkg.com\\/qs\\/-\\/qs-0.0.6.tgz#481659b7e5bf6a5ea898010de5aed35eb469e124\\\"\\r\\n  integrity sha1-SBZZt+W\\/al6omAEN5a7TXrRp4SQ=\\r\\n"}]}}

Responses

200Success

application/json

post

/test/yarn

POST /v1/test/yarn HTTP/1.1
Host: api.snyk.io
Content-Type: application/json
Accept: */*
Content-Length: 958

{
  "encoding": "plain",
  "files": {
    "target": {
      "contents": "{ \"name\": \"shallow-goof\", \"version\": \"0.0.1\", \"description\": \"A vulnerable demo application\", \"homepage\": \"https://snyk.io/\", \"repository\": { \"type\": \"git\", \"url\": \"https://github.com/Snyk/shallow-goof\" }, \"dependencies\": { \"node-uuid\": \"1.4.0\", \"qs\": \"0.0.6\" } }"
    },
    "additional": [
      {
        "contents": "# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.\\r\\n# yarn lockfile v1\\r\\n\\r\\n\\r\\[email protected]:\\r\\n  version \\\"1.4.0\\\"\\r\\n  resolved \\\"https:\\/\\/registry.yarnpkg.com\\/node-uuid\\/-\\/node-uuid-1.4.0.tgz#07f9b2337572ff6275c775e1d48513f3a45d7a65\\\"\\r\\n  integrity sha1-B\\/myM3Vy\\/2J1x3Xh1IUT86RdemU=\\r\\n\\r\\[email protected]:\\r\\n  version \\\"0.0.6\\\"\\r\\n  resolved \\\"https:\\/\\/registry.yarnpkg.com\\/qs\\/-\\/qs-0.0.6.tgz#481659b7e5bf6a5ea898010de5aed35eb469e124\\\"\\r\\n  integrity sha1-SBZZt+W\\/al6omAEN5a7TXrRp4SQ=\\r\\n"
      }
    ]
  }
}

200Success

{
  "ok": true,
  "issues": {
    "vulnerabilities": [
      {
        "id": "npm:node-uuid:20160328",
        "url": "https://snyk.io/vuln/npm:node-uuid:20160328",
        "title": "Insecure Randomness",
        "type": "vuln",
        "description": "## Overview\n[`node-uuid`](https://github.com/kelektiv/node-uuid) is a Simple, fast generation of RFC4122 UUIDS.\n\nAffected versions of this package are vulnerable to Insecure Randomness. It uses the cryptographically insecure `Math.random` which can produce predictable values and should not be used in security-sensitive context.\n\n## Remediation\nUpgrade `node-uuid` to version 1.4.4 or greater.\n\n## References\n- [GitHub Issue](https://github.com/broofa/node-uuid/issues/108)\n- [GitHub Issue 2](https://github.com/broofa/node-uuid/issues/122)\n",
        "functions": [],
        "from": [
          "[email protected]"
        ],
        "package": "node-uuid",
        "version": "1.4.0",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "js",
        "packageManager": "npm",
        "semver": {
          "vulnerable": [
            "<1.4.4"
          ]
        },
        "publicationTime": "2016-03-28T22:00:02.566000Z",
        "disclosureTime": "2016-03-28T21:29:30Z",
        "isUpgradable": true,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "ALTERNATIVE": [
            "SNYK-JS-NODEUUID-10089"
          ],
          "CVE": [],
          "CWE": [
            "CWE-330"
          ],
          "NSP": [
            93
          ]
        },
        "credit": [
          "Fedot Praslov"
        ],
        "CVSSv3": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "cvssScore": 4.2,
        "patches": [
          {
            "comments": [],
            "id": "patch:npm:node-uuid:20160328:0",
            "modificationTime": "2019-12-03T11:40:45.815314Z",
            "urls": [
              "https://snyk-patches.s3.amazonaws.com/npm/node-uuid/20160328/node-uuid_20160328_0_0_616ad3800f35cf58089215f420db9654801a5a02.patch"
            ],
            "version": "<=1.4.3 >=1.4.2"
          }
        ],
        "upgradePath": [
          "[email protected]"
        ]
      }
    ],
    "licenses": [
      "text"
    ]
  },
  "dependencyCount": 1,
  "org": {
    "name": "atokeneduser",
    "id": "689ce7f9-7943-4a71-b704-2ba575f01089"
  },
  "licensesPolicy": "text",
  "packageManager": "text"
}

Test sbt file

post

Test for issues in sbt files.You can test your sbt packages for issues according to their manifest file using this action. It takes a JSON object containing a the "target" build.sbt.

Required permissions

View Organization
Test Packages

Query parameters

orgstringOptional

The organization to test the package with. See "The Snyk organization for a request" above.

Example: 9695cbb1-3a87-4d6f-8ae1-61a1c37ee9f7

repositorystringOptional

The repository hosting this package. The default value is Maven Central. More than one value is supported, in order.

Example: https://repo1.maven.org/maven2

Body

and

anyOptionalExample:

{"encoding":"plain","files":{"target":{"contents":"\\nname := \\\"subsearch\\\"\\n\\nassemblyJarName in assembly := s\\\"subsearch-0.2.0.jar\\\"\\n\\nscalaVersion := \\\"2.11.8\\\"\\n\\nscalacOptions ++= Seq(\\\"-unchecked\\\", \\\"-deprecation\\\")\\n\\nresolvers += Resolver.sonatypeRepo(\\\"public\\\")\\n\\nlibraryDependencies += \\\"org.scalatest\\\" % \\\"scalatest_2.11\\\" % \\\"2.2.1\\\" % \\\"test\\\"\\nlibraryDependencies += \\\"org.scalamock\\\" %% \\\"scalamock-scalatest-support\\\" % \\\"3.2.2\\\" % \\\"test\\\"\\nlibraryDependencies += \\\"net.databinder.dispatch\\\" %% \\\"dispatch-core\\\" % \\\"0.11.2\\\"\\nlibraryDependencies += \\\"org.slf4j\\\" % \\\"slf4j-simple\\\" % \\\"1.6.6\\\"\\nlibraryDependencies += \\\"com.github.scopt\\\" %% \\\"scopt\\\" % \\\"3.4.0\\\"\\nlibraryDependencies += \\\"pl.project13.scala\\\" %% \\\"rainbow\\\" % \\\"0.2\\\"\\nlibraryDependencies += \\\"dnsjava\\\" % \\\"dnsjava\\\" % \\\"2.1.7\\\"\\nlibraryDependencies += \\\"com.typesafe.akka\\\" %% \\\"akka-actor\\\" % \\\"2.4.1\\\"\\nlibraryDependencies += \\\"org.scala-lang.modules\\\" % \\\"scala-jline\\\" % \\\"2.12.1\\\"\\nlibraryDependencies += \\\"net.ruippeixotog\\\" %% \\\"scala-scraper\\\" % \\\"1.0.0\\\""}}}

Responses

200Success

application/json

post

/test/sbt

POST /v1/test/sbt HTTP/1.1
Host: api.snyk.io
Content-Type: application/json
Accept: */*
Content-Length: 1231

{
  "encoding": "plain",
  "files": {
    "target": {
      "contents": "\\nname := \\\"subsearch\\\"\\n\\nassemblyJarName in assembly := s\\\"subsearch-0.2.0.jar\\\"\\n\\nscalaVersion := \\\"2.11.8\\\"\\n\\nscalacOptions ++= Seq(\\\"-unchecked\\\", \\\"-deprecation\\\")\\n\\nresolvers += Resolver.sonatypeRepo(\\\"public\\\")\\n\\nlibraryDependencies += \\\"org.scalatest\\\" % \\\"scalatest_2.11\\\" % \\\"2.2.1\\\" % \\\"test\\\"\\nlibraryDependencies += \\\"org.scalamock\\\" %% \\\"scalamock-scalatest-support\\\" % \\\"3.2.2\\\" % \\\"test\\\"\\nlibraryDependencies += \\\"net.databinder.dispatch\\\" %% \\\"dispatch-core\\\" % \\\"0.11.2\\\"\\nlibraryDependencies += \\\"org.slf4j\\\" % \\\"slf4j-simple\\\" % \\\"1.6.6\\\"\\nlibraryDependencies += \\\"com.github.scopt\\\" %% \\\"scopt\\\" % \\\"3.4.0\\\"\\nlibraryDependencies += \\\"pl.project13.scala\\\" %% \\\"rainbow\\\" % \\\"0.2\\\"\\nlibraryDependencies += \\\"dnsjava\\\" % \\\"dnsjava\\\" % \\\"2.1.7\\\"\\nlibraryDependencies += \\\"com.typesafe.akka\\\" %% \\\"akka-actor\\\" % \\\"2.4.1\\\"\\nlibraryDependencies += \\\"org.scala-lang.modules\\\" % \\\"scala-jline\\\" % \\\"2.12.1\\\"\\nlibraryDependencies += \\\"net.ruippeixotog\\\" %% \\\"scala-scraper\\\" % \\\"1.0.0\\\""
    }
  }
}

200Success

{
  "ok": true,
  "issues": {
    "vulnerabilities": [
      {
        "id": "SNYK-JAVA-COMNING-30317",
        "url": "https://snyk.io/vuln/SNYK-JAVA-COMNING-30317",
        "title": "Insufficient Verification of Data Authenticity",
        "type": "vuln",
        "description": "## Overview\n[`com.ning:async-http-client`](http://search.maven.org/#search%7Cga%7C1%7Ca%3A%22async-http-client%22)\nAsync Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a typical AHC configuration, as demonstrated by a configuration that does not send client certificates.\n\n## References\n- [NVD](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7397)\n- [OSS Security](http://openwall.com/lists/oss-security/2014/08/26/1)\n- [GitHub Issue](https://github.com/AsyncHttpClient/async-http-client/issues/352)\n- [GitHub Commit](https://github.com/AsyncHttpClient/async-http-client/commit/dfacb8e05d0822c7b2024c452554bd8e1d6221d8)\n",
        "functions": [],
        "from": [
          "net.databinder.dispatch:[email protected]",
          "com.ning:[email protected]"
        ],
        "package": "com.ning:async-http-client",
        "version": "1.8.10",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "java",
        "packageManager": "maven",
        "semver": {
          "vulnerable": [
            "[,1.9.0)"
          ]
        },
        "publicationTime": "2017-03-28T08:29:28.375000Z",
        "disclosureTime": "2015-06-24T16:59:00Z",
        "isUpgradable": true,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2013-7397"
          ],
          "CWE": [
            "CWE-345"
          ]
        },
        "credit": [
          "Unknown"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
        "cvssScore": 4.3,
        "patches": [],
        "upgradePath": [
          "net.databinder.dispatch:[email protected]",
          "com.ning:[email protected]"
        ]
      }
    ],
    "licenses": [
      {
        "id": "snyk:lic:maven:net.databinder.dispatch:dispatch-core_2.11:LGPL-3.0",
        "url": "https://snyk.io/vuln/snyk:lic:maven:net.databinder.dispatch:dispatch-core_2.11:LGPL-3.0",
        "title": "LGPL-3.0 license",
        "type": "license",
        "from": [
          "net.databinder.dispatch:[email protected]"
        ],
        "package": "net.databinder.dispatch:dispatch-core_2.11",
        "version": "0.11.2",
        "severity": "medium",
        "language": "java",
        "packageManager": "maven",
        "semver": {
          "vulnerable": [
            "[0,)"
          ]
        }
      }
    ]
  },
  "dependencyCount": 1,
  "org": {
    "name": "atokeneduser",
    "id": "689ce7f9-7943-4a71-b704-2ba575f01089"
  },
  "licensesPolicy": "text",
  "packageManager": "text"
}

sbt_Test for issues in a public package by group id, artifact id and version

get

Test for issues in sbt files.You can test sbt packages for issues according to their group ID, artifact ID and version. This is done via the maven endpoint (for Java), since the packages are hosted on maven central or a compatible repository. See "Maven" above for details.

Required permissions

View Organization
Test Packages

Path parameters

groupIdstringRequired

The package's group ID.

Example: org.apache.flex.blazeds

artifactIdstringRequired

The package's artifact ID.

Example: blazeds

versionstringRequired

The package version to test.

Example: 4.7.2

Query parameters

orgstringOptional

The organization to test the package with. See "The Snyk organization for a request" above.

Example: 9695cbb1-3a87-4d6f-8ae1-61a1c37ee9f7

repositorystringOptional

The repository hosting this package. The default value is Maven Central. More than one value is supported, in order.

Example: https://repo1.maven.org/maven2

Responses

200Success

application/json

get

/test/sbt/{groupId}/{artifactId}/{version}

GET /v1/test/sbt/{groupId}/{artifactId}/{version} HTTP/1.1
Host: api.snyk.io
Accept: */*

200Success

{
  "ok": false,
  "issues": {
    "vulnerabilities": [
      {
        "id": "SNYK-JAVA-ORGAPACHEFLEXBLAZEDS-31455",
        "url": "https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEFLEXBLAZEDS-31455",
        "title": "Arbitrary Code Execution",
        "type": "vuln",
        "description": "## Overview\n\n[org.apache.flex.blazeds:blazeds](https://github.com/apache/flex-blazeds) is an application development framework for easily building Flash-based applications for mobile devices, web browsers, and desktops.\n\n\nAffected versions of this package are vulnerable to Arbitrary Code Execution.\nThe AMF deserialization implementation of Flex BlazeDS is vulnerable to Deserialization of Untrusted Data. By sending a specially crafted AMF message, it is possible to make the server establish a connection to an endpoint specified in the message and request an RMI remote object from that endpoint. This can result in the execution of arbitrary code on the server via Java deserialization.\n\n\nStarting with BlazeDS version `4.7.3`, Deserialization of XML is disabled completely per default, while the `ClassDeserializationValidator` allows deserialization of whitelisted classes only. BlazeDS internally comes with the following whitelist:\n```\nflex.messaging.io.amf.ASObject\nflex.messaging.io.amf.SerializedObject\nflex.messaging.io.ArrayCollection\nflex.messaging.io.ArrayList\nflex.messaging.messages.AcknowledgeMessage\nflex.messaging.messages.AcknowledgeMessageExt\nflex.messaging.messages.AsyncMessage\nflex.messaging.messages.AsyncMessageExt\nflex.messaging.messages.CommandMessage\nflex.messaging.messages.CommandMessageExt\nflex.messaging.messages.ErrorMessage\nflex.messaging.messages.HTTPMessage\nflex.messaging.messages.RemotingMessage\nflex.messaging.messages.SOAPMessage\njava.lang.Boolean\njava.lang.Byte\njava.lang.Character\njava.lang.Double\njava.lang.Float\njava.lang.Integer\njava.lang.Long\njava.lang.Object\njava.lang.Short\njava.lang.String\njava.util.ArrayList\njava.util.Date\njava.util.HashMap\norg.w3c.dom.Document\n```\n\n## Remediation\n\nUpgrade `org.apache.flex.blazeds:blazeds` to version 4.7.3 or higher.\n\n\n## References\n\n- [CVE-2017-3066](https://nvd.nist.gov/vuln/detail/CVE-2017-5641)\n\n- [Github Commit](https://github.com/apache/flex-blazeds/commit/f861f0993c35e664906609cad275e45a71e2aaf1)\n\n- [Github Release Notes](https://github.com/apache/flex-blazeds/blob/master/RELEASE_NOTES)\n\n- [Securitytracker Issue](http://www.securitytracker.com/id/1038364)\n",
        "functions": [],
        "from": [
          "org.apache.flex.blazeds:[email protected]"
        ],
        "package": "org.apache.flex.blazeds:blazeds",
        "version": "4.7.2",
        "severity": "critical",
        "exploitMaturity": "no-known-exploit",
        "language": "java",
        "packageManager": "maven",
        "semver": {
          "vulnerable": [
            "[,4.7.3)"
          ]
        },
        "publicationTime": "2017-08-09T14:17:08Z",
        "disclosureTime": "2017-04-25T21:00:00Z",
        "isUpgradable": true,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2017-5641"
          ],
          "CWE": [
            "CWE-502"
          ]
        },
        "credit": [
          "Markus Wulftange"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "cvssScore": 9.8,
        "patches": [],
        "upgradePath": [
          "org.apache.flex.blazeds:[email protected]"
        ]
      }
    ],
    "licenses": []
  },
  "dependencyCount": 1,
  "org": {
    "name": "atokeneduser",
    "id": "689ce7f9-7943-4a71-b704-2ba575f01089"
  },
  "licensesPolicy": null,
  "packageManager": "maven"
}

Test gemfile.lock file

post

Test for issues in rubygems packages and applications.You can test your rubygems applications for issues according to their lockfile using this action. It takes a JSON object containing a the "target" Gemfile.lock.

Required permissions

View Organization
Test Packages

Query parameters

orgstringOptional

The organization to test the package with. See "The Snyk organization for a request" above.

Example: 4a18d42f-0706-4ad0-b127-24078731fbed

Body

and

anyOptionalExample:

{"encoding":"plain","files":{"target":{"contents":"GEM\\n remote: http://rubygems.org/\\n specs:\\n actionpack (4.2.5)\\n actionview (= 4.2.5)\\n activesupport (= 4.2.5)\\n rack (~> 1.6)\\n rack-test (~> 0.6.2)\\n rails-dom-testing (~> 1.0, >= 1.0.5)\\n rails-html-sanitizer (~> 1.0, >= 1.0.2)\\n actionview (4.2.5)\\n activesupport (= 4.2.5)\\n builder (~> 3.1)\\n erubis (~> 2.7.0)\\n rails-dom-testing (~> 1.0, >= 1.0.5)\\n rails-html-sanitizer (~> 1.0, >= 1.0.2)\\n activesupport (4.2.5)\\n i18n (~> 0.7)\\n json (~> 1.7, >= 1.7.7)\\n minitest (~> 5.1)\\n thread_safe (~> 0.3, >= 0.3.4)\\n tzinfo (~> 1.1)\\n builder (3.2.2)\\n erubis (2.7.0)\\n haml (3.1.4)\\n httparty (0.8.1)\\n multi_json\\n multi_xml\\n i18n (0.7.0)\\n json (1.8.3)\\n loofah (2.0.3)\\n nokogiri (>= 1.5.9)\\n mini_portile2 (2.1.0)\\n minitest (5.9.1)\\n multi_json (1.12.1)\\n multi_xml (0.5.5)\\n nokogiri (1.6.8.1)\\n mini_portile2 (~> 2.1.0)\\n rack (1.6.4)\\n rack-protection (1.5.3)\\n rack\\n rack-test (0.6.3)\\n rack (>= 1.0)\\n rails-deprecated_sanitizer (1.0.3)\\n activesupport (>= 4.2.0.alpha)\\n rails-dom-testing (1.0.7)\\n activesupport (>= 4.2.0.beta, < 5.0)\\n nokogiri (~> 1.6.0)\\n rails-deprecated_sanitizer (>= 1.0.1)\\n rails-html-sanitizer (1.0.3)\\n loofah (~> 2.0)\\n sinatra (1.3.2)\\n rack (~> 1.3, >= 1.3.6)\\n rack-protection (~> 1.2)\\n tilt (~> 1.3, >= 1.3.3)\\n thread_safe (0.3.5)\\n tilt (1.4.1)\\n tzinfo (1.2.2)\\n thread_safe (~> 0.1)\\n \\n PLATFORMS\\n ruby\\n \\n DEPENDENCIES\\n actionpack\\n haml\\n httparty\\n sinatra\\n \\n BUNDLED WITH\\n 1.13.2"}}}

Responses

200Success

application/json

post

/test/rubygems

POST /v1/test/rubygems HTTP/1.1
Host: api.snyk.io
Content-Type: application/json
Accept: */*
Content-Length: 1572

{
  "encoding": "plain",
  "files": {
    "target": {
      "contents": "GEM\\n remote: http://rubygems.org/\\n specs:\\n actionpack (4.2.5)\\n actionview (= 4.2.5)\\n activesupport (= 4.2.5)\\n rack (~> 1.6)\\n rack-test (~> 0.6.2)\\n rails-dom-testing (~> 1.0, >= 1.0.5)\\n rails-html-sanitizer (~> 1.0, >= 1.0.2)\\n actionview (4.2.5)\\n activesupport (= 4.2.5)\\n builder (~> 3.1)\\n erubis (~> 2.7.0)\\n rails-dom-testing (~> 1.0, >= 1.0.5)\\n rails-html-sanitizer (~> 1.0, >= 1.0.2)\\n activesupport (4.2.5)\\n i18n (~> 0.7)\\n json (~> 1.7, >= 1.7.7)\\n minitest (~> 5.1)\\n thread_safe (~> 0.3, >= 0.3.4)\\n tzinfo (~> 1.1)\\n builder (3.2.2)\\n erubis (2.7.0)\\n haml (3.1.4)\\n httparty (0.8.1)\\n multi_json\\n multi_xml\\n i18n (0.7.0)\\n json (1.8.3)\\n loofah (2.0.3)\\n nokogiri (>= 1.5.9)\\n mini_portile2 (2.1.0)\\n minitest (5.9.1)\\n multi_json (1.12.1)\\n multi_xml (0.5.5)\\n nokogiri (1.6.8.1)\\n mini_portile2 (~> 2.1.0)\\n rack (1.6.4)\\n rack-protection (1.5.3)\\n rack\\n rack-test (0.6.3)\\n rack (>= 1.0)\\n rails-deprecated_sanitizer (1.0.3)\\n activesupport (>= 4.2.0.alpha)\\n rails-dom-testing (1.0.7)\\n activesupport (>= 4.2.0.beta, < 5.0)\\n nokogiri (~> 1.6.0)\\n rails-deprecated_sanitizer (>= 1.0.1)\\n rails-html-sanitizer (1.0.3)\\n loofah (~> 2.0)\\n sinatra (1.3.2)\\n rack (~> 1.3, >= 1.3.6)\\n rack-protection (~> 1.2)\\n tilt (~> 1.3, >= 1.3.3)\\n thread_safe (0.3.5)\\n tilt (1.4.1)\\n tzinfo (1.2.2)\\n thread_safe (~> 0.1)\\n \\n PLATFORMS\\n ruby\\n \\n DEPENDENCIES\\n actionpack\\n haml\\n httparty\\n sinatra\\n \\n BUNDLED WITH\\n 1.13.2"
    }
  }
}

200Success

{
  "ok": false,
  "issues": {
    "vulnerabilities": [
      {
        "id": "SNYK-RUBY-JSON-20000",
        "url": "https://snyk.io/vuln/SNYK-RUBY-JSON-20000",
        "title": "Denial of Service (DoS)",
        "type": "vuln",
        "description": "## Overview\n\nThe [`json`](https://rubygems.org/gems/json) gem is a JSON implementation as a Ruby extension in C.\nAffected versions of this Gem contain an overflow condition. This is triggered when user-supplied input is not properly validated while handling specially crafted data. This can allow a remote attacker to cause a stack-based buffer overflow, resulting in a denial of service, or potentially allowing the [execution of arbitrary code](https://snyk.io/vuln/SNYK-RUBY-JSON-20209).\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\n\n\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\n\n\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\n\n\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\n\n\nTwo common types of DoS vulnerabilities:\n\n\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\n\n\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example,  [npm `ws` package](npm:ws:20171108)\n\n## References\n- http://rubysec.com/advisories/OSVDB-101157\n",
        "functions": [],
        "from": [
          "[email protected]"
        ],
        "package": "json",
        "version": "1.0.0",
        "severity": "high",
        "exploitMaturity": "no-known-exploit",
        "language": "ruby",
        "packageManager": "rubygems",
        "semver": {
          "vulnerable": [
            "< 1.1.0"
          ]
        },
        "publicationTime": "2007-05-20T21:00:00Z",
        "disclosureTime": "2007-05-20T21:00:00Z",
        "isUpgradable": true,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [],
          "CWE": [
            "CWE-400"
          ],
          "OSVDB": [
            "OSVDB-101157"
          ]
        },
        "credit": [
          "Unknown"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "cvssScore": 7.5,
        "patches": [],
        "upgradePath": [
          "[email protected]"
        ]
      },
      {
        "id": "SNYK-RUBY-JSON-20060",
        "url": "https://snyk.io/vuln/SNYK-RUBY-JSON-20060",
        "title": "Denial of Service (DoS)",
        "type": "vuln",
        "description": "## Overview\nThe [`json`](https://rubygems.org/gems/json) gem is a JSON implementation as a Ruby extension in C.\nAffected versions of this Gem are vulnerable to Denial of Service (DoS) attacks and unsafe object creation vulnerabilities. When parsing certain JSON documents, the JSON gem tricked into creating Ruby symbols in a target system.\n\n## Details\n\nWhen parsing certain JSON documents, the JSON gem can be coerced in to creating Ruby symbols in a target system.  Since Ruby symbols are not garbage collected, this can result in a denial of service attack.\n\nThe same technique can be used to create objects in a target system that act like internal objects.  These \"act alike\" objects can be used to bypass certain security mechanisms and can be used as a spring board for SQL injection attacks in Ruby on Rails.\n\nImpacted code looks like this:\n```js\nJSON.parse(user_input)\n```\nWhere the `user_input` variable will have a JSON document like this:\n```json\n{\"json_class\":\"foo\"}\n```\nThe JSON gem will attempt to look up the constant \"foo\".  Looking up this constant will create a symbol.\n\nIn JSON version 1.7.x, objects with arbitrary attributes can be created using JSON documents like this:\n```json\n{\"json_class\":\"JSON::GenericObject\",\"foo\":\"bar\"}\n```\nThis document will result in an instance of `JSON::GenericObject`, with the attribute \"foo\" that has the value \"bar\".  Instantiating these objects will result in arbitrary symbol creation and in some cases can be used to bypass security measures.\n\nPLEASE NOTE: this behavior *does not change* when using `JSON.load`.  `JSON.load` should *never* be given input from unknown sources.  If you are processing JSON from an unknown source, *always* use `JSON.parse`.\n\n## References\n- https://www.ruby-lang.org/en/news/2013/02/22/json-dos-cve-2013-0269/\n- https://gist.github.com/rsierra/4943505\n",
        "functions": [],
        "from": [
          "[email protected]"
        ],
        "package": "json",
        "version": "1.0.0",
        "severity": "high",
        "exploitMaturity": "no-known-exploit",
        "language": "ruby",
        "packageManager": "rubygems",
        "semver": {
          "vulnerable": [
            "< 1.7.7, >= 1.7",
            "< 1.6.8, >= 1.6",
            "< 1.5.5"
          ]
        },
        "publicationTime": "2013-02-10T22:00:00Z",
        "disclosureTime": "2013-02-10T22:00:00Z",
        "isUpgradable": true,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2013-0269"
          ],
          "CWE": [
            "CWE-400"
          ],
          "OSVDB": [
            "OSVDB-90074"
          ]
        },
        "credit": [
          "Thomas Hollstegge",
          "Ben Murphy"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
        "cvssScore": 7.3,
        "patches": [],
        "upgradePath": [
          "[email protected]"
        ]
      },
      {
        "id": "SNYK-RUBY-JSON-20209",
        "url": "https://snyk.io/vuln/SNYK-RUBY-JSON-20209",
        "title": "Arbitrary Code Execution",
        "type": "vuln",
        "description": "## Overview\n\nThe [`json`](https://rubygems.org/gems/json) gem is a JSON implementation as a Ruby extension in C.\n\nAffected versions of this Gem contain an overflow condition. This is triggered when user-supplied input is not properly validated while handling specially crafted data. This can allow a remote attacker to cause a stack-based buffer overflow, resulting in a [denial of service](https://snyk.io/vuln/SNYK-RUBY-JSON-20000), or potentially allowing the execution of arbitrary code.\n\n## References\n\n- http://rubysec.com/advisories/OSVDB-101157\n",
        "functions": [],
        "from": [
          "[email protected]"
        ],
        "package": "json",
        "version": "1.0.0",
        "severity": "high",
        "exploitMaturity": "no-known-exploit",
        "language": "ruby",
        "packageManager": "rubygems",
        "semver": {
          "vulnerable": [
            "< 1.1.0"
          ]
        },
        "publicationTime": "2007-05-20T21:00:00Z",
        "disclosureTime": "2007-05-20T21:00:00Z",
        "isUpgradable": true,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [],
          "CWE": [
            "CWE-94"
          ],
          "OSVDB": [
            "OSVDB-101157-1"
          ]
        },
        "credit": [
          "Unknown"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "cvssScore": 7.5,
        "patches": [],
        "upgradePath": [
          "[email protected]"
        ]
      },
      {
        "id": "SNYK-RUBY-RACK-538324",
        "url": "https://snyk.io/vuln/SNYK-RUBY-RACK-538324",
        "title": "Information Exposure",
        "type": "vuln",
        "description": "## Overview\n\n[rack](https://rack.github.io/) is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.\n\n\nAffected versions of this package are vulnerable to Information Exposure.\nAttackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session.\n\n## Remediation\n\nUpgrade `rack` to version 1.6.12, 2.0.8 or higher.\n\n\n## References\n\n- [GitHub Fix Commit](https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38)\n\n- [GitHub Security Advisory](https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3)\n",
        "functions": [],
        "from": [
          "[email protected]",
          "[email protected]",
          "[email protected]"
        ],
        "package": "rack",
        "version": "2.0.1",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "ruby",
        "packageManager": "rubygems",
        "semver": {
          "vulnerable": [
            "<1.6.12",
            ">=2.0.0.alpha, <2.0.8"
          ]
        },
        "publicationTime": "2019-12-19T20:24:49Z",
        "disclosureTime": "2019-12-18T20:24:49Z",
        "isUpgradable": true,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2019-16782"
          ],
          "CWE": [
            "CWE-200"
          ]
        },
        "credit": [
          "Will Leinweber"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "cvssScore": 5.3,
        "patches": [],
        "upgradePath": [
          "[email protected]",
          "[email protected]",
          "[email protected]"
        ]
      },
      {
        "id": "SNYK-RUBY-RACK-72567",
        "url": "https://snyk.io/vuln/SNYK-RUBY-RACK-72567",
        "title": "Cross-site Scripting (XSS)",
        "type": "vuln",
        "description": "## Overview\n\n[rack](https://rack.github.io/) is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.\n\n\nAffected versions of this package are vulnerable to Cross-site Scripting (XSS)\nvia the `scheme` method on `Rack::Request`.\n\n## Remediation\n\nUpgrade `rack` to version 1.6.11, 2.0.6 or higher.\n\n\n## References\n\n- [GitHub Commit](https://github.com/rack/rack/commit/313dd6a05a5924ed6c82072299c53fed09e39ae7)\n\n- [Google Security Forum](https://groups.google.com/forum/#!msg/rubyonrails-security/GKsAFT924Ag/DYtk-Xl6AAAJ)\n\n- [RedHat Bugzilla Bug](https://bugzilla.redhat.com/show_bug.cgi?id=1646818)\n",
        "functions": [],
        "from": [
          "[email protected]",
          "[email protected]",
          "[email protected]"
        ],
        "package": "rack",
        "version": "2.0.1",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "ruby",
        "packageManager": "rubygems",
        "semver": {
          "vulnerable": [
            "<1.6.11",
            ">=2.0.0, <2.0.6"
          ]
        },
        "publicationTime": "2018-11-06T16:08:37Z",
        "disclosureTime": "2018-08-22T15:56:49Z",
        "isUpgradable": true,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2018-16470"
          ],
          "CWE": [
            "CWE-79"
          ]
        },
        "credit": [
          "Aaron Patterson"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "cvssScore": 6.1,
        "patches": [],
        "upgradePath": [
          "[email protected]",
          "[email protected]",
          "[email protected]"
        ]
      },
      {
        "id": "SNYK-RUBY-RACKCACHE-20031",
        "url": "https://snyk.io/vuln/SNYK-RUBY-RACKCACHE-20031",
        "title": "HTTP Header Caching Weakness",
        "type": "vuln",
        "description": "## Overview\n[rack-cache](https://rubygems.org/gems/rack-cache) enables HTTP caching for Rack-based applications.\nAffected versions of this gem contain a flaw related to the rubygem caching sensitive HTTP headers. This will result in a weakness that may make it easier for an attacker to gain access to a user's session via a specially crafted header.\n\n## References\n- http://rubysec.com/advisories/CVE-2012-2671\n",
        "functions": [],
        "from": [
          "[email protected]",
          "[email protected]"
        ],
        "package": "rack-cache",
        "version": "1.1",
        "severity": "high",
        "exploitMaturity": "no-known-exploit",
        "language": "ruby",
        "packageManager": "rubygems",
        "semver": {
          "vulnerable": [
            "< 1.2"
          ]
        },
        "publicationTime": "2012-06-05T21:00:00Z",
        "disclosureTime": "2012-06-05T21:00:00Z",
        "isUpgradable": true,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2012-2671"
          ],
          "CWE": [
            "CWE-444"
          ],
          "OSVDB": [
            "OSVDB-83077"
          ]
        },
        "credit": [
          "Unknown"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
        "cvssScore": 7.3,
        "patches": [],
        "upgradePath": [
          "[email protected]",
          "[email protected]"
        ]
      },
      {
        "id": "SNYK-RUBY-REDISSTORE-20452",
        "url": "https://snyk.io/vuln/SNYK-RUBY-REDISSTORE-20452",
        "title": "Deserialization of Untrusted Data",
        "type": "vuln",
        "description": "## Overview\n[`redis-store`](https://rubygems.org/gems/redis-store) is a namespaced Rack::Session, Rack::Cache, I18n and cache Redis stores for Ruby web frameworks.\n\nAffected versions of the package are vulnerable to Deserialization of Untrusted Data.\n\n# Details\nSerialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like _Remote Method Invocation (RMI)_, _Java Management Extension (JMX)_, _Java Messaging System (JMS)_, _Action Message Format (AMF)_, _Java Server Faces (JSF) ViewState_, etc.\n\n_Deserialization of untrusted data_ ([CWE-502](https://cwe.mitre.org/data/definitions/502.html)), is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution.\n\nAn attacker just needs to identify a piece of software that has both a vulnerable class on its path, and performs deserialization on untrusted data. Then all they need to do is send the payload into the deserializer, getting the command executed.\n\n## Remediation\nUpgrade `redis-store` to version 1.4.0 or higher.\n\n## References\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2017-1000248)\n- [GitHub PR](https://github.com/redis-store/redis-store/pull/290)\n- [GitHub Issue](https://github.com/redis-store/redis-store/issues/289)\n- [GitHub Commit](https://github.com/redis-store/redis-store/commit/e0c1398d54a9661c8c70267c3a925ba6b192142e)\n",
        "functions": [],
        "from": [
          "[email protected]",
          "[email protected]"
        ],
        "package": "redis-store",
        "version": "1.1.0",
        "severity": "critical",
        "exploitMaturity": "no-known-exploit",
        "language": "ruby",
        "packageManager": "rubygems",
        "semver": {
          "vulnerable": [
            "<1.4.0"
          ]
        },
        "publicationTime": "2017-12-07T09:52:33.659000Z",
        "disclosureTime": "2017-08-10T21:00:00Z",
        "isUpgradable": true,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2017-1000248"
          ],
          "CWE": [
            "CWE-502"
          ]
        },
        "credit": [
          "Dylan Katz"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "cvssScore": 9.8,
        "patches": [],
        "upgradePath": [
          "[email protected]",
          "[email protected]"
        ]
      }
    ],
    "licenses": []
  },
  "dependencyCount": 6,
  "org": {
    "name": "atokeneduser",
    "id": "4a18d42f-0706-4ad0-b127-24078731fbed"
  },
  "licensesPolicy": null,
  "packageManager": "rubygems"
}

Test for issues in a public gem by name and version

get

Test for issues in rubygems packages and applications.You can test rubygems packages for issues according to their name and version.

Required permissions

View Organization
Test Packages

Path parameters

gemNamestringRequired

The gem name.

Example: rails-html-sanitizer

versionstringRequired

The gem version to test.

Example: 1.0.3

Query parameters

orgstringOptional

The organization to test the package with. See "The Snyk organization for a request" above.

Example: 4a18d42f-0706-4ad0-b127-24078731fbed

Responses

200Success

application/json

get

/test/rubygems/{gemName}/{version}

GET /v1/test/rubygems/{gemName}/{version} HTTP/1.1
Host: api.snyk.io
Accept: */*

200Success

{
  "ok": false,
  "issues": {
    "vulnerabilities": [
      {
        "id": "SNYK-RUBY-RAILSHTMLSANITIZER-22025",
        "url": "https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-22025",
        "title": "Cross-site Scripting (XSS)",
        "type": "vuln",
        "description": "## Overview\n[rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer)\n\nAffected versions of this package are vulnerable to Cross-site Scripting (XSS). The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications.\n\nThis issue is similar to [CVE-2018-8048](https://snyk.io/vuln/SNYK-RUBY-LOOFAH-22023) in Loofah.\n\n## Details\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\r\n\r\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.\r\n\r\nֿInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\r\n\r\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as  `&lt`; and `>` can be coded as `&gt`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.\r\n \r\nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. \r\n\r\n### Types of attacks\r\nThere are a few methods by which XSS can be manipulated:\r\n\r\n|Type|Origin|Description|\r\n|--|--|--|\r\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\r\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.| \r\n|**DOM-based**|Client|The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\r\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\r\n\r\n### Affected environments\r\nThe following environments are susceptible to an XSS attack:\r\n\r\n* Web servers\r\n* Application servers\r\n* Web application environments\r\n\r\n### How to prevent\r\nThis section describes the top best practices designed to specifically protect your code: \r\n\r\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. \r\n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents. \r\n* Give users the option to disable client-side scripts.\r\n* Redirect invalid requests.\r\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\r\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\r\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.\n\n\n## Remediation\nUpgrade `rails-html-sanitizer` to version 1.0.4 or higher.\n\n## References\n- [Ruby on Rails Security Google Forum](https://groups.google.com/d/msg/rubyonrails-security/tP7W3kLc5u4/uDy2Br7xBgAJ)\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2018-3741)\n",
        "functions": [],
        "from": [
          "[email protected]"
        ],
        "package": "rails-html-sanitizer",
        "version": "1.0.3",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "ruby",
        "packageManager": "rubygems",
        "semver": {
          "vulnerable": [
            "<1.0.4"
          ]
        },
        "publicationTime": "2018-03-27T07:42:10.777000Z",
        "disclosureTime": "2018-03-22T21:46:15.453000Z",
        "isUpgradable": true,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2018-3741"
          ],
          "CWE": [
            "CWE-79"
          ]
        },
        "credit": [
          "Kaarlo Haikonen"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "cvssScore": 6.1,
        "patches": [],
        "upgradePath": [
          "[email protected]"
        ]
      }
    ],
    "licenses": []
  },
  "dependencyCount": 5,
  "org": {
    "name": "atokeneduser",
    "id": "4a18d42f-0706-4ad0-b127-24078731fbed"
  },
  "licensesPolicy": null,
  "packageManager": "rubygems"
}

Test requirements.txt file

post

Test for issues in pip files.You can test your pip packages for issues according to their manifest file using this action. It takes a JSON object containing a the "target" requirements.txt.

Required permissions

View Organization
Test Packages

Query parameters

orgstringOptional

The organization to test the package with. See "The Snyk organization for a request" above.

Example: 9695cbb1-3a87-4d6f-8ae1-61a1c37ee9f7

Body

and

anyOptionalExample: {"encoding":"plain","files":{"target":{"contents":"supervisor==3.1\\noauth2==1.5.211"}}}

Responses

200Success

application/json

post

/test/pip

POST /v1/test/pip HTTP/1.1
Host: api.snyk.io
Content-Type: application/json
Accept: */*
Content-Length: 88

{
  "encoding": "plain",
  "files": {
    "target": {
      "contents": "supervisor==3.1\\noauth2==1.5.211"
    }
  }
}

200Success

{
  "ok": false,
  "issues": {
    "vulnerabilities": [
      {
        "id": "SNYK-PYTHON-OAUTH2-40013",
        "url": "https://snyk.io/vuln/SNYK-PYTHON-OAUTH2-40013",
        "title": "Replay Attack",
        "type": "vuln",
        "description": "## Overview\n[`oauth2`](https://pypi.python.org/pypi/oauth2) is a library for OAuth version 1.9\nThe Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.\n\n\n## Remediation\nUpgrade to version `1.9rc1` or greater.\n\n\n## References\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2013-4346)\n- [Bugzilla redhat](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4346)\n- [GitHub Issue](https://github.com/simplegeo/python-oauth2/issues/129)\n\n",
        "functions": [],
        "from": [
          "[email protected]"
        ],
        "package": "oauth2",
        "version": "1.5.211",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "python",
        "packageManager": "pip",
        "semver": {
          "vulnerable": [
            "[,1.9rc1)"
          ]
        },
        "publicationTime": "2013-02-05T12:31:58Z",
        "disclosureTime": "2013-02-05T12:31:58Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": true,
        "identifiers": {
          "CVE": [
            "CVE-2013-4346"
          ],
          "CWE": [
            "CWE-310"
          ]
        },
        "credit": [
          "André Cruz"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
        "cvssScore": 4.3,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PYTHON-OAUTH2-40014",
        "url": "https://snyk.io/vuln/SNYK-PYTHON-OAUTH2-40014",
        "title": "Insecure Randomness",
        "type": "vuln",
        "description": "## Overview\n[`oauth2`](https://pypi.python.org/pypi/oauth2) is a library for OAuth version 1.9\n\n\nAffected versions of this package are vulnerable to Insecure Randomness.\nThe (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.\n\n\n## Remediation\nUpgrade to version `1.9rc1` or greater.\n\n\n## References\n- [Redhat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4347)\n- [GitHub Issue](https://github.com/simplegeo/python-oauth2/issues/9)\n- [Openwall](http://www.openwall.com/lists/oss-security/2013/09/12/7)\n- [GitHub PR](https://github.com/simplegeo/python-oauth2/pull/146)\n\n",
        "functions": [],
        "from": [
          "[email protected]"
        ],
        "package": "oauth2",
        "version": "1.5.211",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "python",
        "packageManager": "pip",
        "semver": {
          "vulnerable": [
            "[,1.9rc1)"
          ]
        },
        "publicationTime": "2017-04-13T12:31:58Z",
        "disclosureTime": "2014-05-20T14:55:00Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": true,
        "identifiers": {
          "CVE": [
            "CVE-2013-4347"
          ],
          "CWE": [
            "CWE-310"
          ]
        },
        "credit": [
          "Unknown"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
        "cvssScore": 5.4,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PYTHON-SUPERVISOR-40610",
        "url": "https://snyk.io/vuln/SNYK-PYTHON-SUPERVISOR-40610",
        "title": "Arbitrary Command Execution",
        "type": "vuln",
        "description": "## Overview\n[`supervisor`](https://pypi.python.org/pypi/supervisor/) is a client/server system that allows its users to monitor and control a number of processes on UNIX-like operating systems.\n\n\nAffected versions of the package are vulnerable to Arbitrary Command Execution. A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to `supervisord` that will run arbitrary shell commands on the server. The commands will be run as the same user as `supervisord`. Depending on how `supervisord` has been configured, this may be root.\n\n\n## Details\n* `supervisord` is the server component and is responsible for starting child processes, responding to commands from clients, and other commands.\n* `supervisorctl` is the command line component, providing a shell-like interface to the features provided by `supervisord`.\n\n\n`supervisord` can be configured to run an HTTP server on a TCP socket and/or a Unix domain socket. This HTTP server is how `supervisorctl` communicates with `supervisord`. If an HTTP server has been enabled, it will always serve both HTML pages and an XML-RPC interface. A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to `supervisord` that will run arbitrary shell commands on the server. The commands will be run as the same user as `supervisord`. Depending on how `supervisord` has been configured, this may be root.\nThis vulnerability can only be exploited by an authenticated client or if `supervisord` has been configured to run an HTTP server without authentication. If authentication has not been enabled, `supervisord` will log a message at the critical level every time it starts.\n\n\n## PoC by Maor Shwartz\n\n\nCreate a config file `supervisord.conf`:\n\n\n```conf\n[supervisord]\nloglevel = trace\n\n\n[inet_http_server]\nport = 127.0.0.1:9001\n\n\n[rpcinterface:supervisor]\nsupervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface\n```\n\n\nStart supervisord in the foreground with that config file:\n\n\n```\n$ supervisord -n -c supervisord.conf\n```\n\n\nIn a new terminal:\n\n\n```py\n$ python2\n>>> from xmlrpclib import ServerProxy\n>>> server = ServerProxy('http://127.0.0.1:9001/RPC2')\n>>> server.supervisor.supervisord.options.execve('/bin/sh', [], {})\n\n  ```\n\n\n\nIf the `supervisord` version is vulnerable, the `execve` will be executed and the `supervisord` process will be replaced with /bin/sh (or any other command given). If the `supervisord` version is not vulnerable, it will return an `UNKNOWN_METHOD` fault.\n\n\n\n\n## Remediation\nUpgrade `supervisor` to version 3.3.3 or higher.\n\n\n## References\n- [Github Issue](https://github.com/Supervisor/supervisor/issues/964)\n- [Github Commit 3.0.1](https://github.com/Supervisor/supervisor/commit/83060f3383ebd26add094398174f1de34cf7b7f0)\n- [Github Commit 3.1.4](https://github.com/Supervisor/supervisor/commit/dbe0f55871a122eac75760aef511efc3a8830b88)\n- [Github Commit 3.2.4](https://github.com/Supervisor/supervisor/commit/aac3c21893cab7361f5c35c8e20341b298f6462e)\n- [Github Commit 3.3.3](https://github.com/Supervisor/supervisor/commit/058f46141e346b18dee0497ba11203cb81ecb19e)",
        "functions": [],
        "from": [
          "[email protected]"
        ],
        "package": "supervisor",
        "version": "3.1.0",
        "severity": "high",
        "exploitMaturity": "mature",
        "language": "python",
        "packageManager": "pip",
        "semver": {
          "vulnerable": [
            "[3.0a1,3.0.1)",
            "[3.1.0,3.1.4)",
            "[3.2.0,3.2.4)",
            "[3.3.0,3.3.3)"
          ]
        },
        "publicationTime": "2017-08-08T06:59:14Z",
        "disclosureTime": "2017-07-18T21:00:00Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": true,
        "identifiers": {
          "CVE": [
            "CVE-2017-11610"
          ],
          "CWE": [
            "CWE-94"
          ]
        },
        "credit": [
          "Maor Shwartz"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C",
        "cvssScore": 8.8,
        "patches": [],
        "upgradePath": []
      }
    ],
    "licenses": []
  },
  "dependencyCount": 4,
  "org": {
    "name": "atokeneduser",
    "id": "4a18d42f-0706-4ad0-b127-24078731fbed"
  },
  "licensesPolicy": null,
  "packageManager": "pip"
}

pip_Test for issues in a public package by name and version

get

Test for issues in pip files.You can test pip packages for issues according to their name and version.

Required permissions

View Organization
Test Packages

Path parameters

packageNamestringRequired

The package name.

Example: rsa

versionstringRequired

The Package version to test.

Example: 3.3

Query parameters

orgstringOptional

The organization to test the package with. See "The Snyk organization for a request" above.

Example: 9695cbb1-3a87-4d6f-8ae1-61a1c37ee9f7

Responses

200Success

application/json

get

/test/pip/{packageName}/{version}

GET /v1/test/pip/{packageName}/{version} HTTP/1.1
Host: api.snyk.io
Accept: */*

200Success

{
  "ok": false,
  "issues": {
    "vulnerabilities": [
      {
        "id": "SNYK-PYTHON-RSA-40541",
        "url": "https://snyk.io/vuln/SNYK-PYTHON-RSA-40541",
        "title": "Timing Attack",
        "type": "vuln",
        "description": "## Overview\n[`rsa`](https://pypi.python.org/pypi/rsa) is a Pure-Python RSA implementation.\n\nAffected versions of this package are vulnerable to Timing attacks.\n\n## References\n- [GitHub Issue](https://github.com/sybrenstuvel/python-rsa/issues/19)\n- [GitHub Commit](https://github.com/sybrenstuvel/python-rsa/commit/2310b34bdb530e0bad793d42f589c9f848ff181b)\n",
        "functions": [],
        "from": [
          "[email protected]"
        ],
        "package": "rsa",
        "version": "3.3",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "python",
        "packageManager": "pip",
        "semver": {
          "vulnerable": [
            "[3.0,3.4.0)"
          ]
        },
        "publicationTime": "2013-11-15T02:34:45.265000Z",
        "disclosureTime": "2013-11-15T02:34:45.265000Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": true,
        "identifiers": {
          "CVE": [],
          "CWE": [
            "CWE-208"
          ]
        },
        "credit": [
          "Manuel Aude Morales"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "cvssScore": 5.3,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PYTHON-RSA-40542",
        "url": "https://snyk.io/vuln/SNYK-PYTHON-RSA-40542",
        "title": "Authentication Bypass",
        "type": "vuln",
        "description": "## Overview\n[`rsa`](https://pypi.python.org/pypi/rsa) is a Pure-Python RSA implementation.\n\nAffected versions of this package are vulnerable to Authentication Bypass due to not implementing authentication encryption or use MACs to validate messages before decrypting public key encrypted messages.\n\n## References\n- [GitHub Issue](https://github.com/sybrenstuvel/python-rsa/issues/13)\n- [GitHub Commit](https://github.com/sybrenstuvel/python-rsa/commit/1681a0b2f84a4a252c71b87de870a2816de06fdf)\n",
        "functions": [],
        "from": [
          "[email protected]"
        ],
        "package": "rsa",
        "version": "3.3",
        "severity": "high",
        "exploitMaturity": "no-known-exploit",
        "language": "python",
        "packageManager": "pip",
        "semver": {
          "vulnerable": [
            "[3.0,3.4)"
          ]
        },
        "publicationTime": "2012-12-07T03:15:00.052000Z",
        "disclosureTime": "2012-12-07T03:15:00.052000Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": true,
        "identifiers": {
          "CVE": [],
          "CWE": [
            "CWE-287"
          ]
        },
        "credit": [
          "Sergio Lerner"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "cvssScore": 7.5,
        "patches": [],
        "upgradePath": []
      }
    ],
    "licenses": []
  },
  "dependencyCount": 2,
  "org": {
    "name": "gitphill",
    "id": "229b76f3-802c-4553-aa1d-01d4d86f7f61"
  },
  "licensesPolicy": null,
  "packageManager": "pip"
}

Test package.json & package-lock.json File

post

Test for issues in npm files.You can test your npm packages for issues according to their manifest file & optional lockfile using this action. It takes a JSON object containing a "target" package.json and optionally a package-lock.json.

Required permissions

View Organization
Test Packages

Query parameters

orgstringOptional

The organization to test the package with. See "The Snyk organization for a request" above.

Example: 9695cbb1-3a87-4d6f-8ae1-61a1c37ee9f7

Body

and

anyOptionalExample:

{"encoding":"plain","files":{"target":{"contents":"eyAibmFtZSI6ICJzaGFsbG93LWdvb2YiLCAidmVyc2lvbiI6ICIwLjAuMSIsICJkZXNjcmlwdGlvbiI6ICJBIHZ1bG5lcmFibGUgZGVtbyBhcHBsaWNhdGlvbiIsICJob21lcGFnZSI6ICJodHRwczovL3NueWsuaW8vIiwgInJlcG9zaXRvcnkiOiB7ICJ0eXBlIjogImdpdCIsICJ1cmwiOiAiaHR0cHM6Ly9naXRodWIuY29tL1NueWsvc2hhbGxvdy1nb29mIiB9LCAiZGVwZW5kZW5jaWVzIjogeyAibm9kZS11dWlkIjogIjEuNC4wIiwgInFzIjogIjAuMC42IiB9IH0K"},"additional":[{"contents":"eyAibmFtZSI6ICJzaGFsbG93LWdvb2YiLCAidmVyc2lvbiI6ICIwLjAuMSIsICJsb2NrZmlsZVZlcnNpb24iOiAxLCAicmVxdWlyZXMiOiB0cnVlLCAiZGVwZW5kZW5jaWVzIjogeyAibm9kZS11dWlkIjogeyAidmVyc2lvbiI6ICIxLjQuMCIsICJyZXNvbHZlZCI6ICJodHRwczovL3JlZ2lzdHJ5Lm5wbWpzLm9yZy9ub2RlLXV1aWQvLS9ub2RlLXV1aWQtMS40LjAudGd6IiwgImludGVncml0eSI6ICJzaGExLUIvbXlNM1Z5LzJKMXgzWGgxSVVUODZSZGVtVT0iIH0sICJxcyI6IHsgInZlcnNpb24iOiAiMC4wLjYiLCAicmVzb2x2ZWQiOiAiaHR0cHM6Ly9yZWdpc3RyeS5ucG1qcy5vcmcvcXMvLS9xcy0wLjAuNi50Z3oiLCAiaW50ZWdyaXR5IjogInNoYTEtU0JaWnQrVy9hbDZvbUFFTjVhN1RYclJwNFNRPSIgfSB9IH0K"}]}}

Responses

200Success

application/json

post

/test/npm

POST /v1/test/npm HTTP/1.1
Host: api.snyk.io
Content-Type: application/json
Accept: */*
Content-Length: 982

{
  "encoding": "plain",
  "files": {
    "target": {
      "contents": "eyAibmFtZSI6ICJzaGFsbG93LWdvb2YiLCAidmVyc2lvbiI6ICIwLjAuMSIsICJkZXNjcmlwdGlvbiI6ICJBIHZ1bG5lcmFibGUgZGVtbyBhcHBsaWNhdGlvbiIsICJob21lcGFnZSI6ICJodHRwczovL3NueWsuaW8vIiwgInJlcG9zaXRvcnkiOiB7ICJ0eXBlIjogImdpdCIsICJ1cmwiOiAiaHR0cHM6Ly9naXRodWIuY29tL1NueWsvc2hhbGxvdy1nb29mIiB9LCAiZGVwZW5kZW5jaWVzIjogeyAibm9kZS11dWlkIjogIjEuNC4wIiwgInFzIjogIjAuMC42IiB9IH0K"
    },
    "additional": [
      {
        "contents": "eyAibmFtZSI6ICJzaGFsbG93LWdvb2YiLCAidmVyc2lvbiI6ICIwLjAuMSIsICJsb2NrZmlsZVZlcnNpb24iOiAxLCAicmVxdWlyZXMiOiB0cnVlLCAiZGVwZW5kZW5jaWVzIjogeyAibm9kZS11dWlkIjogeyAidmVyc2lvbiI6ICIxLjQuMCIsICJyZXNvbHZlZCI6ICJodHRwczovL3JlZ2lzdHJ5Lm5wbWpzLm9yZy9ub2RlLXV1aWQvLS9ub2RlLXV1aWQtMS40LjAudGd6IiwgImludGVncml0eSI6ICJzaGExLUIvbXlNM1Z5LzJKMXgzWGgxSVVUODZSZGVtVT0iIH0sICJxcyI6IHsgInZlcnNpb24iOiAiMC4wLjYiLCAicmVzb2x2ZWQiOiAiaHR0cHM6Ly9yZWdpc3RyeS5ucG1qcy5vcmcvcXMvLS9xcy0wLjAuNi50Z3oiLCAiaW50ZWdyaXR5IjogInNoYTEtU0JaWnQrVy9hbDZvbUFFTjVhN1RYclJwNFNRPSIgfSB9IH0K"
      }
    ]
  }
}

200Success

{
  "ok": true,
  "issues": {
    "vulnerabilities": [
      {
        "id": "npm:node-uuid:20160328",
        "url": "https://snyk.io/vuln/npm:node-uuid:20160328",
        "title": "Insecure Randomness",
        "type": "vuln",
        "description": "## Overview\n[`node-uuid`](https://github.com/kelektiv/node-uuid) is a Simple, fast generation of RFC4122 UUIDS.\n\nAffected versions of this package are vulnerable to Insecure Randomness. It uses the cryptographically insecure `Math.random` which can produce predictable values and should not be used in security-sensitive context.\n\n## Remediation\nUpgrade `node-uuid` to version 1.4.4 or greater.\n\n## References\n- [GitHub Issue](https://github.com/broofa/node-uuid/issues/108)\n- [GitHub Issue 2](https://github.com/broofa/node-uuid/issues/122)\n",
        "functions": [],
        "from": [
          "[email protected]"
        ],
        "package": "node-uuid",
        "version": "1.4.0",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "js",
        "packageManager": "npm",
        "semver": {
          "vulnerable": [
            "<1.4.4"
          ]
        },
        "publicationTime": "2016-03-28T22:00:02.566000Z",
        "disclosureTime": "2016-03-28T21:29:30Z",
        "isUpgradable": true,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "ALTERNATIVE": [
            "SNYK-JS-NODEUUID-10089"
          ],
          "CVE": [],
          "CWE": [
            "CWE-330"
          ],
          "NSP": [
            93
          ]
        },
        "credit": [
          "Fedot Praslov"
        ],
        "CVSSv3": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "cvssScore": 4.2,
        "patches": [
          {
            "comments": [],
            "id": "patch:npm:node-uuid:20160328:0",
            "modificationTime": "2019-12-03T11:40:45.815314Z",
            "urls": [
              "https://snyk-patches.s3.amazonaws.com/npm/node-uuid/20160328/node-uuid_20160328_0_0_616ad3800f35cf58089215f420db9654801a5a02.patch"
            ],
            "version": "<=1.4.3 >=1.4.2"
          }
        ],
        "upgradePath": [
          "[email protected]"
        ]
      }
    ],
    "licenses": [
      "text"
    ]
  },
  "dependencyCount": 1,
  "org": {
    "name": "atokeneduser",
    "id": "689ce7f9-7943-4a71-b704-2ba575f01089"
  },
  "licensesPolicy": "text",
  "packageManager": "text"
}

Test for issues in a public package by name and version

get

Test for issues in npm files.You can test npm packages for issues according to their name and version.

Required permissions

View Organization
Test Packages

Path parameters

packageNamestringRequired

The package name. For scoped packages, must be url-encoded, so to test "@angular/core" version 4.3.2, one should GET /test/npm/%40angular%2Fcore/4.3.2.

Example: ms

versionstringRequired

The Package version to test.

Example: 0.7.0

Query parameters

orgstringOptional

The organization to test the package with. See "The Snyk organization for a request" above.

Example: 9695cbb1-3a87-4d6f-8ae1-61a1c37ee9f7

Responses

200Success

application/json

get

/test/npm/{packageName}/{version}

GET /v1/test/npm/{packageName}/{version} HTTP/1.1
Host: api.snyk.io
Accept: */*

200Success

{
  "ok": false,
  "issues": {
    "vulnerabilities": [
      {
        "id": "npm:ms:20151024",
        "url": "https://snyk.io/vuln/npm:ms:20151024",
        "title": "Regular Expression Denial of Service (ReDoS)",
        "type": "vuln",
        "description": "## Overview\n\n[ms](https://www.npmjs.com/package/ms) is a tiny millisecond conversion utility.\n\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS)\nattack when converting a time period string (i.e. `\"2 days\"`, `\"1h\"`) into a milliseconds integer. A malicious user could pass extremely long strings to `ms()`, causing the server to take a long time to process, subsequently blocking the event loop for that extended period.\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\n\n\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\n\n\nLet’s take the following regular expression as an example:\n```js\nregex = /A(B|C+)+D/\n```\n\n\nThis regular expression accomplishes the following:\n- `A` The string must start with the letter 'A'\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\n- `D` Finally, we ensure this section of the string ends with a 'D'\n\n\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\n\n\nIt most cases, it doesn't take very long for a regex engine to find a match:\n\n\n```bash\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\n0.04s user 0.01s system 95% cpu 0.052 total\n\n\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\n1.79s user 0.02s system 99% cpu 1.812 total\n```\n\n\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\n\n\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\n\n\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\n1. CCC\n2. CC+C\n3. C+CC\n4. C+C+C.\n\n\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\n\n\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\n\n\n| String | Number of C's | Number of steps |\n| -------|-------------:| -----:|\n| ACCCX | 3 | 38\n| ACCCCX | 4 | 71\n| ACCCCCX | 5 | 136\n| ACCCCCCCCCCCCCCX | 14 | 65,553\n\n\n\n\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\n\nUpgrade `ms` to version 0.7.1 or higher.\n\n\n## References\n\n- [OSS Security advisory](https://www.openwall.com/lists/oss-security/2016/04/20/11)\n\n- [OWASP - ReDoS](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS)\n\n- [Security Focus](https://www.securityfocus.com/bid/96389)\n",
        "functions": [
          {
            "functionId": {
              "filePath": "ms.js",
              "functionName": "parse"
            },
            "version": [
              ">0.1.0 <=0.3.0"
            ]
          },
          {
            "functionId": {
              "filePath": "index.js",
              "functionName": "parse"
            },
            "version": [
              ">0.3.0 <0.7.1"
            ]
          }
        ],
        "from": [
          "[email protected]"
        ],
        "package": "ms",
        "version": "0.7.0",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "js",
        "packageManager": "npm",
        "semver": {
          "vulnerable": [
            "<0.7.1"
          ]
        },
        "publicationTime": "2015-11-06T02:09:36Z",
        "disclosureTime": "2015-10-24T20:39:59Z",
        "isUpgradable": true,
        "isPatchable": true,
        "isPinnable": false,
        "identifiers": {
          "ALTERNATIVE": [
            "SNYK-JS-MS-10064"
          ],
          "CVE": [
            "CVE-2015-8315"
          ],
          "CWE": [
            "CWE-400"
          ],
          "NSP": [
            46
          ]
        },
        "credit": [
          "Adam Baldwin"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "cvssScore": 5.3,
        "patches": [
          {
            "comments": [],
            "id": "patch:npm:ms:20151024:5",
            "modificationTime": "2019-12-03T11:40:45.777474Z",
            "urls": [
              "https://snyk-patches.s3.amazonaws.com/npm/ms/20151024/ms_20151024_5_0_48701f029417faf65e6f5e0b61a3cebe5436b07b_snyk5.patch"
            ],
            "version": "=0.1.0"
          },
          {
            "comments": [],
            "id": "patch:npm:ms:20151024:4",
            "modificationTime": "2019-12-03T11:40:45.776329Z",
            "urls": [
              "https://snyk-patches.s3.amazonaws.com/npm/ms/20151024/ms_20151024_4_0_48701f029417faf65e6f5e0b61a3cebe5436b07b_snyk4.patch"
            ],
            "version": "=0.2.0"
          },
          {
            "comments": [],
            "id": "patch:npm:ms:20151024:3",
            "modificationTime": "2019-12-03T11:40:45.775292Z",
            "urls": [
              "https://snyk-patches.s3.amazonaws.com/npm/ms/20151024/ms_20151024_3_0_48701f029417faf65e6f5e0b61a3cebe5436b07b_snyk3.patch"
            ],
            "version": "=0.3.0"
          },
          {
            "comments": [],
            "id": "patch:npm:ms:20151024:2",
            "modificationTime": "2019-12-03T11:40:45.774221Z",
            "urls": [
              "https://snyk-patches.s3.amazonaws.com/npm/ms/20151024/ms_20151024_2_0_48701f029417faf65e6f5e0b61a3cebe5436b07b_snyk2.patch"
            ],
            "version": "<0.6.0 >0.3.0"
          },
          {
            "comments": [],
            "id": "patch:npm:ms:20151024:1",
            "modificationTime": "2019-12-03T11:40:45.773094Z",
            "urls": [
              "https://snyk-patches.s3.amazonaws.com/npm/ms/20151024/ms_20151024_1_0_48701f029417faf65e6f5e0b61a3cebe5436b07b_snyk.patch"
            ],
            "version": "<0.7.0 >=0.6.0"
          },
          {
            "comments": [],
            "id": "patch:npm:ms:20151024:0",
            "modificationTime": "2019-12-03T11:40:45.772009Z",
            "urls": [
              "https://snyk-patches.s3.amazonaws.com/npm/ms/20151024/ms_20151024_0_0_48701f029417faf65e6f5e0b61a3cebe5436b07b.patch"
            ],
            "version": "=0.7.0"
          }
        ],
        "upgradePath": [
          "[email protected]"
        ]
      }
    ],
    "licenses": []
  },
  "dependencyCount": 1,
  "org": {
    "name": "atokeneduser",
    "id": "4a18d42f-0706-4ad0-b127-24078731fbed"
  },
  "licensesPolicy": null,
  "packageManager": "npm"
}

Test maven file

post

Test for issues in Maven files.You can test your Maven packages for issues according to their manifest file using this action. It takes a JSON object containing a the "target" pom.xml.

Additional manifest files, if they are needed, like parent pom.xml files, child poms, etc., according the the definitions in the target pom.xml file, should be supplied in the additional body parameter.

Required permissions

View Organization
Test Packages

Query parameters

orgstringOptional

The organization to test the package with. See "The Snyk organization for a request" above.

Example: 9695cbb1-3a87-4d6f-8ae1-61a1c37ee9f7

repositorystringOptional

The Maven repository hosting this package. The default value is Maven Central. More than one value is supported, in order.

Example: https://repo1.maven.org/maven2

Body

and

anyOptionalExample:

{"encoding":"plain","files":{"target":{"contents":"<project xmlns=\"http://maven.apache.org/POM/4.0.0\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"  xsi:schemaLocation=\"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd\"> <modelVersion>4.0.0</modelVersion> <parent> <artifactId>io.snyk.example</artifactId> <groupId>parent</groupId> <version>1.0-SNAPSHOT</version> </parent> <artifactId>my-project</artifactId> <dependencies> <dependency> <groupId>axis</groupId> <artifactId>axis</artifactId> <version>1.4</version> </dependency> </dependencies> </project>\\n"},"additional":[{"contents":"<project xmlns=\"http://maven.apache.org/POM/4.0.0\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"  xsi:schemaLocation=\"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd\"> <modelVersion>4.0.0</modelVersion> <artifactId>io.snyk.example</artifactId> <groupId>parent</groupId> <version>1.0-SNAPSHOT</version> <dependencies> <dependency> <groupId>org.apache.zookeeper</groupId> <artifactId>zookeeper</artifactId> <version>3.5</version> </dependency> <dependency> <groupId>org.aspectj</groupId> <artifactId>aspectjweaver</artifactId> <version>1.8.2</version> </dependency> </dependencies> </project>\\n"}]}}

Responses

200Success

application/json

post

/test/maven

POST /v1/test/maven HTTP/1.1
Host: api.snyk.io
Content-Type: application/json
Accept: */*
Content-Length: 1266

{
  "encoding": "plain",
  "files": {
    "target": {
      "contents": "<project xmlns=\"http://maven.apache.org/POM/4.0.0\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"  xsi:schemaLocation=\"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd\"> <modelVersion>4.0.0</modelVersion> <parent> <artifactId>io.snyk.example</artifactId> <groupId>parent</groupId> <version>1.0-SNAPSHOT</version> </parent> <artifactId>my-project</artifactId> <dependencies> <dependency> <groupId>axis</groupId> <artifactId>axis</artifactId> <version>1.4</version> </dependency> </dependencies> </project>\\n"
    },
    "additional": [
      {
        "contents": "<project xmlns=\"http://maven.apache.org/POM/4.0.0\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"  xsi:schemaLocation=\"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd\"> <modelVersion>4.0.0</modelVersion> <artifactId>io.snyk.example</artifactId> <groupId>parent</groupId> <version>1.0-SNAPSHOT</version> <dependencies> <dependency> <groupId>org.apache.zookeeper</groupId> <artifactId>zookeeper</artifactId> <version>3.5</version> </dependency> <dependency> <groupId>org.aspectj</groupId> <artifactId>aspectjweaver</artifactId> <version>1.8.2</version> </dependency> </dependencies> </project>\\n"
      }
    ]
  }
}

200Success

{
  "ok": true,
  "issues": {
    "vulnerabilities": [
      {
        "id": "SNYK-JAVA-AXIS-30071",
        "url": "https://snyk.io/vuln/SNYK-JAVA-AXIS-30071",
        "title": "Man-in-the-Middle (MitM)",
        "type": "vuln",
        "description": "## Overview\n\n[axis:axis](https://search.maven.org/search?q=g:axis) is an implementation of the SOAP (\"Simple Object Access Protocol\") submission to W3C.\n\n\nAffected versions of this package are vulnerable to Man-in-the-Middle (MitM).\nIt does not verify the requesting server's hostname against existing domain names in the SSL Certificate. \r\n\r\n## Details\r\nThe `getCN` function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's `Common Name (CN)` or `subjectAltName` field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field.  \r\n\r\n**NOTE:** this issue exists because of an incomplete fix for [CVE-2012-5784](https://snyk.io/vuln/SNYK-JAVA-AXIS-30189).\n\n## Remediation\n\nThere is no fixed version for `axis:axis`.\n\n\n## References\n\n- [Axis Issue](https://issues.apache.org/jira/browse/AXIS-2905)\n\n- [NVD](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3596)\n\n- [Redhat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3596)\n",
        "functions": [],
        "from": [
          "axis:[email protected]"
        ],
        "package": "axis:axis",
        "version": "1.4",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "java",
        "packageManager": "maven",
        "semver": {
          "vulnerable": [
            "[0,]"
          ]
        },
        "publicationTime": "2014-08-18T16:51:53Z",
        "disclosureTime": "2014-08-18T16:51:53Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2014-3596"
          ],
          "CWE": [
            "CWE-297"
          ]
        },
        "credit": [
          "David Jorm",
          "Arun Neelicattu"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
        "cvssScore": 5.4,
        "patches": [],
        "upgradePath": []
      }
    ],
    "licenses": [
      "text"
    ]
  },
  "dependencyCount": 1,
  "org": {
    "name": "atokeneduser",
    "id": "689ce7f9-7943-4a71-b704-2ba575f01089"
  },
  "licensesPolicy": "text",
  "packageManager": "text"
}

Test for issues in a public package by group id, artifact id and version

get

Test for issues in Maven files.You can test maven packages for issues according to their coordinates: group ID, artifact ID and version. The repository hosting the package may also be customized (see the repository query parameter).

Required permissions

View Organization
Test Packages

Path parameters

groupIdstringRequired

The package's group ID.

Example: org.apache.flex.blazeds

artifactIdstringRequired

The package's artifact ID.

Example: blazeds

versionstringRequired

The package version to test.

Example: 4.7.2

Query parameters

orgstringOptional

The organization to test the package with. See "The Snyk organization for a request" above.

Example: 9695cbb1-3a87-4d6f-8ae1-61a1c37ee9f7

repositorystringOptional

The Maven repository hosting this package. The default value is Maven Central. More than one value is supported, in order.

Example: https://repo1.maven.org/maven2

Responses

200Success

application/json

get

/test/maven/{groupId}/{artifactId}/{version}

GET /v1/test/maven/{groupId}/{artifactId}/{version} HTTP/1.1
Host: api.snyk.io
Accept: */*

200Success

{
  "ok": false,
  "issues": {
    "vulnerabilities": [
      {
        "id": "SNYK-JAVA-ORGAPACHEFLEXBLAZEDS-31455",
        "url": "https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEFLEXBLAZEDS-31455",
        "title": "Arbitrary Code Execution",
        "type": "vuln",
        "description": "## Overview\n\n[org.apache.flex.blazeds:blazeds](https://github.com/apache/flex-blazeds) is an application development framework for easily building Flash-based applications for mobile devices, web browsers, and desktops.\n\n\nAffected versions of this package are vulnerable to Arbitrary Code Execution.\nThe AMF deserialization implementation of Flex BlazeDS is vulnerable to Deserialization of Untrusted Data. By sending a specially crafted AMF message, it is possible to make the server establish a connection to an endpoint specified in the message and request an RMI remote object from that endpoint. This can result in the execution of arbitrary code on the server via Java deserialization.\n\n\nStarting with BlazeDS version `4.7.3`, Deserialization of XML is disabled completely per default, while the `ClassDeserializationValidator` allows deserialization of whitelisted classes only. BlazeDS internally comes with the following whitelist:\n```\nflex.messaging.io.amf.ASObject\nflex.messaging.io.amf.SerializedObject\nflex.messaging.io.ArrayCollection\nflex.messaging.io.ArrayList\nflex.messaging.messages.AcknowledgeMessage\nflex.messaging.messages.AcknowledgeMessageExt\nflex.messaging.messages.AsyncMessage\nflex.messaging.messages.AsyncMessageExt\nflex.messaging.messages.CommandMessage\nflex.messaging.messages.CommandMessageExt\nflex.messaging.messages.ErrorMessage\nflex.messaging.messages.HTTPMessage\nflex.messaging.messages.RemotingMessage\nflex.messaging.messages.SOAPMessage\njava.lang.Boolean\njava.lang.Byte\njava.lang.Character\njava.lang.Double\njava.lang.Float\njava.lang.Integer\njava.lang.Long\njava.lang.Object\njava.lang.Short\njava.lang.String\njava.util.ArrayList\njava.util.Date\njava.util.HashMap\norg.w3c.dom.Document\n```\n\n## Remediation\n\nUpgrade `org.apache.flex.blazeds:blazeds` to version 4.7.3 or higher.\n\n\n## References\n\n- [CVE-2017-3066](https://nvd.nist.gov/vuln/detail/CVE-2017-5641)\n\n- [Github Commit](https://github.com/apache/flex-blazeds/commit/f861f0993c35e664906609cad275e45a71e2aaf1)\n\n- [Github Release Notes](https://github.com/apache/flex-blazeds/blob/master/RELEASE_NOTES)\n\n- [Securitytracker Issue](http://www.securitytracker.com/id/1038364)\n",
        "functions": [],
        "from": [
          "org.apache.flex.blazeds:[email protected]"
        ],
        "package": "org.apache.flex.blazeds:blazeds",
        "version": "4.7.2",
        "severity": "critical",
        "exploitMaturity": "no-known-exploit",
        "language": "java",
        "packageManager": "maven",
        "semver": {
          "vulnerable": [
            "[,4.7.3)"
          ]
        },
        "publicationTime": "2017-08-09T14:17:08Z",
        "disclosureTime": "2017-04-25T21:00:00Z",
        "isUpgradable": true,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2017-5641"
          ],
          "CWE": [
            "CWE-502"
          ]
        },
        "credit": [
          "Markus Wulftange"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "cvssScore": 9.8,
        "patches": [],
        "upgradePath": [
          "org.apache.flex.blazeds:[email protected]"
        ]
      }
    ],
    "licenses": []
  },
  "dependencyCount": 1,
  "org": {
    "name": "atokeneduser",
    "id": "689ce7f9-7943-4a71-b704-2ba575f01089"
  },
  "licensesPolicy": null,
  "packageManager": "maven"
}

Test gradle file

post

Test for issues in Gradle files.You can test your Gradle packages for issues according to their manifest file using this action. It takes a JSON object containing the "target" build.gradle.

Required permissions

View Organization
Test Packages

Query parameters

orgstringOptional

The organization to test the package with. See "The Snyk organization for a request" above.

Example: 9695cbb1-3a87-4d6f-8ae1-61a1c37ee9f7

repositorystringOptional

The repository hosting this package. The default value is Maven Central. More than one value is supported, in order.

Example: https://repo1.maven.org/maven2

Body

and

anyOptionalExample: {"encoding":"plain","files":{"target":{"contents":"dependencies { compile 'axis:axis:1.4' }"}}}

Responses

200Success

application/json

post

/test/gradle

POST /v1/test/gradle HTTP/1.1
Host: api.snyk.io
Content-Type: application/json
Accept: */*
Content-Length: 95

{
  "encoding": "plain",
  "files": {
    "target": {
      "contents": "dependencies { compile 'axis:axis:1.4' }"
    }
  }
}

200Success

{
  "ok": false,
  "issues": {
    "vulnerabilities": [
      {
        "id": "SNYK-JAVA-AXIS-30071",
        "url": "https://snyk.io/vuln/SNYK-JAVA-AXIS-30071",
        "title": "Man-in-the-Middle (MitM)",
        "type": "vuln",
        "description": "## Overview\n\n[axis:axis](https://search.maven.org/search?q=g:axis) is an implementation of the SOAP (\"Simple Object Access Protocol\") submission to W3C.\n\n\nAffected versions of this package are vulnerable to Man-in-the-Middle (MitM).\nIt does not verify the requesting server's hostname against existing domain names in the SSL Certificate. \r\n\r\n## Details\r\nThe `getCN` function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's `Common Name (CN)` or `subjectAltName` field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field.  \r\n\r\n**NOTE:** this issue exists because of an incomplete fix for [CVE-2012-5784](https://snyk.io/vuln/SNYK-JAVA-AXIS-30189).\n\n## Remediation\n\nThere is no fixed version for `axis:axis`.\n\n\n## References\n\n- [Axis Issue](https://issues.apache.org/jira/browse/AXIS-2905)\n\n- [NVD](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3596)\n\n- [Redhat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3596)\n",
        "functions": [],
        "from": [
          "axis:[email protected]"
        ],
        "package": "axis:axis",
        "version": "1.4",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "java",
        "packageManager": "maven",
        "semver": {
          "vulnerable": [
            "[0,]"
          ]
        },
        "publicationTime": "2014-08-18T16:51:53Z",
        "disclosureTime": "2014-08-18T16:51:53Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2014-3596"
          ],
          "CWE": [
            "CWE-297"
          ]
        },
        "credit": [
          "David Jorm",
          "Arun Neelicattu"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
        "cvssScore": 5.4,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-JAVA-AXIS-30189",
        "url": "https://snyk.io/vuln/SNYK-JAVA-AXIS-30189",
        "title": "Man-in-the-Middle (MitM)",
        "type": "vuln",
        "description": "## Overview\n\n[axis:axis](https://search.maven.org/search?q=g:axis) is an implementation of the SOAP (\"Simple Object Access Protocol\") submission to W3C.\n\n\nAffected versions of this package are vulnerable to Man-in-the-Middle (MitM).\nIt does not verify the requesting server's hostname against existing domain names in the SSL Certificate.\n\n\n## Details\nApache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's `Common Name (CN)` or `subjectAltName` field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.\n\n## Remediation\n\nThere is no fixed version for `axis:axis`.\n\n\n## References\n\n- [Jira Issue](https://issues.apache.org/jira/browse/AXIS-2883)\n\n- [NVD](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5784)\n\n- [Texas University](http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf)\n",
        "functions": [],
        "from": [
          "axis:[email protected]"
        ],
        "package": "axis:axis",
        "version": "1.4",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "java",
        "packageManager": "maven",
        "semver": {
          "vulnerable": [
            "[0,]"
          ]
        },
        "publicationTime": "2017-03-13T08:00:21Z",
        "disclosureTime": "2012-11-04T22:55:00Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2012-5784"
          ],
          "CWE": [
            "CWE-20"
          ]
        },
        "credit": [
          "Alberto Fernández"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
        "cvssScore": 5.4,
        "patches": [],
        "upgradePath": []
      }
    ],
    "licenses": []
  },
  "dependencyCount": 6,
  "org": {
    "name": "atokeneduser",
    "id": "4a18d42f-0706-4ad0-b127-24078731fbed"
  },
  "licensesPolicy": null,
  "packageManager": "gradle"
}

Test for issues in a public package by group, name and version

get

Test for issues in Gradle files.You can test gradle packages for issues according to their group, name and version. This is done via the maven endpoint (for Java), since the packages are hosted on maven central or a compatible repository. See "Maven" above for details.

Required permissions

View Organization
Test Packages

Path parameters

groupstringRequired

The package's group ID.

Example: org.apache.flex.blazeds

namestringRequired

The package's artifact ID.

Example: blazeds

versionstringRequired

The package version to test.

Example: 4.7.2

Query parameters

orgstringOptional

The organization to test the package with. See "The Snyk organization for a request" above.

Example: 9695cbb1-3a87-4d6f-8ae1-61a1c37ee9f7

repositorystringOptional

The repository hosting this package. The default value is Maven Central. More than one value is supported, in order.

Example: https://repo1.maven.org/maven2

Responses

200Success

application/json

get

/test/gradle/{group}/{name}/{version}

GET /v1/test/gradle/{group}/{name}/{version} HTTP/1.1
Host: api.snyk.io
Accept: */*

200Success

{
  "ok": false,
  "issues": {
    "vulnerabilities": [
      {
        "id": "SNYK-JAVA-ORGAPACHEFLEXBLAZEDS-31455",
        "url": "https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEFLEXBLAZEDS-31455",
        "title": "Arbitrary Code Execution",
        "type": "vuln",
        "description": "## Overview\n\n[org.apache.flex.blazeds:blazeds](https://github.com/apache/flex-blazeds) is an application development framework for easily building Flash-based applications for mobile devices, web browsers, and desktops.\n\n\nAffected versions of this package are vulnerable to Arbitrary Code Execution.\nThe AMF deserialization implementation of Flex BlazeDS is vulnerable to Deserialization of Untrusted Data. By sending a specially crafted AMF message, it is possible to make the server establish a connection to an endpoint specified in the message and request an RMI remote object from that endpoint. This can result in the execution of arbitrary code on the server via Java deserialization.\n\n\nStarting with BlazeDS version `4.7.3`, Deserialization of XML is disabled completely per default, while the `ClassDeserializationValidator` allows deserialization of whitelisted classes only. BlazeDS internally comes with the following whitelist:\n```\nflex.messaging.io.amf.ASObject\nflex.messaging.io.amf.SerializedObject\nflex.messaging.io.ArrayCollection\nflex.messaging.io.ArrayList\nflex.messaging.messages.AcknowledgeMessage\nflex.messaging.messages.AcknowledgeMessageExt\nflex.messaging.messages.AsyncMessage\nflex.messaging.messages.AsyncMessageExt\nflex.messaging.messages.CommandMessage\nflex.messaging.messages.CommandMessageExt\nflex.messaging.messages.ErrorMessage\nflex.messaging.messages.HTTPMessage\nflex.messaging.messages.RemotingMessage\nflex.messaging.messages.SOAPMessage\njava.lang.Boolean\njava.lang.Byte\njava.lang.Character\njava.lang.Double\njava.lang.Float\njava.lang.Integer\njava.lang.Long\njava.lang.Object\njava.lang.Short\njava.lang.String\njava.util.ArrayList\njava.util.Date\njava.util.HashMap\norg.w3c.dom.Document\n```\n\n## Remediation\n\nUpgrade `org.apache.flex.blazeds:blazeds` to version 4.7.3 or higher.\n\n\n## References\n\n- [CVE-2017-3066](https://nvd.nist.gov/vuln/detail/CVE-2017-5641)\n\n- [Github Commit](https://github.com/apache/flex-blazeds/commit/f861f0993c35e664906609cad275e45a71e2aaf1)\n\n- [Github Release Notes](https://github.com/apache/flex-blazeds/blob/master/RELEASE_NOTES)\n\n- [Securitytracker Issue](http://www.securitytracker.com/id/1038364)\n",
        "functions": [],
        "from": [
          "org.apache.flex.blazeds:[email protected]"
        ],
        "package": "org.apache.flex.blazeds:blazeds",
        "version": "4.7.2",
        "severity": "critical",
        "exploitMaturity": "no-known-exploit",
        "language": "java",
        "packageManager": "maven",
        "semver": {
          "vulnerable": [
            "[,4.7.3)"
          ]
        },
        "publicationTime": "2017-08-09T14:17:08Z",
        "disclosureTime": "2017-04-25T21:00:00Z",
        "isUpgradable": true,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2017-5641"
          ],
          "CWE": [
            "CWE-502"
          ]
        },
        "credit": [
          "Markus Wulftange"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "cvssScore": 9.8,
        "patches": [],
        "upgradePath": [
          "org.apache.flex.blazeds:[email protected]"
        ]
      }
    ],
    "licenses": []
  },
  "dependencyCount": 1,
  "org": {
    "name": "atokeneduser",
    "id": "689ce7f9-7943-4a71-b704-2ba575f01089"
  },
  "licensesPolicy": null,
  "packageManager": "maven"
}

Test vendor.json File

post

Test for issues in Go vendor files.You can test your Go vendor packages for issues according to their manifest file using this action. It takes a JSON object containing a "target" vendor.json.

Required permissions

View Organization
Test Packages

Query parameters

orgstringOptional

The organization to test the package with. See "The Snyk organization for a request" above.

Example: 9695cbb1-3a87-4d6f-8ae1-61a1c37ee9f7

Body

and

anyOptionalExample:

{"encoding":"plain","files":{"target":{"contents":"{\\\"comment\\\":\\\"\\\",\\\"ignore\\\":\\\"test\\\",\\\"package\\\":[{\\\"checksumSHA1\\\":\\\"o/3cn04KAiwC7NqNVvmfVTD+hgA=\\\",\\\"path\\\":\\\"github.com/Microsoft/go-winio\\\",\\\"revision\\\":\\\"78439966b38d69bf38227fbf57ac8a6fee70f69a\\\",\\\"revisionTime\\\":\\\"2017-08-04T20:09:54Z\\\"},{\\\"checksumSHA1\\\":\\\"GqIrOttKaO7k6HIaHQLPr3cY7rY=\\\",\\\"path\\\":\\\"github.com/containerd/continuity/pathdriver\\\",\\\"revision\\\":\\\"617902de2ab5e18974efd88a58eeef67ac82d127\\\",\\\"revisionTime\\\":\\\"2017-09-25T16:43:31Z\\\"},{\\\"checksumSHA1\\\":\\\"ndnAFCfsGC3upNQ6jAEwzxcurww=\\\",\\\"path\\\":\\\"github.com/docker/docker/pkg/longpath\\\",\\\"revision\\\":\\\"74a084162ce544fe995715ba47aa84d3d75b95c1\\\",\\\"revisionTime\\\":\\\"2017-09-26T16:09:50Z\\\"},{\\\"checksumSHA1\\\":\\\"IVWozKA/coqhti24Ss2b1nLrTSg=\\\",\\\"path\\\":\\\"github.com/docker/docker/pkg/mount\\\",\\\"revision\\\":\\\"74a084162ce544fe995715ba47aa84d3d75b95c1\\\",\\\"revisionTime\\\":\\\"2017-09-26T16:09:50Z\\\"},{\\\"checksumSHA1\\\":\\\"YdUAOhhc/C0zu+eYrJOJjDwr1/4=\\\",\\\"path\\\":\\\"github.com/docker/docker/pkg/symlink\\\",\\\"revision\\\":\\\"74a084162ce544fe995715ba47aa84d3d75b95c1\\\",\\\"revisionTime\\\":\\\"2017-09-26T16:09:50Z\\\"},{\\\"checksumSHA1\\\":\\\"UEMAKQqAyL9hs6RWxesQuYMQ3+I=\\\",\\\"path\\\":\\\"github.com/docker/docker/pkg/system\\\",\\\"revision\\\":\\\"74a084162ce544fe995715ba47aa84d3d75b95c1\\\",\\\"revisionTime\\\":\\\"2017-09-26T16:09:50Z\\\"},{\\\"checksumSHA1\\\":\\\"UmXGieuTJQOzJPspPJTVKKKMiUA=\\\",\\\"path\\\":\\\"github.com/docker/go-units\\\",\\\"revision\\\":\\\"0dadbb0345b35ec7ef35e228dabb8de89a65bf52\\\",\\\"revisionTime\\\":\\\"2017-01-27T09:51:30Z\\\"},{\\\"checksumSHA1\\\":\\\"RCARG9BoOH6jwbqnuix2Ne3K26w=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"OVGl5SGmF1HZmaG6JRmkyWiycYA=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer/cgroups\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"q56oWh80PeIBiE/8nQ/Emz18ZZ8=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer/cgroups/fs\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"3NQtWwKOT4BlnSWn0tTsy/N+XhU=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer/console\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"WPIuCuWS1RkrGCHBRZuOJku7ZBc=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer/devices\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"HLo2E8AWKNCwE2p7ndEkKc4SPnM=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer/label\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"KYcr4bHkervvLS5wuH9w1+EhflY=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer/mount\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"tvHnvhbm17pLR/fA2WXWYlY9aDs=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer/mount/nodes\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"k9+kwIouq8vqmodLrGFp+9I7Jxs=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer/netlink\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"ndpCrSi/XKZNCCrkjpQ2cgMIxKA=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer/network\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"cfgnX7wKfSHOJ4mbhKyjAWizl+s=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer/selinux\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"M7/2WUk1uzgdqc5Ce/k9UcSyv1M=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer/system\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"2ZMmNaPI3TM4WyMjCw+h1jErSr0=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer/utils\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"rJab1YdNhQooDiBWNnt7TLWPyBU=\\\",\\\"path\\\":\\\"github.com/pkg/errors\\\",\\\"revision\\\":\\\"2b3a18b5f0fb6b4f9190549597d3f962c02bc5eb\\\",\\\"revisionTime\\\":\\\"2017-09-10T13:46:14Z\\\"},{\\\"checksumSHA1\\\":\\\"BYvROBsiyAXK4sq6yhDe8RgT4LM=\\\",\\\"path\\\":\\\"github.com/sirupsen/logrus\\\",\\\"revision\\\":\\\"89742aefa4b206dcf400792f3bd35b542998eb3b\\\",\\\"revisionTime\\\":\\\"2017-08-22T13:27:46Z\\\"},{\\\"checksumSHA1\\\":\\\"nqWNlnMmVpt628zzvyo6Yv2CX5Q=\\\",\\\"path\\\":\\\"golang.org/x/crypto/ssh/terminal\\\",\\\"revision\\\":\\\"847319b7fc94cab682988f93da778204da164588\\\",\\\"revisionTime\\\":\\\"2017-08-18T09:57:21Z\\\"},{\\\"checksumSHA1\\\":\\\"uggjqMBFNJd11oNco2kbkAT641w=\\\",\\\"path\\\":\\\"golang.org/x/sys/unix\\\",\\\"revision\\\":\\\"429f518978ab01db8bb6f44b66785088e7fba58b\\\",\\\"revisionTime\\\":\\\"2017-09-20T21:38:28Z\\\"},{\\\"checksumSHA1\\\":\\\"pBPFzDGt3AVSRffB7ffiUnruFUk=\\\",\\\"path\\\":\\\"golang.org/x/sys/windows\\\",\\\"revision\\\":\\\"429f518978ab01db8bb6f44b66785088e7fba58b\\\",\\\"revisionTime\\\":\\\"2017-09-20T21:38:28Z\\\"},{\\\"checksumSHA1\\\":\\\"o5NrWoSkC+ugoK9D6ragLSrXHw0=\\\",\\\"path\\\":\\\"gopkg.in/square/go-jose.v2\\\",\\\"revision\\\":\\\"296c7f1463ec9b712176dc804dea0173d06dc728\\\",\\\"revisionTime\\\":\\\"2016-11-17T00:42:38Z\\\",\\\"version\\\":\\\"v2.0\\\",\\\"versionExact\\\":\\\"v2.0.1\\\"},{\\\"checksumSHA1\\\":\\\"j94zYNLTvPSnfnqVKJ4LUf++uX4=\\\",\\\"path\\\":\\\"gopkg.in/square/go-jose.v2/cipher\\\",\\\"revision\\\":\\\"296c7f1463ec9b712176dc804dea0173d06dc728\\\",\\\"revisionTime\\\":\\\"2016-11-17T00:42:38Z\\\",\\\"version\\\":\\\"v2.0\\\",\\\"versionExact\\\":\\\"v2.0.1\\\"},{\\\"checksumSHA1\\\":\\\"JFun0lWY9eqd80Js2iWsehu1gc4=\\\",\\\"path\\\":\\\"gopkg.in/square/go-jose.v2/json\\\",\\\"revision\\\":\\\"296c7f1463ec9b712176dc804dea0173d06dc728\\\",\\\"revisionTime\\\":\\\"2016-11-17T00:42:38Z\\\",\\\"version\\\":\\\"v2.0\\\",\\\"versionExact\\\":\\\"v2.0.1\\\"}],\\\"rootPath\\\":\\\"with-vuln\\\"}"}}}

Responses

200Success

application/json

post

/test/govendor

POST /v1/test/govendor HTTP/1.1
Host: api.snyk.io
Content-Type: application/json
Accept: */*
Content-Length: 7686

{
  "encoding": "plain",
  "files": {
    "target": {
      "contents": "{\\\"comment\\\":\\\"\\\",\\\"ignore\\\":\\\"test\\\",\\\"package\\\":[{\\\"checksumSHA1\\\":\\\"o/3cn04KAiwC7NqNVvmfVTD+hgA=\\\",\\\"path\\\":\\\"github.com/Microsoft/go-winio\\\",\\\"revision\\\":\\\"78439966b38d69bf38227fbf57ac8a6fee70f69a\\\",\\\"revisionTime\\\":\\\"2017-08-04T20:09:54Z\\\"},{\\\"checksumSHA1\\\":\\\"GqIrOttKaO7k6HIaHQLPr3cY7rY=\\\",\\\"path\\\":\\\"github.com/containerd/continuity/pathdriver\\\",\\\"revision\\\":\\\"617902de2ab5e18974efd88a58eeef67ac82d127\\\",\\\"revisionTime\\\":\\\"2017-09-25T16:43:31Z\\\"},{\\\"checksumSHA1\\\":\\\"ndnAFCfsGC3upNQ6jAEwzxcurww=\\\",\\\"path\\\":\\\"github.com/docker/docker/pkg/longpath\\\",\\\"revision\\\":\\\"74a084162ce544fe995715ba47aa84d3d75b95c1\\\",\\\"revisionTime\\\":\\\"2017-09-26T16:09:50Z\\\"},{\\\"checksumSHA1\\\":\\\"IVWozKA/coqhti24Ss2b1nLrTSg=\\\",\\\"path\\\":\\\"github.com/docker/docker/pkg/mount\\\",\\\"revision\\\":\\\"74a084162ce544fe995715ba47aa84d3d75b95c1\\\",\\\"revisionTime\\\":\\\"2017-09-26T16:09:50Z\\\"},{\\\"checksumSHA1\\\":\\\"YdUAOhhc/C0zu+eYrJOJjDwr1/4=\\\",\\\"path\\\":\\\"github.com/docker/docker/pkg/symlink\\\",\\\"revision\\\":\\\"74a084162ce544fe995715ba47aa84d3d75b95c1\\\",\\\"revisionTime\\\":\\\"2017-09-26T16:09:50Z\\\"},{\\\"checksumSHA1\\\":\\\"UEMAKQqAyL9hs6RWxesQuYMQ3+I=\\\",\\\"path\\\":\\\"github.com/docker/docker/pkg/system\\\",\\\"revision\\\":\\\"74a084162ce544fe995715ba47aa84d3d75b95c1\\\",\\\"revisionTime\\\":\\\"2017-09-26T16:09:50Z\\\"},{\\\"checksumSHA1\\\":\\\"UmXGieuTJQOzJPspPJTVKKKMiUA=\\\",\\\"path\\\":\\\"github.com/docker/go-units\\\",\\\"revision\\\":\\\"0dadbb0345b35ec7ef35e228dabb8de89a65bf52\\\",\\\"revisionTime\\\":\\\"2017-01-27T09:51:30Z\\\"},{\\\"checksumSHA1\\\":\\\"RCARG9BoOH6jwbqnuix2Ne3K26w=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"OVGl5SGmF1HZmaG6JRmkyWiycYA=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer/cgroups\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"q56oWh80PeIBiE/8nQ/Emz18ZZ8=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer/cgroups/fs\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"3NQtWwKOT4BlnSWn0tTsy/N+XhU=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer/console\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"WPIuCuWS1RkrGCHBRZuOJku7ZBc=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer/devices\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"HLo2E8AWKNCwE2p7ndEkKc4SPnM=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer/label\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"KYcr4bHkervvLS5wuH9w1+EhflY=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer/mount\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"tvHnvhbm17pLR/fA2WXWYlY9aDs=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer/mount/nodes\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"k9+kwIouq8vqmodLrGFp+9I7Jxs=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer/netlink\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"ndpCrSi/XKZNCCrkjpQ2cgMIxKA=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer/network\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"cfgnX7wKfSHOJ4mbhKyjAWizl+s=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer/selinux\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"M7/2WUk1uzgdqc5Ce/k9UcSyv1M=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer/system\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"2ZMmNaPI3TM4WyMjCw+h1jErSr0=\\\",\\\"path\\\":\\\"github.com/docker/libcontainer/utils\\\",\\\"revision\\\":\\\"53eca435e63db58b06cf796d3a9326db5fd42253\\\",\\\"revisionTime\\\":\\\"2014-12-02T23:28:38Z\\\",\\\"version\\\":\\\"v1.4\\\",\\\"versionExact\\\":\\\"v1.4.0\\\"},{\\\"checksumSHA1\\\":\\\"rJab1YdNhQooDiBWNnt7TLWPyBU=\\\",\\\"path\\\":\\\"github.com/pkg/errors\\\",\\\"revision\\\":\\\"2b3a18b5f0fb6b4f9190549597d3f962c02bc5eb\\\",\\\"revisionTime\\\":\\\"2017-09-10T13:46:14Z\\\"},{\\\"checksumSHA1\\\":\\\"BYvROBsiyAXK4sq6yhDe8RgT4LM=\\\",\\\"path\\\":\\\"github.com/sirupsen/logrus\\\",\\\"revision\\\":\\\"89742aefa4b206dcf400792f3bd35b542998eb3b\\\",\\\"revisionTime\\\":\\\"2017-08-22T13:27:46Z\\\"},{\\\"checksumSHA1\\\":\\\"nqWNlnMmVpt628zzvyo6Yv2CX5Q=\\\",\\\"path\\\":\\\"golang.org/x/crypto/ssh/terminal\\\",\\\"revision\\\":\\\"847319b7fc94cab682988f93da778204da164588\\\",\\\"revisionTime\\\":\\\"2017-08-18T09:57:21Z\\\"},{\\\"checksumSHA1\\\":\\\"uggjqMBFNJd11oNco2kbkAT641w=\\\",\\\"path\\\":\\\"golang.org/x/sys/unix\\\",\\\"revision\\\":\\\"429f518978ab01db8bb6f44b66785088e7fba58b\\\",\\\"revisionTime\\\":\\\"2017-09-20T21:38:28Z\\\"},{\\\"checksumSHA1\\\":\\\"pBPFzDGt3AVSRffB7ffiUnruFUk=\\\",\\\"path\\\":\\\"golang.org/x/sys/windows\\\",\\\"revision\\\":\\\"429f518978ab01db8bb6f44b66785088e7fba58b\\\",\\\"revisionTime\\\":\\\"2017-09-20T21:38:28Z\\\"},{\\\"checksumSHA1\\\":\\\"o5NrWoSkC+ugoK9D6ragLSrXHw0=\\\",\\\"path\\\":\\\"gopkg.in/square/go-jose.v2\\\",\\\"revision\\\":\\\"296c7f1463ec9b712176dc804dea0173d06dc728\\\",\\\"revisionTime\\\":\\\"2016-11-17T00:42:38Z\\\",\\\"version\\\":\\\"v2.0\\\",\\\"versionExact\\\":\\\"v2.0.1\\\"},{\\\"checksumSHA1\\\":\\\"j94zYNLTvPSnfnqVKJ4LUf++uX4=\\\",\\\"path\\\":\\\"gopkg.in/square/go-jose.v2/cipher\\\",\\\"revision\\\":\\\"296c7f1463ec9b712176dc804dea0173d06dc728\\\",\\\"revisionTime\\\":\\\"2016-11-17T00:42:38Z\\\",\\\"version\\\":\\\"v2.0\\\",\\\"versionExact\\\":\\\"v2.0.1\\\"},{\\\"checksumSHA1\\\":\\\"JFun0lWY9eqd80Js2iWsehu1gc4=\\\",\\\"path\\\":\\\"gopkg.in/square/go-jose.v2/json\\\",\\\"revision\\\":\\\"296c7f1463ec9b712176dc804dea0173d06dc728\\\",\\\"revisionTime\\\":\\\"2016-11-17T00:42:38Z\\\",\\\"version\\\":\\\"v2.0\\\",\\\"versionExact\\\":\\\"v2.0.1\\\"}],\\\"rootPath\\\":\\\"with-vuln\\\"}"
    }
  }
}

200Success

{
  "ok": false,
  "issues": {
    "vulnerabilities": [
      {
        "id": "SNYK-GOLANG-GITHUBCOMDOCKERLIBCONTAINER-50012",
        "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDOCKERLIBCONTAINER-50012",
        "title": "Symlink Attack",
        "type": "vuln",
        "description": "## Overview\nAffected version of [`github.com/docker/libcontainer`](https://github.com/docker/libcontainer) are vulnerable to Symlink Attacks.\nLibcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.\n\n## References\n- [NVD](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3627)\n- [GitHub Commit](https://github.com/docker/libcontainer/commit/46132cebcf391b56842f5cf9b247d508c59bc625)\n- [Packetstorm Security](http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html)\n- [Seclists](http://seclists.org/fulldisclosure/2015/May/28)\n- [Docker Security Advisory](https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ)\n",
        "functions": [],
        "from": [
          "github.com/docker/[email protected]"
        ],
        "package": "github.com/docker/libcontainer",
        "version": "v1.4.0",
        "severity": "critical",
        "exploitMaturity": "no-known-exploit",
        "language": "golang",
        "packageManager": "golang",
        "semver": {
          "hashesRange": [
            ">=5c246d038fc47b8d57a474e1b212ffe646764ee9 <46132cebcf391b56842f5cf9b247d508c59bc625"
          ],
          "vulnerable": [
            "<1.6.1"
          ],
          "vulnerableHashes": [
            "cab4b9bce1bece1b6c575e1826f3e5b221faebf3",
            "4a72e540feb67091156b907c4700e580a99f5a9d",
            "eb74393a3d2daeafbef4f5f27c0821cbdd67559c",
            "4332ffcfc6765245e8e9151a2907b0e4b76f218f",
            "7eceabd47f41328d6e894418ae167ce8377bda22",
            "ecace12e5a3e309d82c5b3b1548a3251b3bc4e2a",
            "afb167a417ed8379c008b070fb5c0b1bc84bbcba",
            "2b4512809110033e5ec532167efd6fabf2dd596d",
            "c2403c32dbf8a67870ab2ba7524c117fc0652256",
            "4077c254a6ac99930d720a9b95709dbd2614bc61",
            "1b755bf962ec1d29e9e5e66e2cc15704fac088e7",
            "1c9de5b4d21b94499a1e91c9b94ba06831ac5393",
            "e3184f97e040c3121502dc382d41ac58a98b685a",
            "0dee9793d5efd9842a2e8890fa0f8981d20b196e",
            "3e9299d6da5749b263fc3dc93d50b5c854fa199c",
            "152107f44ae9e38b38609fdbc75ac6f9f56c4fed",
            "623fe598e4d5e75e70440f45298eecec414788b3",
            "e30793aed7a30772054abfb1b3f3f703f119b55b",
            "0596e6384a586223c56c5ea7d14467ebf5d17247",
            "42fed751fbab3f340461d06edb896cd10cd49812",
            "e451df796aaa605413a0b84ddd1bf39ec4a751a0",
            "b0eece8d7d945e1e7fc98c2ae3b7dd0a860a7c2a",
            "5c246d038fc47b8d57a474e1b212ffe646764ee9",
            "bfa67ab988f434fd6836c1868eb5d7d1d7864e8a",
            "9bebc660423ca974192599a6a5ea8e016a6fe1fc",
            "e22b58954324b3593737438032412f15ed9602e9",
            "af371eae767ceb51b8804f212bf97584d876feb3",
            "f61899ece3fc1da206a0eb28fada0595ab381887",
            "0d0402712b5a13d1b54a345a63ec67982e2e0089",
            "d1ae7cd67310f482af22de3abeb26d28e65274bf",
            "9f2c67332f48c0050846ac86e01cb5dadbd1d8fe",
            "62bdfc482d8edaa618b544fb2beafdf0c44dce5e",
            "699429e60f23ab0fa3bdd97b6326316be08791ad",
            "35c01f9eb3c228201a3fc5d2301d1fc7a00bde13",
            "a72f710d89eaabf23dad7c084082bccb26e6336f",
            "eb84dd1b73df035e6e64c8513daaa476c72dedfc",
            "5b73860e65598203b26d57aabc96ae0f52c9f9ab",
            "d64cfe5c05448935c75c92f65d604c751bbf5153",
            "62626677876330d60fe3512f59f1fd8f82799ca5",
            "43842efeccbd8077dba8f85fc9e772e0647b82cb",
            "d6cd7ce43faa53d212052dbbcf209029ec2ec951",
            "ebefcddc3c4b99ae312ac575c288856e177ed6ef",
            "83add60f217d32561ff0ff62ebf1d6db6a2a11a3",
            "14af6755f04233fbe55cb354a9351fe05afd43a0",
            "8530167f7f5b5eb329f5377b6b74a904482a10ed",
            "000d36e109f5d04bad5342bb779e02b2b9b252f7",
            "1db687f4f480c06e6cadfdb0971985df4313ddc7",
            "689e8ec9493a4294856dc1568f5ef667e106707c",
            "0eb8a1aac3d903b3c7925208c34f09c02910e7aa",
            "edb31ce0a6fd7956bffc0829000c60bdd56b9f32",
            "53fce307557cbffdbc54647ef63956b2cb0cee86",
            "c22d5c90cf907f4f34d2bc13cad9c82a7fce9077",
            "ef1c1c4289559e818d3ec77ce9c1b6a77d2ac764",
            "2da44f8c7b703f87e9c07164c9cc1cdd31031783",
            "ee102305fb35a23668136b102ed4d0dd5b3d9ce5",
            "3ca0e1ff95c54577c65b5fbb734c267c23782974",
            "f115a5f6c8c2a3cc6340408e6644236a88dcaad0",
            "29ba9b3179d014cc87129af5c51b1263443f387b",
            "c1ca18404fa63209e0a65abf443669155991b4df",
            "5bb81469895d669ddcb4b49e83809a980d57d6b1",
            "6feb7bda04b3130e81cf9606ddb7a156d4a63f7a",
            "7c8550af53b4d428d8f3a7c19c0c4a8ebca8ff21",
            "7766c1e07bd49fdc290f0557268950d35b867823",
            "4903df2ed52a01f08626739ad35937752de82a09",
            "58feafa848d9657dda34e5ccc3a196e359566bda",
            "9e787db1b108941edab18209a7468e6c555002ce",
            "e7953c3609b62a25b0bfedcd9d3885ca1b99d2fb",
            "8c3b6b18689796bc9625258258e8664746b24e85",
            "dd3cb8822352fd4acc0b8b426bd86e47e98f6853",
            "cc524f1b729cb5d7592d0a0b07cb3ff1fe6eda98",
            "c22ac4876f0a218584ae862900f3058470be38a3",
            "c1fb904d1047359e8c4dadafaa0ab065efe9e03e",
            "1f176f3c0dae283d66df5360de8a93ec14b4fbd0",
            "50f0faa795dc62773857a0cc3cfb6d5681ba3562",
            "3fbf1856025f54b6eab6e73b7ff8aa4d1020e1c1",
            "f4a4391e4ef7e886e56816ae59cbe99d8cff91d9",
            "2d9ef3af72e89ad9df164bd0f435371aa4fa0dea",
            "187792e35bb47c89fdfe34409162c814627daacc",
            "b322073f27b0e9e60b2ab07eff7f4e96a24cb3f9",
            "f78bf211f023d28392c6aa0d1934bb1001b3a180",
            "20af7e70e2511b4da0e035bf2fa2d6295f198970",
            "f8eb40433c4a8617a20ad36119973af6f9dd2cd0",
            "d7dea0e925315bab640115053204c16718839b1e",
            "295c70865d10d7c57ba13cbef45c1d276ebfa83e",
            "5a87153824b838be92503b57e76e96519b84b522",
            "fec4c5ab0a75d7e6a46955bda0818bed7f8fecf3",
            "6a76ecb1ce53d9e623826b238033b86f072395a9",
            "2c037b7fd98e1c03e0c67ceccfd8e3300457e07e",
            "4ce8d973204ebace2970c662f6f841ab11a3cc13",
            "870119e763b5976d7331fbd8656ed65207ba95ad",
            "58fc93160e03387a4f41dcf4aed2e376c4a92db4",
            "a3b0209cc61301941810e54bc3678ccff9af71c1",
            "ec005e73b9169d17651618b91836a5d86eb7b24c",
            "2fac2dad91e390acb8937ede6154c265b7011cf9",
            "0195469398f4fc1d42c0c20172b51e03ccf9ff1a",
            "8d0b06257ba659ee91fa3862ed358cecbee37f73",
            "6516e6ce8c7c71e44f95332ef740ea4082cfee39",
            "55d61e22c5e0e4dc00c99847ba20a8ffa1e3a3d4",
            "ca73d7aede7eaa05f4a0acb4bd5cb17a9408cd27",
            "43fabe36d18fa36326d9e5efd2cca8b9376a7fdf",
            "c06f92353f4f74cdb1c66ee0bbae1cdbb46934ce",
            "d6fae7bb26807a386f5dd9a1ec2dc5ac51c24498",
            "bde8bf2ebc5630399c7d0965f58b502100180400",
            "444cc2989aca50986b45a56bfd8a32bd7ea23c1c",
            "f5dfd9a702ad163be35023fe08c9573a614d6121",
            "6c2f20eeeca488b98a613e013712d7c9a3d1e619",
            "cc42996625afaf38d281f2457b08551a3df0d7bc",
            "903680701ad5cf25484d0ac3e78152807dfa90b3",
            "69228248334a576549a9af9df389b3cbfe0c211c",
            "6460fd79667466d2d9ec03f77f319a241c58d40b",
            "7d9244eab20fc96230636a066f88ad5165c34bc7",
            "9387ebb6ba5fca526aedb54c7df684102639caa3",
            "b21b19e0607582cceb8d715b85d27ec113a0b799",
            "c4821b6f3e0a41af6bf3ed1cfa168c13381b9554",
            "397b675315d00a34a09f058dd7e462af6f715da3",
            "c504f85aabbff0d7380ca9da3f6051c56905c7c0",
            "0f8f0601ae5668510ab7bde03041dafd39b18ec6",
            "c3ab8d0cb4b439b7691edf7b63fcecd169834250",
            "22df5551ed7367eb9cbb0cc22aea46351d2495ad",
            "d284fdfaa36d37cbba5749562d6f9303ebab7d2f",
            "a9a503082e492575be352c9c82040c1f4ed468d1",
            "5fedffd8fd387b24b25186622c9566325ab3db1b",
            "dc827aa0ee51829d292524fdf3a7a163feadabe2",
            "f925aa3503eeba9d372c74d1fe2b17c8ecd97960",
            "bc1d229dbe94a0100f4530b47e9c918f27b8cecd",
            "71a57166c1209103dcd4355d21c161bd0f09e481",
            "a9644c209f7764f9155db0c4aeb4f690c0cdb585",
            "bcfdee970e8a32d04b472cd2c5712e10a5e425fe",
            "3c474b9e2aad7c577faefca6c35a8512140c0c65",
            "c34b3d5ce90a6b2828d5b97f553f4b49f64081af",
            "286fffa4eeda7745f3b36dc938dae3e155d1b204",
            "d1f0d5705debbe4d4b1aed7e087d5c49300eb271",
            "08fdb50b03dc810ca8c4386f4f8271a8d51d4445",
            "c44ab12c86689065978950d2ed92bb131b2a932c",
            "5df859ad240af502aebef01ca28da3ef24951e05",
            "ef4efd065cb6c136c7fcbdd65285cff549b745ac",
            "2f1b2ce204490854938fab57142b557caa4ab66d",
            "a36d471a0ef4e119ecfb41257aad246464024a40",
            "83663f82e3d76f57ea57faf80b8fd7eb96933b9b",
            "e8f5b543010eb0db146fd2593284ed19af93eccd",
            "c8512754166539461fd860451ff1a0af7491c197",
            "dc4c502efd85727abfed95af7789caa7f10d020d",
            "4940cee052ece5a8b2ea477699e7bb232de1e1f8",
            "025e6be6c5dc3d535286461088416afa74c42927",
            "b4cda7a6cabf1966daf67f291c2c41ff9a1369f4",
            "074441b495052c456f4b96524bd7a80d00db42e8",
            "5847aacb32742fd734fa2c0584cae65636bba370",
            "f9590b0927744d22ad0e1b737eecd07a48bb4c2f",
            "e05f807a8936b4491632290f13958ca26d0aaace",
            "fd0087d3acdc4c5865de1829d4accee5e3ebb658",
            "38f729e577e07b2c3333ed4b04146e1d64f665a8",
            "8a8eb57746e5372080a5f5e5b6fb9dce178c8220",
            "afa8443118347a1f909941aec2732039d28a9034",
            "d6eb76f8a2184688489fc3a611d80de36ef50877",
            "0f397d4e145fb4053792d42b3424dd2143fb23ad",
            "ba613c5a847ff30d312726eeff444714f8e31cde",
            "445bebc1b16b1f2646a3cae841fe0e1266d79ada",
            "e2ed997ae5b675fc8e78e7d0f9e6918c8b87503c",
            "3b95acdfa1e54de15cae2fc3083147a185a31792",
            "cacc15360ec04abb4c45f918e83bf33203946e32",
            "09809b551ce9f05e96fc3055ae7a23329604415b",
            "2a9511a0266afd48251609a03533094afe22fce2",
            "b6cf7a6c8520fd21e75f8b3becec6dc355d844b0",
            "fc3981ea5c10fb21cae6d6a8e78755be5b169999",
            "dc34fe188385f42198997f6aedc170487c57c7eb",
            "e9f8f8528abef64b8e1b8bc046a008b009ab2417",
            "fe9f7668957641a404b0d2c8850f104df591e7f2",
            "8da9c6878fa29f33dcfd74b1146d457a576d738a",
            "4622c8ac9541790365eda22b6ce65d038f4026fe",
            "3977c892e78d91a0c6d2a34fd2512a6c53c8d924",
            "1bd146ed82f771395f991851f7d896d9ae778f3c",
            "77085907a44039fe1cf9fe24d9c7675aa53d2f9b",
            "107bad0ee5141bb847257a6f57dff2469dd584da",
            "2da159823d0a54756308e73dc0e58a420daffad4",
            "94fb37f5573e1484ba686b195079684cace18eb0",
            "5c6332687d5d7c902cdd954e4e6a107ed6c60848",
            "8b77eba9a6b506c71d1542d2fab1495249a7f7b6",
            "da32455210de558c829f089e8c3a3d1ed8c34a5b",
            "e1c14b3ca245fd06ef538005cd3a250904be5b4c",
            "f0d1a8fc27830b899c5789ba2f80dfa9458792a4",
            "846e522ffc157c12ba244c2c8a2c6adb1ed789f7",
            "2a452c17aa2417cd89b5e25e8549f9e09c94a0dc",
            "3cd416efe1e5b7d1679a20a91a73d757d481633b",
            "e0de51f53c6b2711f39f4f29eb58b63a9ebf2c5c",
            "f7837f4f717a9f09cf34fc325061ee8e38d1100a",
            "13a5703d853fbd311e1fcfc5c95d459021781951",
            "2aebf7d849e47ca927de332b82983ba8fe03d062",
            "56bc1485df0ac0c2fe8ae5e0499e50a0580f2522",
            "8d0f911e1d9265a8f362a7a16b893f7c40aee434",
            "dc82e30089dbba31a1d0cf459321486a9b546fa0",
            "4d863b7bd0d7da6ca1108031fd7d7997bf504496",
            "73ba097bf596249068513559225d6e18c1767b47",
            "da109f3af037352af24f935b1ea57ba8a7f26cad",
            "3c52181f613353cc3b8aefbbf637c15a11cb8242",
            "c96cde4e5db0da7e798e2712c2312f2468720a98",
            "52a8c004ca94cf98f6866536de828c71eb42d1ec",
            "b89112c542edcc9cf5af75694c16af28a3e4f12b",
            "c099a20eb8bd084c17d9348bd0f6bef066ea514f",
            "8067e34ec01588d2952d57e21c8c637fd3d3d114",
            "9d4f6b3d3d4feba35ea13097be415bf099b670ce",
            "334b1963711b743bf014502c5513a82a23eb65cc",
            "190e50b08dbd72fd1d9f21f20581fa27a498481c",
            "4c43b0f49880840966cb5df13abeeb19aa8e16d7",
            "9946e299af9e911a54c83626f245dff20127e442",
            "9825a26db570697e058a4580ec3b71ab3d82fc24",
            "f8daab8a96fe2c73974073696d00deb4ffb40d47",
            "88989e66d3a1ab960deb37f3dd7f824d85e1b9bc",
            "c5eef904604b7e22083927bb99ea0c196d4cb8b9",
            "4661c239dc6394aba960ba73144f2a7e3859537f",
            "9303a8f15f6e55931a08542636922c1bf041ad52",
            "9d91f080ced0bbfcbd3c003e2a20c9cdc81bc4ff",
            "99233fde8c4f58853a474a5831ef0bcf6bf866c5",
            "14a7d2f468404e25577dced6982248e80ddce79a",
            "b6a1b889852cd6b365833ce2b04a0c1092867f75",
            "5d6c507d7cfeff97172deedf3db13b5295bcacef",
            "b89cd0cf5cf5deec2ed6fdc0d8ed4e4f3167aeb4",
            "be02944484da197166020d6b3f08a19d7d7d244c",
            "c37b9125ecaad0c100b6851baacf97adfa2339d6",
            "045e9ae4a0fa8bff397b3c4f2614a3e609e6dd66",
            "9744d72c740dd8cdfbb8cb4c58fb235355e0a0b4",
            "74005ed4e0cdbc87ce40c6b79edfd599ba2355e9",
            "1d7207079fc6ab5b2cbfedda3fc8993bc4441b02",
            "8961fd20e6e213bf967db90166e24d38da065807",
            "dd5576b2b3f5667811f882d1f64a11e13164791a",
            "8600e6f3158bafe927706f0613c1520971d16c32",
            "e9c1b0144ae784df9d26f59bfadd8cb2fc3a1d69",
            "6423c8d2613e5130e9c37620773d2173c76f0acd",
            "b48acf4613cc5347ca10b6d6edd6e1b94a5378c4",
            "6c285c1d4964662ac64f0b98620d154caf423d79",
            "312f997de638b8c18f92a59596a984bdb1a06a4e",
            "11d14f2621370a527d2401c8bba10d2408819131",
            "a6044b701c166fe538fc760f9e2dcea3d737cd2a",
            "91a3f162afc90339b1d8f8d2f22d9c4271eddb84",
            "54301f55934f42598b8f7c88effc4bd588e5f3e7",
            "29f5cb6b391eea625c512df1f2ae7d9efccfbae9",
            "087caf69e8cabd8f1f66f6239079b60172c9fb78",
            "21ed4766b1523373b0463af497ef1c6b3b98c2ca",
            "30b33064169e09e1c5daacb38ed461ed5820d0d2",
            "a8a798a7c9b1da5beea8acfec16409d015ad85a7",
            "a4f2e1e1878c1ce541aec24e6e2a690855cc8003",
            "d06a2dab9f185c8cd2c21c0c97342cbdb7b9f38b",
            "12a63757dbde3b0be25b49bc9e7625059088d319",
            "35ae1c48710ff5a4db20645bc98c719cfb695b9a",
            "85cd86999f70339509692b92cf182ec36697edcf",
            "10d49f830b52ed05d9b41e18c8e1ff4a44a85fb3",
            "3f35b26b8b2dcd856b12b985f9091260d5c5bd71",
            "1a37242fa2af5db30ea72b95f948285efcd63d52",
            "b49bd705dcddd496aedb6e797ce8691d276236af",
            "eb2ae34c80f6b8ffb1bdfc55287d967c6e18cd81",
            "39fbf0a90423a1e6e31c6c042acd9aea00793a18",
            "d658fb8a2566cab11600af4db164c5f1f8656116",
            "f4cf808a3d184c556a51cd53d98a2f4ea05acee4",
            "bdff595cad6a42ba9675f99505bebecdb28209f0",
            "9377591781a5346ed84517688787c305ed6554c4",
            "19099e065da7c810f93e83d68c0776c2336e5e03",
            "a1ac9b101571477a81e1cb3c6999f818bbbf0738",
            "54968f68bc2ba50f59a66fba9f6823215a0bc4f6",
            "9455a8ce3aaccceb4c282ef6c84d7edb36dd0d4c",
            "21c344a479a8fd359a9c875f3056a7e72fe4d5fb",
            "00abcf89d9ad026ddce4af0038db7953b01d8b8b",
            "1a246dd54326124df57cb0e8e051f57abb549c9f",
            "07db66a6ef857edee2c731d1b66f42a4f32d9622",
            "d4867a6583c17001a60590684d91237a580e786a",
            "46573774a27c7a4d20d508f1f07ba72d34616bc3",
            "9184d9473d7b5ecb0dddca4052171534523602be",
            "f6593810da73cf8e1cc982d9020850260fc1ff52",
            "a9442e6660e71fd2058310e6155de3ef5e4f5fdf",
            "cee97cb0ccad90c369b10d6a9512d678a0535cac",
            "aaca2848a1e1eefa71ce2987b19abae2d34cf3aa",
            "3125b53b1aef485ed2239d514b131ef80ad577c1",
            "2990f254f030e62ab15b9399e26368aa3e291d15",
            "b19b8a9677ae9e657e0195ac85a4849a67729cf6",
            "e3b14402ebded2a7ec8f38809bf907ac72692ede",
            "37d229d0262b6fa7dfb96184eff3f7882ddd487e",
            "8002fd226367c0882973c69673bf8379df2fc198",
            "a1c3e0db94579f59cc821132f958187339e68d88",
            "4fdec5a8e10f95a5dbfd84cf382f2755f0342fda",
            "ef73d7e235c4d4ab41402835193ac9ba0c4cc485",
            "ad3d14f1da33d00ee3506f12922fb3faf87b65d7",
            "a1d509759b9195a1c022f2eb9585b74d07a0f084",
            "b7e54b0b41757cd36dd03fb29367b385c5fa3be0",
            "d909440c48b7b64b016478de1e6ee78e2faa9e13",
            "2ca9dc306e8c667eb9f00376898be52d8b980c88",
            "031524c73df6fd40b13e89c44e86d4a62d77075b",
            "6fae0d4fa68a85a1d552c5ae3140dd39f7a05c88",
            "fb27b4238cd6c33bd899e240ead4b5fb8a2a24b1",
            "0890cc54a92627c03119654c94c584a2e3c744ca",
            "339edce03ed7fe59ec4a778abff243fa4cabaa23",
            "2329014b6dbc473326291fa6e101e6d63c4dbd25",
            "872663148e00c4d272fc67e8d369a5012ccbac5a",
            "0e3b1262a168d51512014c4f7df6c37edce0f05d",
            "606d9064b0a6abd82da3731fda9f1558ec1f153c",
            "4bd39999a06fa1f710daae54c6cc8ca7d5784f58",
            "562cd20d05e0427e6b18daa279a3a5f3b08c889d",
            "4bbd44784c7c4eede8e53011a2c4981c16598d1f",
            "dc4bd4cece9a6de7926e85a09f152fe4697a8bc5",
            "770e2583907fa38e2b78601a90799b6ae7ab15eb",
            "f34b3b765fb964dee979ac7646b6d609adbeb2ba",
            "aa10040b570386c1ae311c6245b9e21295b2b83a",
            "fff015f4094ab80ff2eb4978f8cdb3711187c50a",
            "5b2be7d9d8444e0a5b706944c878cd0048ef026a",
            "2cd0ee8cf21eecaa9d39d699692284be44cf6ca2",
            "451043367be65468dd96bbf5868af666b25f1663",
            "4fc29224cf362988a741dc07804225f730a326ec",
            "dd6bc28afb3bafdde93ad7ed9f58b3a0aec2be99",
            "1597c68f7b941fd97881155d7f077852e2914e7b",
            "e59984353acde7207aa1115e261847bf4ddd9a8f",
            "ee1000e153e1b7c8f223bb573bb8169d2033f4af",
            "1d3b2589d734dc94a1719a3af40b87ed8319f329"
          ]
        },
        "publicationTime": "2015-08-06T00:00:00Z",
        "disclosureTime": "2015-05-18T15:59:00Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2015-3627"
          ],
          "CWE": [
            "CWE-59"
          ]
        },
        "credit": [
          "Tõnis Tiigi"
        ],
        "CVSSv3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "cvssScore": 8.4,
        "patches": [],
        "upgradePath": []
      }
    ],
    "licenses": []
  },
  "dependencyCount": 28,
  "org": {
    "name": "atokeneduser",
    "id": "689ce7f9-7943-4a71-b704-2ba575f01089"
  },
  "licensesPolicy": null,
  "packageManager": "govendor"
}

Test Gopkg.toml & Gopkg.lock File

post

Test for issues in Go dep files.You can test your Go dep packages for issues according to their manifest file & lockfile using this action. It takes a JSON object containing a "target" Gopkg.toml and a Gopkg.lock.

Required permissions

View Organization
Test Packages

Query parameters

orgstringOptional

The organization to test the package with. See "The Snyk organization for a request" above.

Example: 9695cbb1-3a87-4d6f-8ae1-61a1c37ee9f7

Body

and

anyOptionalExample:

{"encoding":"plain","files":{"target":{"contents":"\"# Gopkg.toml example\\r\\n#\\r\\n# Refer to https://golang.github.io/dep/docs/Gopkg.toml.html\\r\\n# for detailed Gopkg.toml documentation.\\r\\n#\\r\\n# required = [\\\"github.com/user/thing/cmd/thing\\\"]\\r\\n# ignored = [\\\"github.com/user/project/pkgX\\\", \\\"bitbucket.org/user/project/pkgA/pkgY\\\"]\\r\\n#\\r\\n# [[constraint]]\\r\\n#   name = \\\"github.com/user/project\\\"\\r\\n#   version = \\\"1.0.0\\\"\\r\\n#\\r\\n# [[constraint]]\\r\\n#   name = \\\"github.com/user/project2\\\"\\r\\n#   branch = \\\"dev\\\"\\r\\n#   source = \\\"github.com/myfork/project2\\\"\\r\\n#\\r\\n# [[override]]\\r\\n#   name = \\\"github.com/x/y\\\"\\r\\n#   version = \\\"2.4.0\\\"\\r\\n#\\r\\n# [prune]\\r\\n#   non-go = false\\r\\n#   go-tests = true\\r\\n#   unused-packages = true\\r\\n\\r\\n\\r\\n[[constraint]]\\r\\n  branch = \\\"master\\\"\\r\\n  name = \\\"github.com/asaskevich/EventBus\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  branch = \\\"master\\\"\\r\\n  name = \\\"github.com/cloudevents/sdk-go\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"github.com/gin-gonic/gin\\\"\\r\\n  version = \\\"1.3.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"github.com/golang/protobuf\\\"\\r\\n  version = \\\"1.2.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"github.com/goph/emperror\\\"\\r\\n  version = \\\"0.14.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"github.com/goph/logur\\\"\\r\\n  version = \\\"0.5.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"github.com/patrickmn/go-cache\\\"\\r\\n  version = \\\"2.1.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"github.com/pkg/errors\\\"\\r\\n  version = \\\"0.8.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"github.com/satori/go.uuid\\\"\\r\\n  version = \\\"1.2.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"github.com/sirupsen/logrus\\\"\\r\\n  version = \\\"1.2.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"github.com/spf13/cast\\\"\\r\\n  version = \\\"1.3.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"github.com/spf13/pflag\\\"\\r\\n  version = \\\"1.0.3\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"github.com/spf13/viper\\\"\\r\\n  version = \\\"1.3.1\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  branch = \\\"master\\\"\\r\\n  name = \\\"golang.org/x/net\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"google.golang.org/grpc\\\"\\r\\n  version = \\\"1.17.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"gopkg.in/go-playground/validator.v8\\\"\\r\\n  version = \\\"8.18.2\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"gopkg.in/yaml.v2\\\"\\r\\n  version = \\\"2.2.2\\\"\\r\\n\\r\\n[prune]\\r\\n  go-tests = true\\r\\n  unused-packages = true\""},"additional":[{"contents":"\"# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.\\r\\n\\r\\n\\r\\n[[projects]]\\r\\n  branch = \\\"master\\\"\\r\\n  digest = \\\"1:e2a1ff1174d564ed4b75a62757f4a9081ed3b8c99ed17e47eb252b048b4ff018\\\"\\r\\n  name = \\\"github.com/asaskevich/EventBus\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"d46933a94f05c6657d7b923fcf5ac563ee37ec79\\\"\\r\\n\\r\\n[[projects]]\\r\\n  branch = \\\"master\\\"\\r\\n  digest = \\\"1:b95c3763b72359370262246870366418c1d17446195e3c73921135c2537b9655\\\"\\r\\n  name = \\\"github.com/cloudevents/sdk-go\\\"\\r\\n  packages = [\\r\\n    \\\".\\\",\\r\\n    \\\"v02\\\",\\r\\n  ]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"3a3d34a7231e937edfa20964dc25c29081c3ebea\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:abeb38ade3f32a92943e5be54f55ed6d6e3b6602761d74b4aab4c9dd45c18abd\\\"\\r\\n  name = \\\"github.com/fsnotify/fsnotify\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"c2828203cd70a50dcccfb2761f8b1f8ceef9a8e9\\\"\\r\\n  version = \\\"v1.4.7\\\"\\r\\n\\r\\n[[projects]]\\r\\n  branch = \\\"master\\\"\\r\\n  digest = \\\"1:36fe9527deed01d2a317617e59304eb2c4ce9f8a24115bcc5c2e37b3aee5bae4\\\"\\r\\n  name = \\\"github.com/gin-contrib/sse\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"22d885f9ecc78bf4ee5d72b937e4bbcdc58e8cae\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:d5083934eb25e45d17f72ffa86cae3814f4a9d6c073c4f16b64147169b245606\\\"\\r\\n  name = \\\"github.com/gin-gonic/gin\\\"\\r\\n  packages = [\\r\\n    \\\".\\\",\\r\\n    \\\"binding\\\",\\r\\n    \\\"json\\\",\\r\\n    \\\"render\\\",\\r\\n  ]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"b869fe1415e4b9eb52f247441830d502aece2d4d\\\"\\r\\n  version = \\\"v1.3.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:4c0989ca0bcd10799064318923b9bc2db6b4d6338dd75f3f2d86c3511aaaf5cf\\\"\\r\\n  name = \\\"github.com/golang/protobuf\\\"\\r\\n  packages = [\\r\\n    \\\"proto\\\",\\r\\n    \\\"ptypes\\\",\\r\\n    \\\"ptypes/any\\\",\\r\\n    \\\"ptypes/duration\\\",\\r\\n    \\\"ptypes/timestamp\\\",\\r\\n  ]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"aa810b61a9c79d51363740d207bb46cf8e620ed5\\\"\\r\\n  version = \\\"v1.2.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:4e0e5d786c35c402574cda1906195d9fbd76a35d2c921eb10199741faf4f0256\\\"\\r\\n  name = \\\"github.com/goph/emperror\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"b1b4a9b847ebc56299eb729faa942b89e9d8a562\\\"\\r\\n  version = \\\"v0.14.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:dd95856542089c3e0487299d6ac92f5f2941e97625b5a5754a483c7730e8dc89\\\"\\r\\n  name = \\\"github.com/goph/logur\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"111a952ccfacab0a90b9e4496da21d9f15187769\\\"\\r\\n  version = \\\"v0.5.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:c0d19ab64b32ce9fe5cf4ddceba78d5bc9807f0016db6b1183599da3dcc24d10\\\"\\r\\n  name = \\\"github.com/hashicorp/hcl\\\"\\r\\n  packages = [\\r\\n    \\\".\\\",\\r\\n    \\\"hcl/ast\\\",\\r\\n    \\\"hcl/parser\\\",\\r\\n    \\\"hcl/printer\\\",\\r\\n    \\\"hcl/scanner\\\",\\r\\n    \\\"hcl/strconv\\\",\\r\\n    \\\"hcl/token\\\",\\r\\n    \\\"json/parser\\\",\\r\\n    \\\"json/scanner\\\",\\r\\n    \\\"json/token\\\",\\r\\n  ]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"8cb6e5b959231cc1119e43259c4a608f9c51a241\\\"\\r\\n  version = \\\"v1.0.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:be97e109f627d3ba8edfef50c9c74f0d0c17cbe3a2e924a8985e4804a894f282\\\"\\r\\n  name = \\\"github.com/json-iterator/go\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"36b14963da70d11297d313183d7e6388c8510e1e\\\"\\r\\n  version = \\\"1.0.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:0a69a1c0db3591fcefb47f115b224592c8dfa4368b7ba9fae509d5e16cdc95c8\\\"\\r\\n  name = \\\"github.com/konsorten/go-windows-terminal-sequences\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"5c8c8bd35d3832f5d134ae1e1e375b69a4d25242\\\"\\r\\n  version = \\\"v1.0.1\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:c568d7727aa262c32bdf8a3f7db83614f7af0ed661474b24588de635c20024c7\\\"\\r\\n  name = \\\"github.com/magiconair/properties\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"c2353362d570a7bfa228149c62842019201cfb71\\\"\\r\\n  version = \\\"v1.8.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:fa610f9fe6a93f4a75e64c83673dfff9bf1a34bbb21e6102021b6bc7850834a3\\\"\\r\\n  name = \\\"github.com/mattn/go-isatty\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"57fdcb988a5c543893cc61bce354a6e24ab70022\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:53bc4cd4914cd7cd52139990d5170d6dc99067ae31c56530621b18b35fc30318\\\"\\r\\n  name = \\\"github.com/mitchellh/mapstructure\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"3536a929edddb9a5b34bd6861dc4a9647cb459fe\\\"\\r\\n  version = \\\"v1.1.2\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:808cdddf087fb64baeae67b8dfaee2069034d9704923a3cb8bd96a995421a625\\\"\\r\\n  name = \\\"github.com/patrickmn/go-cache\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"a3647f8e31d79543b2d0f0ae2fe5c379d72cedc0\\\"\\r\\n  version = \\\"v2.1.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:95741de3af260a92cc5c7f3f3061e85273f5a81b5db20d4bd68da74bd521675e\\\"\\r\\n  name = \\\"github.com/pelletier/go-toml\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"c01d1270ff3e442a8a57cddc1c92dc1138598194\\\"\\r\\n  version = \\\"v1.2.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:40e195917a951a8bf867cd05de2a46aaf1806c50cf92eebf4c16f78cd196f747\\\"\\r\\n  name = \\\"github.com/pkg/errors\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"645ef00459ed84a119197bfb8d8205042c6df63d\\\"\\r\\n  version = \\\"v0.8.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:274f67cb6fed9588ea2521ecdac05a6d62a8c51c074c1fccc6a49a40ba80e925\\\"\\r\\n  name = \\\"github.com/satori/go.uuid\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"f58768cc1a7a7e77a3bd49e98cdd21419399b6a3\\\"\\r\\n  version = \\\"v1.2.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:69b1cc331fca23d702bd72f860c6a647afd0aa9fcbc1d0659b1365e26546dd70\\\"\\r\\n  name = \\\"github.com/sirupsen/logrus\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"bcd833dfe83d3cebad139e4a29ed79cb2318bf95\\\"\\r\\n  version = \\\"v1.2.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:d707dbc1330c0ed177d4642d6ae102d5e2c847ebd0eb84562d0dc4f024531cfc\\\"\\r\\n  name = \\\"github.com/spf13/afero\\\"\\r\\n  packages = [\\r\\n    \\\".\\\",\\r\\n    \\\"mem\\\",\\r\\n  ]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"a5d6946387efe7d64d09dcba68cdd523dc1273a3\\\"\\r\\n  version = \\\"v1.2.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:08d65904057412fc0270fc4812a1c90c594186819243160dc779a402d4b6d0bc\\\"\\r\\n  name = \\\"github.com/spf13/cast\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"8c9545af88b134710ab1cd196795e7f2388358d7\\\"\\r\\n  version = \\\"v1.3.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:68ea4e23713989dc20b1bded5d9da2c5f9be14ff9885beef481848edd18c26cb\\\"\\r\\n  name = \\\"github.com/spf13/jwalterweatherman\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"4a4406e478ca629068e7768fc33f3f044173c0a6\\\"\\r\\n  version = \\\"v1.0.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:c1b1102241e7f645bc8e0c22ae352e8f0dc6484b6cb4d132fa9f24174e0119e2\\\"\\r\\n  name = \\\"github.com/spf13/pflag\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"298182f68c66c05229eb03ac171abe6e309ee79a\\\"\\r\\n  version = \\\"v1.0.3\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:de37e343c64582d7026bf8ab6ac5b22a72eac54f3a57020db31524affed9f423\\\"\\r\\n  name = \\\"github.com/spf13/viper\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"6d33b5a963d922d182c91e8a1c88d81fd150cfd4\\\"\\r\\n  version = \\\"v1.3.1\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:c268acaa4a4d94a467980e5e91452eb61c460145765293dc0aed48e5e9919cc6\\\"\\r\\n  name = \\\"github.com/ugorji/go\\\"\\r\\n  packages = [\\\"codec\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"c88ee250d0221a57af388746f5cf03768c21d6e2\\\"\\r\\n\\r\\n[[projects]]\\r\\n  branch = \\\"master\\\"\\r\\n  digest = \\\"1:38f553aff0273ad6f367cb0a0f8b6eecbaef8dc6cb8b50e57b6a81c1d5b1e332\\\"\\r\\n  name = \\\"golang.org/x/crypto\\\"\\r\\n  packages = [\\\"ssh/terminal\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"505ab145d0a99da450461ae2c1a9f6cd10d1f447\\\"\\r\\n\\r\\n[[projects]]\\r\\n  branch = \\\"master\\\"\\r\\n  digest = \\\"1:89a0cb976397aa9157a45bb2b896d0bcd07ee095ac975e0f03c53250c402265e\\\"\\r\\n  name = \\\"golang.org/x/net\\\"\\r\\n  packages = [\\r\\n    \\\"context\\\",\\r\\n    \\\"http/httpguts\\\",\\r\\n    \\\"http2\\\",\\r\\n    \\\"http2/hpack\\\",\\r\\n    \\\"idna\\\",\\r\\n    \\\"internal/timeseries\\\",\\r\\n    \\\"trace\\\",\\r\\n  ]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"e147a9138326bc0e9d4e179541ffd8af41cff8a9\\\"\\r\\n\\r\\n[[projects]]\\r\\n  branch = \\\"master\\\"\\r\\n  digest = \\\"1:ba8cbf57cfd92d5f8592b4aca1a35d92c162363d32aeabd5b12555f8896635e7\\\"\\r\\n  name = \\\"golang.org/x/sys\\\"\\r\\n  packages = [\\r\\n    \\\"unix\\\",\\r\\n    \\\"windows\\\",\\r\\n  ]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"4d1cda033e0619309c606fc686de3adcf599539e\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:a2ab62866c75542dd18d2b069fec854577a20211d7c0ea6ae746072a1dccdd18\\\"\\r\\n  name = \\\"golang.org/x/text\\\"\\r\\n  packages = [\\r\\n    \\\"collate\\\",\\r\\n    \\\"collate/build\\\",\\r\\n    \\\"internal/colltab\\\",\\r\\n    \\\"internal/gen\\\",\\r\\n    \\\"internal/tag\\\",\\r\\n    \\\"internal/triegen\\\",\\r\\n    \\\"internal/ucd\\\",\\r\\n    \\\"language\\\",\\r\\n    \\\"secure/bidirule\\\",\\r\\n    \\\"transform\\\",\\r\\n    \\\"unicode/bidi\\\",\\r\\n    \\\"unicode/cldr\\\",\\r\\n    \\\"unicode/norm\\\",\\r\\n    \\\"unicode/rangetable\\\",\\r\\n  ]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"f21a4dfb5e38f5895301dc265a8def02365cc3d0\\\"\\r\\n  version = \\\"v0.3.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  branch = \\\"master\\\"\\r\\n  digest = \\\"1:077c1c599507b3b3e9156d17d36e1e61928ee9b53a5b420f10f28ebd4a0b275c\\\"\\r\\n  name = \\\"google.golang.org/genproto\\\"\\r\\n  packages = [\\\"googleapis/rpc/status\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"bd91e49a0898e27abb88c339b432fa53d7497ac0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:9edd250a3c46675d0679d87540b30c9ed253b19bd1fd1af08f4f5fb3c79fc487\\\"\\r\\n  name = \\\"google.golang.org/grpc\\\"\\r\\n  packages = [\\r\\n    \\\".\\\",\\r\\n    \\\"balancer\\\",\\r\\n    \\\"balancer/base\\\",\\r\\n    \\\"balancer/roundrobin\\\",\\r\\n    \\\"binarylog/grpc_binarylog_v1\\\",\\r\\n    \\\"codes\\\",\\r\\n    \\\"connectivity\\\",\\r\\n    \\\"credentials\\\",\\r\\n    \\\"credentials/internal\\\",\\r\\n    \\\"encoding\\\",\\r\\n    \\\"encoding/proto\\\",\\r\\n    \\\"grpclog\\\",\\r\\n    \\\"internal\\\",\\r\\n    \\\"internal/backoff\\\",\\r\\n    \\\"internal/binarylog\\\",\\r\\n    \\\"internal/channelz\\\",\\r\\n    \\\"internal/envconfig\\\",\\r\\n    \\\"internal/grpcrand\\\",\\r\\n    \\\"internal/grpcsync\\\",\\r\\n    \\\"internal/syscall\\\",\\r\\n    \\\"internal/transport\\\",\\r\\n    \\\"keepalive\\\",\\r\\n    \\\"metadata\\\",\\r\\n    \\\"naming\\\",\\r\\n    \\\"peer\\\",\\r\\n    \\\"resolver\\\",\\r\\n    \\\"resolver/dns\\\",\\r\\n    \\\"resolver/passthrough\\\",\\r\\n    \\\"stats\\\",\\r\\n    \\\"status\\\",\\r\\n    \\\"tap\\\",\\r\\n  ]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"df014850f6dee74ba2fc94874043a9f3f75fbfd8\\\"\\r\\n  version = \\\"v1.17.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:cbc72c4c4886a918d6ab4b95e347ffe259846260f99ebdd8a198c2331cf2b2e9\\\"\\r\\n  name = \\\"gopkg.in/go-playground/validator.v8\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"5f1438d3fca68893a817e4a66806cea46a9e4ebf\\\"\\r\\n  version = \\\"v8.18.2\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:4d2e5a73dc1500038e504a8d78b986630e3626dc027bc030ba5c75da257cdb96\\\"\\r\\n  name = \\\"gopkg.in/yaml.v2\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"51d6538a90f86fe93ac480b35f37b2be17fef232\\\"\\r\\n  version = \\\"v2.2.2\\\"\\r\\n\\r\\n[solve-meta]\\r\\n  analyzer-name = \\\"dep\\\"\\r\\n  analyzer-version = 1\\r\\n  input-imports = [\\r\\n    \\\"github.com/asaskevich/EventBus\\\",\\r\\n    \\\"github.com/cloudevents/sdk-go/v02\\\",\\r\\n    \\\"github.com/gin-gonic/gin\\\",\\r\\n    \\\"github.com/golang/protobuf/proto\\\",\\r\\n    \\\"github.com/goph/emperror\\\",\\r\\n    \\\"github.com/goph/logur\\\",\\r\\n    \\\"github.com/karlseguin/ccache\\\",\\r\\n    \\\"github.com/patrickmn/go-cache\\\",\\r\\n    \\\"github.com/pkg/errors\\\",\\r\\n    \\\"github.com/satori/go.uuid\\\",\\r\\n    \\\"github.com/sirupsen/logrus\\\",\\r\\n    \\\"github.com/spf13/cast\\\",\\r\\n    \\\"github.com/spf13/pflag\\\",\\r\\n    \\\"github.com/spf13/viper\\\",\\r\\n    \\\"golang.org/x/net/context\\\",\\r\\n    \\\"google.golang.org/grpc\\\",\\r\\n    \\\"gopkg.in/go-playground/validator.v8\\\",\\r\\n    \\\"gopkg.in/yaml.v2\\\",\\r\\n  ]\\r\\n  solver-name = \\\"gps-cdcl\\\"\\r\\n  solver-version = 1\""}]}}

Responses

200Success

application/json

post

/test/golangdep

POST /v1/test/golangdep HTTP/1.1
Host: api.snyk.io
Content-Type: application/json
Accept: */*
Content-Length: 16652

{
  "encoding": "plain",
  "files": {
    "target": {
      "contents": "\"# Gopkg.toml example\\r\\n#\\r\\n# Refer to https://golang.github.io/dep/docs/Gopkg.toml.html\\r\\n# for detailed Gopkg.toml documentation.\\r\\n#\\r\\n# required = [\\\"github.com/user/thing/cmd/thing\\\"]\\r\\n# ignored = [\\\"github.com/user/project/pkgX\\\", \\\"bitbucket.org/user/project/pkgA/pkgY\\\"]\\r\\n#\\r\\n# [[constraint]]\\r\\n#   name = \\\"github.com/user/project\\\"\\r\\n#   version = \\\"1.0.0\\\"\\r\\n#\\r\\n# [[constraint]]\\r\\n#   name = \\\"github.com/user/project2\\\"\\r\\n#   branch = \\\"dev\\\"\\r\\n#   source = \\\"github.com/myfork/project2\\\"\\r\\n#\\r\\n# [[override]]\\r\\n#   name = \\\"github.com/x/y\\\"\\r\\n#   version = \\\"2.4.0\\\"\\r\\n#\\r\\n# [prune]\\r\\n#   non-go = false\\r\\n#   go-tests = true\\r\\n#   unused-packages = true\\r\\n\\r\\n\\r\\n[[constraint]]\\r\\n  branch = \\\"master\\\"\\r\\n  name = \\\"github.com/asaskevich/EventBus\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  branch = \\\"master\\\"\\r\\n  name = \\\"github.com/cloudevents/sdk-go\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"github.com/gin-gonic/gin\\\"\\r\\n  version = \\\"1.3.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"github.com/golang/protobuf\\\"\\r\\n  version = \\\"1.2.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"github.com/goph/emperror\\\"\\r\\n  version = \\\"0.14.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"github.com/goph/logur\\\"\\r\\n  version = \\\"0.5.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"github.com/patrickmn/go-cache\\\"\\r\\n  version = \\\"2.1.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"github.com/pkg/errors\\\"\\r\\n  version = \\\"0.8.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"github.com/satori/go.uuid\\\"\\r\\n  version = \\\"1.2.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"github.com/sirupsen/logrus\\\"\\r\\n  version = \\\"1.2.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"github.com/spf13/cast\\\"\\r\\n  version = \\\"1.3.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"github.com/spf13/pflag\\\"\\r\\n  version = \\\"1.0.3\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"github.com/spf13/viper\\\"\\r\\n  version = \\\"1.3.1\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  branch = \\\"master\\\"\\r\\n  name = \\\"golang.org/x/net\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"google.golang.org/grpc\\\"\\r\\n  version = \\\"1.17.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"gopkg.in/go-playground/validator.v8\\\"\\r\\n  version = \\\"8.18.2\\\"\\r\\n\\r\\n[[constraint]]\\r\\n  name = \\\"gopkg.in/yaml.v2\\\"\\r\\n  version = \\\"2.2.2\\\"\\r\\n\\r\\n[prune]\\r\\n  go-tests = true\\r\\n  unused-packages = true\""
    },
    "additional": [
      {
        "contents": "\"# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.\\r\\n\\r\\n\\r\\n[[projects]]\\r\\n  branch = \\\"master\\\"\\r\\n  digest = \\\"1:e2a1ff1174d564ed4b75a62757f4a9081ed3b8c99ed17e47eb252b048b4ff018\\\"\\r\\n  name = \\\"github.com/asaskevich/EventBus\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"d46933a94f05c6657d7b923fcf5ac563ee37ec79\\\"\\r\\n\\r\\n[[projects]]\\r\\n  branch = \\\"master\\\"\\r\\n  digest = \\\"1:b95c3763b72359370262246870366418c1d17446195e3c73921135c2537b9655\\\"\\r\\n  name = \\\"github.com/cloudevents/sdk-go\\\"\\r\\n  packages = [\\r\\n    \\\".\\\",\\r\\n    \\\"v02\\\",\\r\\n  ]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"3a3d34a7231e937edfa20964dc25c29081c3ebea\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:abeb38ade3f32a92943e5be54f55ed6d6e3b6602761d74b4aab4c9dd45c18abd\\\"\\r\\n  name = \\\"github.com/fsnotify/fsnotify\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"c2828203cd70a50dcccfb2761f8b1f8ceef9a8e9\\\"\\r\\n  version = \\\"v1.4.7\\\"\\r\\n\\r\\n[[projects]]\\r\\n  branch = \\\"master\\\"\\r\\n  digest = \\\"1:36fe9527deed01d2a317617e59304eb2c4ce9f8a24115bcc5c2e37b3aee5bae4\\\"\\r\\n  name = \\\"github.com/gin-contrib/sse\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"22d885f9ecc78bf4ee5d72b937e4bbcdc58e8cae\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:d5083934eb25e45d17f72ffa86cae3814f4a9d6c073c4f16b64147169b245606\\\"\\r\\n  name = \\\"github.com/gin-gonic/gin\\\"\\r\\n  packages = [\\r\\n    \\\".\\\",\\r\\n    \\\"binding\\\",\\r\\n    \\\"json\\\",\\r\\n    \\\"render\\\",\\r\\n  ]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"b869fe1415e4b9eb52f247441830d502aece2d4d\\\"\\r\\n  version = \\\"v1.3.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:4c0989ca0bcd10799064318923b9bc2db6b4d6338dd75f3f2d86c3511aaaf5cf\\\"\\r\\n  name = \\\"github.com/golang/protobuf\\\"\\r\\n  packages = [\\r\\n    \\\"proto\\\",\\r\\n    \\\"ptypes\\\",\\r\\n    \\\"ptypes/any\\\",\\r\\n    \\\"ptypes/duration\\\",\\r\\n    \\\"ptypes/timestamp\\\",\\r\\n  ]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"aa810b61a9c79d51363740d207bb46cf8e620ed5\\\"\\r\\n  version = \\\"v1.2.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:4e0e5d786c35c402574cda1906195d9fbd76a35d2c921eb10199741faf4f0256\\\"\\r\\n  name = \\\"github.com/goph/emperror\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"b1b4a9b847ebc56299eb729faa942b89e9d8a562\\\"\\r\\n  version = \\\"v0.14.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:dd95856542089c3e0487299d6ac92f5f2941e97625b5a5754a483c7730e8dc89\\\"\\r\\n  name = \\\"github.com/goph/logur\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"111a952ccfacab0a90b9e4496da21d9f15187769\\\"\\r\\n  version = \\\"v0.5.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:c0d19ab64b32ce9fe5cf4ddceba78d5bc9807f0016db6b1183599da3dcc24d10\\\"\\r\\n  name = \\\"github.com/hashicorp/hcl\\\"\\r\\n  packages = [\\r\\n    \\\".\\\",\\r\\n    \\\"hcl/ast\\\",\\r\\n    \\\"hcl/parser\\\",\\r\\n    \\\"hcl/printer\\\",\\r\\n    \\\"hcl/scanner\\\",\\r\\n    \\\"hcl/strconv\\\",\\r\\n    \\\"hcl/token\\\",\\r\\n    \\\"json/parser\\\",\\r\\n    \\\"json/scanner\\\",\\r\\n    \\\"json/token\\\",\\r\\n  ]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"8cb6e5b959231cc1119e43259c4a608f9c51a241\\\"\\r\\n  version = \\\"v1.0.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:be97e109f627d3ba8edfef50c9c74f0d0c17cbe3a2e924a8985e4804a894f282\\\"\\r\\n  name = \\\"github.com/json-iterator/go\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"36b14963da70d11297d313183d7e6388c8510e1e\\\"\\r\\n  version = \\\"1.0.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:0a69a1c0db3591fcefb47f115b224592c8dfa4368b7ba9fae509d5e16cdc95c8\\\"\\r\\n  name = \\\"github.com/konsorten/go-windows-terminal-sequences\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"5c8c8bd35d3832f5d134ae1e1e375b69a4d25242\\\"\\r\\n  version = \\\"v1.0.1\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:c568d7727aa262c32bdf8a3f7db83614f7af0ed661474b24588de635c20024c7\\\"\\r\\n  name = \\\"github.com/magiconair/properties\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"c2353362d570a7bfa228149c62842019201cfb71\\\"\\r\\n  version = \\\"v1.8.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:fa610f9fe6a93f4a75e64c83673dfff9bf1a34bbb21e6102021b6bc7850834a3\\\"\\r\\n  name = \\\"github.com/mattn/go-isatty\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"57fdcb988a5c543893cc61bce354a6e24ab70022\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:53bc4cd4914cd7cd52139990d5170d6dc99067ae31c56530621b18b35fc30318\\\"\\r\\n  name = \\\"github.com/mitchellh/mapstructure\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"3536a929edddb9a5b34bd6861dc4a9647cb459fe\\\"\\r\\n  version = \\\"v1.1.2\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:808cdddf087fb64baeae67b8dfaee2069034d9704923a3cb8bd96a995421a625\\\"\\r\\n  name = \\\"github.com/patrickmn/go-cache\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"a3647f8e31d79543b2d0f0ae2fe5c379d72cedc0\\\"\\r\\n  version = \\\"v2.1.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:95741de3af260a92cc5c7f3f3061e85273f5a81b5db20d4bd68da74bd521675e\\\"\\r\\n  name = \\\"github.com/pelletier/go-toml\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"c01d1270ff3e442a8a57cddc1c92dc1138598194\\\"\\r\\n  version = \\\"v1.2.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:40e195917a951a8bf867cd05de2a46aaf1806c50cf92eebf4c16f78cd196f747\\\"\\r\\n  name = \\\"github.com/pkg/errors\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"645ef00459ed84a119197bfb8d8205042c6df63d\\\"\\r\\n  version = \\\"v0.8.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:274f67cb6fed9588ea2521ecdac05a6d62a8c51c074c1fccc6a49a40ba80e925\\\"\\r\\n  name = \\\"github.com/satori/go.uuid\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"f58768cc1a7a7e77a3bd49e98cdd21419399b6a3\\\"\\r\\n  version = \\\"v1.2.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:69b1cc331fca23d702bd72f860c6a647afd0aa9fcbc1d0659b1365e26546dd70\\\"\\r\\n  name = \\\"github.com/sirupsen/logrus\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"bcd833dfe83d3cebad139e4a29ed79cb2318bf95\\\"\\r\\n  version = \\\"v1.2.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:d707dbc1330c0ed177d4642d6ae102d5e2c847ebd0eb84562d0dc4f024531cfc\\\"\\r\\n  name = \\\"github.com/spf13/afero\\\"\\r\\n  packages = [\\r\\n    \\\".\\\",\\r\\n    \\\"mem\\\",\\r\\n  ]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"a5d6946387efe7d64d09dcba68cdd523dc1273a3\\\"\\r\\n  version = \\\"v1.2.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:08d65904057412fc0270fc4812a1c90c594186819243160dc779a402d4b6d0bc\\\"\\r\\n  name = \\\"github.com/spf13/cast\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"8c9545af88b134710ab1cd196795e7f2388358d7\\\"\\r\\n  version = \\\"v1.3.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:68ea4e23713989dc20b1bded5d9da2c5f9be14ff9885beef481848edd18c26cb\\\"\\r\\n  name = \\\"github.com/spf13/jwalterweatherman\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"4a4406e478ca629068e7768fc33f3f044173c0a6\\\"\\r\\n  version = \\\"v1.0.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:c1b1102241e7f645bc8e0c22ae352e8f0dc6484b6cb4d132fa9f24174e0119e2\\\"\\r\\n  name = \\\"github.com/spf13/pflag\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"298182f68c66c05229eb03ac171abe6e309ee79a\\\"\\r\\n  version = \\\"v1.0.3\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:de37e343c64582d7026bf8ab6ac5b22a72eac54f3a57020db31524affed9f423\\\"\\r\\n  name = \\\"github.com/spf13/viper\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"6d33b5a963d922d182c91e8a1c88d81fd150cfd4\\\"\\r\\n  version = \\\"v1.3.1\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:c268acaa4a4d94a467980e5e91452eb61c460145765293dc0aed48e5e9919cc6\\\"\\r\\n  name = \\\"github.com/ugorji/go\\\"\\r\\n  packages = [\\\"codec\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"c88ee250d0221a57af388746f5cf03768c21d6e2\\\"\\r\\n\\r\\n[[projects]]\\r\\n  branch = \\\"master\\\"\\r\\n  digest = \\\"1:38f553aff0273ad6f367cb0a0f8b6eecbaef8dc6cb8b50e57b6a81c1d5b1e332\\\"\\r\\n  name = \\\"golang.org/x/crypto\\\"\\r\\n  packages = [\\\"ssh/terminal\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"505ab145d0a99da450461ae2c1a9f6cd10d1f447\\\"\\r\\n\\r\\n[[projects]]\\r\\n  branch = \\\"master\\\"\\r\\n  digest = \\\"1:89a0cb976397aa9157a45bb2b896d0bcd07ee095ac975e0f03c53250c402265e\\\"\\r\\n  name = \\\"golang.org/x/net\\\"\\r\\n  packages = [\\r\\n    \\\"context\\\",\\r\\n    \\\"http/httpguts\\\",\\r\\n    \\\"http2\\\",\\r\\n    \\\"http2/hpack\\\",\\r\\n    \\\"idna\\\",\\r\\n    \\\"internal/timeseries\\\",\\r\\n    \\\"trace\\\",\\r\\n  ]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"e147a9138326bc0e9d4e179541ffd8af41cff8a9\\\"\\r\\n\\r\\n[[projects]]\\r\\n  branch = \\\"master\\\"\\r\\n  digest = \\\"1:ba8cbf57cfd92d5f8592b4aca1a35d92c162363d32aeabd5b12555f8896635e7\\\"\\r\\n  name = \\\"golang.org/x/sys\\\"\\r\\n  packages = [\\r\\n    \\\"unix\\\",\\r\\n    \\\"windows\\\",\\r\\n  ]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"4d1cda033e0619309c606fc686de3adcf599539e\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:a2ab62866c75542dd18d2b069fec854577a20211d7c0ea6ae746072a1dccdd18\\\"\\r\\n  name = \\\"golang.org/x/text\\\"\\r\\n  packages = [\\r\\n    \\\"collate\\\",\\r\\n    \\\"collate/build\\\",\\r\\n    \\\"internal/colltab\\\",\\r\\n    \\\"internal/gen\\\",\\r\\n    \\\"internal/tag\\\",\\r\\n    \\\"internal/triegen\\\",\\r\\n    \\\"internal/ucd\\\",\\r\\n    \\\"language\\\",\\r\\n    \\\"secure/bidirule\\\",\\r\\n    \\\"transform\\\",\\r\\n    \\\"unicode/bidi\\\",\\r\\n    \\\"unicode/cldr\\\",\\r\\n    \\\"unicode/norm\\\",\\r\\n    \\\"unicode/rangetable\\\",\\r\\n  ]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"f21a4dfb5e38f5895301dc265a8def02365cc3d0\\\"\\r\\n  version = \\\"v0.3.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  branch = \\\"master\\\"\\r\\n  digest = \\\"1:077c1c599507b3b3e9156d17d36e1e61928ee9b53a5b420f10f28ebd4a0b275c\\\"\\r\\n  name = \\\"google.golang.org/genproto\\\"\\r\\n  packages = [\\\"googleapis/rpc/status\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"bd91e49a0898e27abb88c339b432fa53d7497ac0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:9edd250a3c46675d0679d87540b30c9ed253b19bd1fd1af08f4f5fb3c79fc487\\\"\\r\\n  name = \\\"google.golang.org/grpc\\\"\\r\\n  packages = [\\r\\n    \\\".\\\",\\r\\n    \\\"balancer\\\",\\r\\n    \\\"balancer/base\\\",\\r\\n    \\\"balancer/roundrobin\\\",\\r\\n    \\\"binarylog/grpc_binarylog_v1\\\",\\r\\n    \\\"codes\\\",\\r\\n    \\\"connectivity\\\",\\r\\n    \\\"credentials\\\",\\r\\n    \\\"credentials/internal\\\",\\r\\n    \\\"encoding\\\",\\r\\n    \\\"encoding/proto\\\",\\r\\n    \\\"grpclog\\\",\\r\\n    \\\"internal\\\",\\r\\n    \\\"internal/backoff\\\",\\r\\n    \\\"internal/binarylog\\\",\\r\\n    \\\"internal/channelz\\\",\\r\\n    \\\"internal/envconfig\\\",\\r\\n    \\\"internal/grpcrand\\\",\\r\\n    \\\"internal/grpcsync\\\",\\r\\n    \\\"internal/syscall\\\",\\r\\n    \\\"internal/transport\\\",\\r\\n    \\\"keepalive\\\",\\r\\n    \\\"metadata\\\",\\r\\n    \\\"naming\\\",\\r\\n    \\\"peer\\\",\\r\\n    \\\"resolver\\\",\\r\\n    \\\"resolver/dns\\\",\\r\\n    \\\"resolver/passthrough\\\",\\r\\n    \\\"stats\\\",\\r\\n    \\\"status\\\",\\r\\n    \\\"tap\\\",\\r\\n  ]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"df014850f6dee74ba2fc94874043a9f3f75fbfd8\\\"\\r\\n  version = \\\"v1.17.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:cbc72c4c4886a918d6ab4b95e347ffe259846260f99ebdd8a198c2331cf2b2e9\\\"\\r\\n  name = \\\"gopkg.in/go-playground/validator.v8\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"5f1438d3fca68893a817e4a66806cea46a9e4ebf\\\"\\r\\n  version = \\\"v8.18.2\\\"\\r\\n\\r\\n[[projects]]\\r\\n  digest = \\\"1:4d2e5a73dc1500038e504a8d78b986630e3626dc027bc030ba5c75da257cdb96\\\"\\r\\n  name = \\\"gopkg.in/yaml.v2\\\"\\r\\n  packages = [\\\".\\\"]\\r\\n  pruneopts = \\\"UT\\\"\\r\\n  revision = \\\"51d6538a90f86fe93ac480b35f37b2be17fef232\\\"\\r\\n  version = \\\"v2.2.2\\\"\\r\\n\\r\\n[solve-meta]\\r\\n  analyzer-name = \\\"dep\\\"\\r\\n  analyzer-version = 1\\r\\n  input-imports = [\\r\\n    \\\"github.com/asaskevich/EventBus\\\",\\r\\n    \\\"github.com/cloudevents/sdk-go/v02\\\",\\r\\n    \\\"github.com/gin-gonic/gin\\\",\\r\\n    \\\"github.com/golang/protobuf/proto\\\",\\r\\n    \\\"github.com/goph/emperror\\\",\\r\\n    \\\"github.com/goph/logur\\\",\\r\\n    \\\"github.com/karlseguin/ccache\\\",\\r\\n    \\\"github.com/patrickmn/go-cache\\\",\\r\\n    \\\"github.com/pkg/errors\\\",\\r\\n    \\\"github.com/satori/go.uuid\\\",\\r\\n    \\\"github.com/sirupsen/logrus\\\",\\r\\n    \\\"github.com/spf13/cast\\\",\\r\\n    \\\"github.com/spf13/pflag\\\",\\r\\n    \\\"github.com/spf13/viper\\\",\\r\\n    \\\"golang.org/x/net/context\\\",\\r\\n    \\\"google.golang.org/grpc\\\",\\r\\n    \\\"gopkg.in/go-playground/validator.v8\\\",\\r\\n    \\\"gopkg.in/yaml.v2\\\",\\r\\n  ]\\r\\n  solver-name = \\\"gps-cdcl\\\"\\r\\n  solver-version = 1\""
      }
    ]
  }
}

200Success

{
  "ok": false,
  "issues": {
    "vulnerabilities": [
      {
        "id": "SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488",
        "url": "http://localhost:34612/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488",
        "title": "Insecure Randomness",
        "type": "vuln",
        "description": "## Overview\n[github.com/satori/go.uuid](https://github.com/satori/go.uuid) provides pure Go implementation of Universally Unique Identifier (UUID).\r\n\r\nAffected versions of this package are vulnerable to Insecure Randomness producing predictable `UUID` identifiers due to the limited number of bytes read when using the `g.rand.Read` function.\r\n \r\n## Disclosure Timeline\r\n* Jun 3th, 2018 - The vulnerability introduced by replacing the function `rand.Read()` with the function `g.rand.Read()` (https://github.com/satori/go.uuid/commit/0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c)\r\n* Mar 23th, 2018- An issue was reported.\r\n* Oct 16th, 2018 Issue fixed\r\n\r\n## Remediation\r\nA fix was merged into the master branch but not yet published.\n\n## References\n- [GitHub Commit](https://github.com/satori/go.uuid/commit/d91630c8510268e75203009fe7daf2b8e1d60c45)\n- [Github Issue](https://github.com/satori/go.uuid/issues/73)\n",
        "functions": [],
        "from": [
          "github.com/satori/[email protected]"
        ],
        "package": "github.com/satori/go.uuid",
        "version": "v1.2.0",
        "severity": "high",
        "exploitMaturity": "no-known-exploit",
        "language": "golang",
        "packageManager": "golang",
        "semver": {
          "hashesRange": [
            ">=0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c <d91630c8510268e75203009fe7daf2b8e1d60c45"
          ],
          "vulnerable": [
            "=1.2.0"
          ],
          "vulnerableHashes": [
            "c596ec57260fd2ad47b2ae6809d6890a2f99c3b2",
            "36e9d2ebbde5e3f13ab2e25625fd453271d6522e",
            "f6920249aa08fc2a2c2e8274ea9648d0bb1e9364",
            "0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c"
          ]
        },
        "publicationTime": "2018-10-24T08:56:41Z",
        "disclosureTime": "2018-03-23T08:57:24Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [],
          "CWE": [
            "CWE-338"
          ]
        },
        "credit": [
          "josselin-c"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "cvssScore": 8.1,
        "patches": [],
        "upgradePath": []
      }
    ],
    "licenses": [
      {
        "id": "snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0",
        "url": "http://localhost:34612/vuln/snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0",
        "title": "MPL-2.0 license",
        "type": "license",
        "from": [
          "github.com/hashicorp/hcl/json/[email protected]"
        ],
        "package": "github.com/hashicorp/hcl/json/token",
        "version": "v1.0.0",
        "severity": "medium",
        "language": "golang",
        "packageManager": "golang",
        "semver": {
          "vulnerable": [
            ">=0"
          ],
          "vulnerableHashes": [
            "*"
          ]
        }
      },
      {
        "id": "snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0",
        "url": "http://localhost:34612/vuln/snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0",
        "title": "MPL-2.0 license",
        "type": "license",
        "from": [
          "github.com/hashicorp/hcl/json/[email protected]"
        ],
        "package": "github.com/hashicorp/hcl/json/scanner",
        "version": "v1.0.0",
        "severity": "medium",
        "language": "golang",
        "packageManager": "golang",
        "semver": {
          "vulnerable": [
            ">=0"
          ],
          "vulnerableHashes": [
            "*"
          ]
        }
      },
      {
        "id": "snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0",
        "url": "http://localhost:34612/vuln/snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0",
        "title": "MPL-2.0 license",
        "type": "license",
        "from": [
          "github.com/hashicorp/hcl/json/[email protected]"
        ],
        "package": "github.com/hashicorp/hcl/json/parser",
        "version": "v1.0.0",
        "severity": "medium",
        "language": "golang",
        "packageManager": "golang",
        "semver": {
          "vulnerable": [
            ">=0"
          ],
          "vulnerableHashes": [
            "*"
          ]
        }
      },
      {
        "id": "snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0",
        "url": "http://localhost:34612/vuln/snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0",
        "title": "MPL-2.0 license",
        "type": "license",
        "from": [
          "github.com/hashicorp/hcl/hcl/[email protected]"
        ],
        "package": "github.com/hashicorp/hcl/hcl/token",
        "version": "v1.0.0",
        "severity": "medium",
        "language": "golang",
        "packageManager": "golang",
        "semver": {
          "vulnerable": [
            ">=0"
          ],
          "vulnerableHashes": [
            "*"
          ]
        }
      },
      {
        "id": "snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0",
        "url": "http://localhost:34612/vuln/snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0",
        "title": "MPL-2.0 license",
        "type": "license",
        "from": [
          "github.com/hashicorp/hcl/hcl/[email protected]"
        ],
        "package": "github.com/hashicorp/hcl/hcl/strconv",
        "version": "v1.0.0",
        "severity": "medium",
        "language": "golang",
        "packageManager": "golang",
        "semver": {
          "vulnerable": [
            ">=0"
          ],
          "vulnerableHashes": [
            "*"
          ]
        }
      },
      {
        "id": "snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0",
        "url": "http://localhost:34612/vuln/snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0",
        "title": "MPL-2.0 license",
        "type": "license",
        "from": [
          "github.com/hashicorp/hcl/hcl/[email protected]"
        ],
        "package": "github.com/hashicorp/hcl/hcl/scanner",
        "version": "v1.0.0",
        "severity": "medium",
        "language": "golang",
        "packageManager": "golang",
        "semver": {
          "vulnerable": [
            ">=0"
          ],
          "vulnerableHashes": [
            "*"
          ]
        }
      },
      {
        "id": "snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0",
        "url": "http://localhost:34612/vuln/snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0",
        "title": "MPL-2.0 license",
        "type": "license",
        "from": [
          "github.com/hashicorp/hcl/hcl/[email protected]"
        ],
        "package": "github.com/hashicorp/hcl/hcl/printer",
        "version": "v1.0.0",
        "severity": "medium",
        "language": "golang",
        "packageManager": "golang",
        "semver": {
          "vulnerable": [
            ">=0"
          ],
          "vulnerableHashes": [
            "*"
          ]
        }
      },
      {
        "id": "snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0",
        "url": "http://localhost:34612/vuln/snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0",
        "title": "MPL-2.0 license",
        "type": "license",
        "from": [
          "github.com/hashicorp/hcl/hcl/[email protected]"
        ],
        "package": "github.com/hashicorp/hcl/hcl/parser",
        "version": "v1.0.0",
        "severity": "medium",
        "language": "golang",
        "packageManager": "golang",
        "semver": {
          "vulnerable": [
            ">=0"
          ],
          "vulnerableHashes": [
            "*"
          ]
        }
      },
      {
        "id": "snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0",
        "url": "http://localhost:34612/vuln/snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0",
        "title": "MPL-2.0 license",
        "type": "license",
        "from": [
          "github.com/hashicorp/hcl/hcl/[email protected]"
        ],
        "package": "github.com/hashicorp/hcl/hcl/ast",
        "version": "v1.0.0",
        "severity": "medium",
        "language": "golang",
        "packageManager": "golang",
        "semver": {
          "vulnerable": [
            ">=0"
          ],
          "vulnerableHashes": [
            "*"
          ]
        }
      },
      {
        "id": "snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0",
        "url": "http://localhost:34612/vuln/snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0",
        "title": "MPL-2.0 license",
        "type": "license",
        "from": [
          "github.com/hashicorp/[email protected]"
        ],
        "package": "github.com/hashicorp/hcl",
        "version": "v1.0.0",
        "severity": "medium",
        "language": "golang",
        "packageManager": "golang",
        "semver": {
          "vulnerable": [
            ">=0"
          ],
          "vulnerableHashes": [
            "*"
          ]
        }
      }
    ]
  },
  "dependencyCount": 101,
  "org": {
    "name": "atokeneduser",
    "id": "689ce7f9-7943-4a71-b704-2ba575f01089"
  },
  "licensesPolicy": null,
  "packageManager": "golangdep"
}

Test Dep Graph

post

Test for issues in a Snyk dependency graph.

Experimental! Note these endpoints are subject to change and only available to selected users. Please contact [email protected] to request access.

The following package managers are supported:

deb
gomodules
gradle
maven
nuget
paket
pip
rpm
rubygems
cocoapods
npm
yarnUse this endpoint to find issues in a DepGraph data object.

Required permissions

View Organization
View Project
View Project Snapshot
Test Project

Query parameters

orgstringOptional

The organization to test the package with. See "The Snyk organization for a request" above.

Example: 9695cbb1-3a87-4d6f-8ae1-61a1c37ee9f7

Body

and

anyOptionalExample:

{"depGraph":{"schemaVersion":"1.2.0","pkgManager":{"name":"maven"},"pkgs":[{"id":"[email protected]","info":{"name":"app","version":"1.0.0"}},{"id":"ch.qos.logback:[email protected]","info":{"name":"ch.qos.logback:logback-core","version":"1.0.13"}}],"graph":{"rootNodeId":"root-node","nodes":[{"nodeId":"root-node","pkgId":"[email protected]","deps":[{"nodeId":"ch.qos.logback:[email protected]"}]},{"nodeId":"ch.qos.logback:[email protected]","pkgId":"ch.qos.logback:[email protected]","deps":[]}]}}}

Responses

200Success

application/json

post

/test/dep-graph

POST /v1/test/dep-graph HTTP/1.1
Host: api.snyk.io
Content-Type: application/json
Accept: */*
Content-Length: 493

{
  "depGraph": {
    "schemaVersion": "1.2.0",
    "pkgManager": {
      "name": "maven"
    },
    "pkgs": [
      {
        "id": "[email protected]",
        "info": {
          "name": "app",
          "version": "1.0.0"
        }
      },
      {
        "id": "ch.qos.logback:[email protected]",
        "info": {
          "name": "ch.qos.logback:logback-core",
          "version": "1.0.13"
        }
      }
    ],
    "graph": {
      "rootNodeId": "root-node",
      "nodes": [
        {
          "nodeId": "root-node",
          "pkgId": "[email protected]",
          "deps": [
            {
              "nodeId": "ch.qos.logback:[email protected]"
            }
          ]
        },
        {
          "nodeId": "ch.qos.logback:[email protected]",
          "pkgId": "ch.qos.logback:[email protected]",
          "deps": []
        }
      ]
    }
  }
}

200Success

{
  "ok": false,
  "packageManager": "maven",
  "issuesData": {
    "SNYK-JAVA-CHQOSLOGBACK-30208": {
      "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "credit": [
        "Unknown"
      ],
      "cvssScore": 9.8,
      "description": "## Overview\n\n[ch.qos.logback:logback-core](https://mvnrepository.com/artifact/ch.qos.logback/logback-core) is a logback-core module.\n\n\nAffected versions of this package are vulnerable to Arbitrary Code Execution.\nA configuration can be turned on to allow remote logging through interfaces that accept untrusted serialized data. Authenticated attackers on the adjacent network can exploit this vulnerability to run arbitrary code through the deserialization of custom gadget chains.\n\n## Details\nSerialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like _Remote Method Invocation (RMI)_, _Java Management Extension (JMX)_, _Java Messaging System (JMS)_, _Action Message Format (AMF)_, _Java Server Faces (JSF) ViewState_, etc.\r\n\r\n  \r\n\r\n_Deserialization of untrusted data_ ([CWE-502](https://cwe.mitre.org/data/definitions/502.html)), is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution.\r\n\r\n  \r\n\r\nJava deserialization issues have been known for years. However, interest in the issue intensified greatly in 2015, when classes that could be abused to achieve remote code execution were found in a [popular library (Apache Commons Collection)](https://snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-30078). These classes were used in zero-days affecting IBM WebSphere, Oracle WebLogic and many other products.\r\n\r\n  \r\n\r\nAn attacker just needs to identify a piece of software that has both a vulnerable class on its path, and performs deserialization on untrusted data. Then all they need to do is send the payload into the deserializer, getting the command executed.\r\n\r\n  \r\n\r\n> Developers put too much trust in Java Object Serialization. Some even de-serialize objects pre-authentication. When deserializing an Object in Java you typically cast it to an expected type, and therefore Java's strict type system will ensure you only get valid object trees. Unfortunately, by the time the type checking happens, platform code has already created and executed significant logic. So, before the final type is checked a lot of code is executed from the readObject() methods of various objects, all of which is out of the developer's control. By combining the readObject() methods of various classes which are available on the classpath of the vulnerable application an attacker can execute functions (including calling Runtime.exec() to execute local OS commands).\r\n\r\n- Apache Blog\r\n\r\n  \r\n\r\nThe vulnerability, also know as _Mad Gadget_\r\n\r\n> Mad Gadget is one of the most pernicious vulnerabilities we’ve seen. By merely existing on the Java classpath, seven “gadget” classes in Apache Commons Collections (versions 3.0, 3.1, 3.2, 3.2.1, and 4.0) make object deserialization for the entire JVM process Turing complete with an exec function. Since many business applications use object deserialization to send messages across the network, it would be like hiring a bank teller who was trained to hand over all the money in the vault if asked to do so politely, and then entrusting that teller with the key. The only thing that would keep a bank safe in such a circumstance is that most people wouldn’t consider asking such a question.\r\n\r\n- Google\n\n## Remediation\n\nUpgrade `ch.qos.logback:logback-core` to version 1.1.11 or higher.\n\n\n## References\n\n- [Logback News](https://logback.qos.ch/news.html)\n\n- [NVD](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5929/)\n",
      "disclosureTime": "2017-03-13T06:59:00Z",
      "fixedIn": [
        "1.1.11"
      ],
      "id": "SNYK-JAVA-CHQOSLOGBACK-30208",
      "identifiers": {
        "CVE": [
          "CVE-2017-5929"
        ],
        "CWE": [
          "CWE-502"
        ]
      },
      "language": "java",
      "mavenModuleName": {
        "artifactId": "logback-core",
        "groupId": "ch.qos.logback"
      },
      "moduleName": "ch.qos.logback:logback-core",
      "packageManager": "maven",
      "packageName": "ch.qos.logback:logback-core",
      "patches": [],
      "semver": {
        "vulnerable": [
          "[, 1.1.11)"
        ]
      },
      "severity": "critical",
      "title": "Arbitrary Code Execution"
    }
  },
  "issues": [
    {
      "pkgName": "ch.qos.logback:logback-core",
      "pkgVersion": "1.0.13",
      "issueId": "SNYK-JAVA-CHQOSLOGBACK-30208",
      "fixInfo": {}
    }
  ],
  "org": {
    "name": "atokeneduser",
    "id": "4a18d42f-0706-4ad0-b127-24078731fbed"
  }
}

Test composer.json & composer.lock file

post

Test for issues in PHP composer.json and composer.lock files.You can test your Composer packages for issues according to their manifest file & lockfile using this action. It takes a JSON object containing a "target" composer.json and a composer.lock.

Required permissions

View Organization
Test Packages

Query parameters

orgstringOptional

The organization to test the package with. See "The Snyk organization for a request" above.

Example: 9695cbb1-3a87-4d6f-8ae1-61a1c37ee9f7

Body

and

anyOptionalExample:

{"encoding":"plain","files":{"target":{"contents":"{\"name\": \"vulnerable/project\",\"description\": \"A sample vulnerable project\",\"require\": {\"php\": \">=5.3.2\",\"symfony/symfony\": \"v2.3.1\",\"yiisoft/yii\": \"1.1.14\",\"zendframework/zendframework\": \"2.1.0\",\"aws/aws-sdk-php\": \"3.0.0\",\"doctrine/common\": \"2.5.0\"}}"},"additional":[{"contents":"{\"_readme\":[\"This file locks the dependencies of your project to a known state\",\"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file\",\"This file is @generated automatically\"],\"content-hash\":\"3a3771e545494c4c098e639bd68602ba\",\"packages\":[{\"name\":\"aws/aws-sdk-php\",\"version\":\"3.0.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/aws/aws-sdk-php.git\",\"reference\":\"4018c8f14a9e53003bb0417fa859c6a7ad57b53b\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/aws/aws-sdk-php/zipball/4018c8f14a9e53003bb0417fa859c6a7ad57b53b\",\"reference\":\"4018c8f14a9e53003bb0417fa859c6a7ad57b53b\",\"shasum\":\"\"},\"require\":{\"guzzlehttp/guzzle\":\"^5.3 || ^6.0.1\",\"guzzlehttp/promises\":\"^1.0.0\",\"guzzlehttp/psr7\":\"^1.0.0\",\"mtdowling/jmespath.php\":\"^2.2\",\"php\":\">=5.5\"},\"require-dev\":{\"ext-dom\":\"*\",\"ext-json\":\"*\",\"ext-openssl\":\"*\",\"ext-pcre\":\"*\",\"ext-simplexml\":\"*\",\"ext-spl\":\"*\",\"phpunit/phpunit\":\"^4.0\"},\"suggest\":{\"ext-curl\":\"To send requests using cURL\",\"ext-openssl\":\"Allows working with CloudFront private distributions and verifying received SNS messages\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"3.0-dev\"}},\"autoload\":{\"psr-4\":{\"Aws\\\":\"src/\"},\"files\":[\"src/functions.php\"]},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"Apache-2.0\"],\"authors\":[{\"name\":\"Amazon Web Services\",\"homepage\":\"http://aws.amazon.com\"}],\"description\":\"AWS SDK for PHP - Use Amazon Web Services in your PHP project\",\"homepage\":\"http://aws.amazon.com/sdkforphp\",\"keywords\":[\"amazon\",\"aws\",\"cloud\",\"dynamodb\",\"ec2\",\"glacier\",\"s3\",\"sdk\"],\"time\":\"2015-05-27T20:07:42+00:00\"},{\"name\":\"doctrine/annotations\",\"version\":\"v1.5.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/doctrine/annotations.git\",\"reference\":\"5beebb01b025c94e93686b7a0ed3edae81fe3e7f\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/doctrine/annotations/zipball/5beebb01b025c94e93686b7a0ed3edae81fe3e7f\",\"reference\":\"5beebb01b025c94e93686b7a0ed3edae81fe3e7f\",\"shasum\":\"\"},\"require\":{\"doctrine/lexer\":\"1.*\",\"php\":\"^7.1\"},\"require-dev\":{\"doctrine/cache\":\"1.*\",\"phpunit/phpunit\":\"^5.7\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.5.x-dev\"}},\"autoload\":{\"psr-4\":{\"Doctrine\\Common\\Annotations\\\":\"lib/Doctrine/Common/Annotations\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Roman Borschel\",\"email\":\"[email protected]\"},{\"name\":\"Benjamin Eberlei\",\"email\":\"[email protected]\"},{\"name\":\"Guilherme Blanco\",\"email\":\"[email protected]\"},{\"name\":\"Jonathan Wage\",\"email\":\"[email protected]\"},{\"name\":\"Johannes Schmitt\",\"email\":\"[email protected]\"}],\"description\":\"Docblock Annotations Parser\",\"homepage\":\"http://www.doctrine-project.org\",\"keywords\":[\"annotations\",\"docblock\",\"parser\"],\"time\":\"2017-07-22T10:58:02+00:00\"},{\"name\":\"doctrine/cache\",\"version\":\"v1.7.1\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/doctrine/cache.git\",\"reference\":\"b3217d58609e9c8e661cd41357a54d926c4a2a1a\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/doctrine/cache/zipball/b3217d58609e9c8e661cd41357a54d926c4a2a1a\",\"reference\":\"b3217d58609e9c8e661cd41357a54d926c4a2a1a\",\"shasum\":\"\"},\"require\":{\"php\":\"~7.1\"},\"conflict\":{\"doctrine/common\":\">2.2,<2.4\"},\"require-dev\":{\"alcaeus/mongo-php-adapter\":\"^1.1\",\"mongodb/mongodb\":\"^1.1\",\"phpunit/phpunit\":\"^5.7\",\"predis/predis\":\"~1.0\"},\"suggest\":{\"alcaeus/mongo-php-adapter\":\"Required to use legacy MongoDB driver\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.7.x-dev\"}},\"autoload\":{\"psr-4\":{\"Doctrine\\Common\\Cache\\\":\"lib/Doctrine/Common/Cache\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Roman Borschel\",\"email\":\"[email protected]\"},{\"name\":\"Benjamin Eberlei\",\"email\":\"[email protected]\"},{\"name\":\"Guilherme Blanco\",\"email\":\"[email protected]\"},{\"name\":\"Jonathan Wage\",\"email\":\"[email protected]\"},{\"name\":\"Johannes Schmitt\",\"email\":\"[email protected]\"}],\"description\":\"Caching library offering an object-oriented API for many cache backends\",\"homepage\":\"http://www.doctrine-project.org\",\"keywords\":[\"cache\",\"caching\"],\"time\":\"2017-08-25T07:02:50+00:00\"},{\"name\":\"doctrine/collections\",\"version\":\"v1.5.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/doctrine/collections.git\",\"reference\":\"a01ee38fcd999f34d9bfbcee59dbda5105449cbf\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/doctrine/collections/zipball/a01ee38fcd999f34d9bfbcee59dbda5105449cbf\",\"reference\":\"a01ee38fcd999f34d9bfbcee59dbda5105449cbf\",\"shasum\":\"\"},\"require\":{\"php\":\"^7.1\"},\"require-dev\":{\"doctrine/coding-standard\":\"~0.1@dev\",\"phpunit/phpunit\":\"^5.7\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.3.x-dev\"}},\"autoload\":{\"psr-0\":{\"Doctrine\\Common\\Collections\\\":\"lib/\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Roman Borschel\",\"email\":\"[email protected]\"},{\"name\":\"Benjamin Eberlei\",\"email\":\"[email protected]\"},{\"name\":\"Guilherme Blanco\",\"email\":\"[email protected]\"},{\"name\":\"Jonathan Wage\",\"email\":\"[email protected]\"},{\"name\":\"Johannes Schmitt\",\"email\":\"[email protected]\"}],\"description\":\"Collections Abstraction library\",\"homepage\":\"http://www.doctrine-project.org\",\"keywords\":[\"array\",\"collections\",\"iterator\"],\"time\":\"2017-07-22T10:37:32+00:00\"},{\"name\":\"doctrine/common\",\"version\":\"v2.5.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/doctrine/common.git\",\"reference\":\"cd8daf2501e10c63dced7b8b9b905844316ae9d3\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/doctrine/common/zipball/cd8daf2501e10c63dced7b8b9b905844316ae9d3\",\"reference\":\"cd8daf2501e10c63dced7b8b9b905844316ae9d3\",\"shasum\":\"\"},\"require\":{\"doctrine/annotations\":\"1.*\",\"doctrine/cache\":\"1.*\",\"doctrine/collections\":\"1.*\",\"doctrine/inflector\":\"1.*\",\"doctrine/lexer\":\"1.*\",\"php\":\">=5.3.2\"},\"require-dev\":{\"phpunit/phpunit\":\"~3.7\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"2.6.x-dev\"}},\"autoload\":{\"psr-0\":{\"Doctrine\\Common\\\":\"lib/\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Roman Borschel\",\"email\":\"[email protected]\"},{\"name\":\"Benjamin Eberlei\",\"email\":\"[email protected]\"},{\"name\":\"Guilherme Blanco\",\"email\":\"[email protected]\"},{\"name\":\"Jonathan Wage\",\"email\":\"[email protected]\"},{\"name\":\"Johannes Schmitt\",\"email\":\"[email protected]\"}],\"description\":\"Common Library for Doctrine projects\",\"homepage\":\"http://www.doctrine-project.org\",\"keywords\":[\"annotations\",\"collections\",\"eventmanager\",\"persistence\",\"spl\"],\"time\":\"2015-04-02T19:55:44+00:00\"},{\"name\":\"doctrine/inflector\",\"version\":\"v1.2.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/doctrine/inflector.git\",\"reference\":\"e11d84c6e018beedd929cff5220969a3c6d1d462\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/doctrine/inflector/zipball/e11d84c6e018beedd929cff5220969a3c6d1d462\",\"reference\":\"e11d84c6e018beedd929cff5220969a3c6d1d462\",\"shasum\":\"\"},\"require\":{\"php\":\"^7.0\"},\"require-dev\":{\"phpunit/phpunit\":\"^6.2\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.2.x-dev\"}},\"autoload\":{\"psr-4\":{\"Doctrine\\Common\\Inflector\\\":\"lib/Doctrine/Common/Inflector\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Roman Borschel\",\"email\":\"[email protected]\"},{\"name\":\"Benjamin Eberlei\",\"email\":\"[email protected]\"},{\"name\":\"Guilherme Blanco\",\"email\":\"[email protected]\"},{\"name\":\"Jonathan Wage\",\"email\":\"[email protected]\"},{\"name\":\"Johannes Schmitt\",\"email\":\"[email protected]\"}],\"description\":\"Common String Manipulations with regard to casing and singular/plural rules.\",\"homepage\":\"http://www.doctrine-project.org\",\"keywords\":[\"inflection\",\"pluralize\",\"singularize\",\"string\"],\"time\":\"2017-07-22T12:18:28+00:00\"},{\"name\":\"doctrine/lexer\",\"version\":\"v1.0.1\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/doctrine/lexer.git\",\"reference\":\"83893c552fd2045dd78aef794c31e694c37c0b8c\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/doctrine/lexer/zipball/83893c552fd2045dd78aef794c31e694c37c0b8c\",\"reference\":\"83893c552fd2045dd78aef794c31e694c37c0b8c\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.3.2\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.0.x-dev\"}},\"autoload\":{\"psr-0\":{\"Doctrine\\Common\\Lexer\\\":\"lib/\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Roman Borschel\",\"email\":\"[email protected]\"},{\"name\":\"Guilherme Blanco\",\"email\":\"[email protected]\"},{\"name\":\"Johannes Schmitt\",\"email\":\"[email protected]\"}],\"description\":\"Base library for a lexer that can be used in Top-Down, Recursive Descent Parsers.\",\"homepage\":\"http://www.doctrine-project.org\",\"keywords\":[\"lexer\",\"parser\"],\"time\":\"2014-09-09T13:34:57+00:00\"},{\"name\":\"guzzlehttp/guzzle\",\"version\":\"6.3.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/guzzle/guzzle.git\",\"reference\":\"f4db5a78a5ea468d4831de7f0bf9d9415e348699\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/guzzle/guzzle/zipball/f4db5a78a5ea468d4831de7f0bf9d9415e348699\",\"reference\":\"f4db5a78a5ea468d4831de7f0bf9d9415e348699\",\"shasum\":\"\"},\"require\":{\"guzzlehttp/promises\":\"^1.0\",\"guzzlehttp/psr7\":\"^1.4\",\"php\":\">=5.5\"},\"require-dev\":{\"ext-curl\":\"*\",\"phpunit/phpunit\":\"^4.0 || ^5.0\",\"psr/log\":\"^1.0\"},\"suggest\":{\"psr/log\":\"Required for using the Log middleware\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"6.2-dev\"}},\"autoload\":{\"files\":[\"src/functions_include.php\"],\"psr-4\":{\"GuzzleHttp\\\":\"src/\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Michael Dowling\",\"email\":\"[email protected]\",\"homepage\":\"https://github.com/mtdowling\"}],\"description\":\"Guzzle is a PHP HTTP client library\",\"homepage\":\"http://guzzlephp.org/\",\"keywords\":[\"client\",\"curl\",\"framework\",\"http\",\"http client\",\"rest\",\"web service\"],\"time\":\"2017-06-22T18:50:49+00:00\"},{\"name\":\"guzzlehttp/promises\",\"version\":\"v1.3.1\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/guzzle/promises.git\",\"reference\":\"a59da6cf61d80060647ff4d3eb2c03a2bc694646\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/guzzle/promises/zipball/a59da6cf61d80060647ff4d3eb2c03a2bc694646\",\"reference\":\"a59da6cf61d80060647ff4d3eb2c03a2bc694646\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.5.0\"},\"require-dev\":{\"phpunit/phpunit\":\"^4.0\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.4-dev\"}},\"autoload\":{\"psr-4\":{\"GuzzleHttp\\Promise\\\":\"src/\"},\"files\":[\"src/functions_include.php\"]},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Michael Dowling\",\"email\":\"[email protected]\",\"homepage\":\"https://github.com/mtdowling\"}],\"description\":\"Guzzle promises library\",\"keywords\":[\"promise\"],\"time\":\"2016-12-20T10:07:11+00:00\"},{\"name\":\"guzzlehttp/psr7\",\"version\":\"1.4.2\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/guzzle/psr7.git\",\"reference\":\"f5b8a8512e2b58b0071a7280e39f14f72e05d87c\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/guzzle/psr7/zipball/f5b8a8512e2b58b0071a7280e39f14f72e05d87c\",\"reference\":\"f5b8a8512e2b58b0071a7280e39f14f72e05d87c\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.4.0\",\"psr/http-message\":\"~1.0\"},\"provide\":{\"psr/http-message-implementation\":\"1.0\"},\"require-dev\":{\"phpunit/phpunit\":\"~4.0\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.4-dev\"}},\"autoload\":{\"psr-4\":{\"GuzzleHttp\\Psr7\\\":\"src/\"},\"files\":[\"src/functions_include.php\"]},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Michael Dowling\",\"email\":\"[email protected]\",\"homepage\":\"https://github.com/mtdowling\"},{\"name\":\"Tobias Schultze\",\"homepage\":\"https://github.com/Tobion\"}],\"description\":\"PSR-7 message implementation that also provides common utility methods\",\"keywords\":[\"http\",\"message\",\"request\",\"response\",\"stream\",\"uri\",\"url\"],\"time\":\"2017-03-20T17:10:46+00:00\"},{\"name\":\"mtdowling/jmespath.php\",\"version\":\"2.4.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/jmespath/jmespath.php.git\",\"reference\":\"adcc9531682cf87dfda21e1fd5d0e7a41d292fac\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/jmespath/jmespath.php/zipball/adcc9531682cf87dfda21e1fd5d0e7a41d292fac\",\"reference\":\"adcc9531682cf87dfda21e1fd5d0e7a41d292fac\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.4.0\"},\"require-dev\":{\"phpunit/phpunit\":\"~4.0\"},\"bin\":[\"bin/jp.php\"],\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"2.0-dev\"}},\"autoload\":{\"psr-4\":{\"JmesPath\\\":\"src/\"},\"files\":[\"src/JmesPath.php\"]},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Michael Dowling\",\"email\":\"[email protected]\",\"homepage\":\"https://github.com/mtdowling\"}],\"description\":\"Declaratively specify how to extract elements from a JSON document\",\"keywords\":[\"json\",\"jsonpath\"],\"time\":\"2016-12-03T22:08:25+00:00\"},{\"name\":\"psr/http-message\",\"version\":\"1.0.1\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/php-fig/http-message.git\",\"reference\":\"f6561bf28d520154e4b0ec72be95418abe6d9363\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/php-fig/http-message/zipball/f6561bf28d520154e4b0ec72be95418abe6d9363\",\"reference\":\"f6561bf28d520154e4b0ec72be95418abe6d9363\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.3.0\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.0.x-dev\"}},\"autoload\":{\"psr-4\":{\"Psr\\Http\\Message\\\":\"src/\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"PHP-FIG\",\"homepage\":\"http://www.php-fig.org/\"}],\"description\":\"Common interface for HTTP messages\",\"homepage\":\"https://github.com/php-fig/http-message\",\"keywords\":[\"http\",\"http-message\",\"psr\",\"psr-7\",\"request\",\"response\"],\"time\":\"2016-08-06T14:39:51+00:00\"},{\"name\":\"psr/log\",\"version\":\"1.0.2\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/php-fig/log.git\",\"reference\":\"4ebe3a8bf773a19edfe0a84b6585ba3d401b724d\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/php-fig/log/zipball/4ebe3a8bf773a19edfe0a84b6585ba3d401b724d\",\"reference\":\"4ebe3a8bf773a19edfe0a84b6585ba3d401b724d\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.3.0\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.0.x-dev\"}},\"autoload\":{\"psr-4\":{\"Psr\\Log\\\":\"Psr/Log/\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"PHP-FIG\",\"homepage\":\"http://www.php-fig.org/\"}],\"description\":\"Common interface for logging libraries\",\"homepage\":\"https://github.com/php-fig/log\",\"keywords\":[\"log\",\"psr\",\"psr-3\"],\"time\":\"2016-10-10T12:19:37+00:00\"},{\"name\":\"symfony/icu\",\"version\":\"v1.2.2\",\"target-dir\":\"Symfony/Component/Icu\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/symfony/icu.git\",\"reference\":\"d4d85d6055b87f394d941b45ddd3a9173e1e3d2a\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/symfony/icu/zipball/d4d85d6055b87f394d941b45ddd3a9173e1e3d2a\",\"reference\":\"d4d85d6055b87f394d941b45ddd3a9173e1e3d2a\",\"shasum\":\"\"},\"require\":{\"ext-intl\":\"*\",\"lib-icu\":\">=4.4\",\"php\":\">=5.3.3\",\"symfony/intl\":\"~2.3\"},\"type\":\"library\",\"autoload\":{\"psr-0\":{\"Symfony\\Component\\Icu\\\":\"\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Symfony Community\",\"homepage\":\"http://symfony.com/contributors\"},{\"name\":\"Bernhard Schussek\",\"email\":\"[email protected]\"}],\"description\":\"Contains an excerpt of the ICU data and classes to load it.\",\"homepage\":\"http://symfony.com\",\"keywords\":[\"icu\",\"intl\"],\"abandoned\":\"symfony/intl\",\"time\":\"2014-07-25T09:58:17+00:00\"},{\"name\":\"symfony/symfony\",\"version\":\"v2.3.1\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/symfony/symfony.git\",\"reference\":\"0902c606b4df1161f5b786ae89f37b71380b1f23\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/symfony/symfony/zipball/0902c606b4df1161f5b786ae89f37b71380b1f23\",\"reference\":\"0902c606b4df1161f5b786ae89f37b71380b1f23\",\"shasum\":\"\"},\"require\":{\"doctrine/common\":\"~2.2\",\"php\":\">=5.3.3\",\"psr/log\":\"~1.0\",\"symfony/icu\":\"~1.0\",\"twig/twig\":\"~1.11\"},\"replace\":{\"symfony/browser-kit\":\"self.version\",\"symfony/class-loader\":\"self.version\",\"symfony/config\":\"self.version\",\"symfony/console\":\"self.version\",\"symfony/css-selector\":\"self.version\",\"symfony/debug\":\"self.version\",\"symfony/dependency-injection\":\"self.version\",\"symfony/doctrine-bridge\":\"self.version\",\"symfony/dom-crawler\":\"self.version\",\"symfony/event-dispatcher\":\"self.version\",\"symfony/filesystem\":\"self.version\",\"symfony/finder\":\"self.version\",\"symfony/form\":\"self.version\",\"symfony/framework-bundle\":\"self.version\",\"symfony/http-foundation\":\"self.version\",\"symfony/http-kernel\":\"self.version\",\"symfony/intl\":\"self.version\",\"symfony/locale\":\"self.version\",\"symfony/monolog-bridge\":\"self.version\",\"symfony/options-resolver\":\"self.version\",\"symfony/process\":\"self.version\",\"symfony/propel1-bridge\":\"self.version\",\"symfony/property-access\":\"self.version\",\"symfony/proxy-manager-bridge\":\"self.version\",\"symfony/routing\":\"self.version\",\"symfony/security\":\"self.version\",\"symfony/security-bundle\":\"self.version\",\"symfony/serializer\":\"self.version\",\"symfony/stopwatch\":\"self.version\",\"symfony/swiftmailer-bridge\":\"self.version\",\"symfony/templating\":\"self.version\",\"symfony/translation\":\"self.version\",\"symfony/twig-bridge\":\"self.version\",\"symfony/twig-bundle\":\"self.version\",\"symfony/validator\":\"self.version\",\"symfony/web-profiler-bundle\":\"self.version\",\"symfony/yaml\":\"self.version\"},\"require-dev\":{\"doctrine/data-fixtures\":\"1.0.*\",\"doctrine/dbal\":\"~2.2\",\"doctrine/orm\":\"~2.2,>=2.2.3\",\"ircmaxell/password-compat\":\"1.0.*\",\"monolog/monolog\":\"~1.3\",\"ocramius/proxy-manager\":\">=0.3.1,<0.4-dev\",\"propel/propel1\":\"1.6.*\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"2.3-dev\"}},\"autoload\":{\"psr-0\":{\"Symfony\\\":\"src/\"},\"classmap\":[\"src/Symfony/Component/HttpFoundation/Resources/stubs\",\"src/Symfony/Component/Intl/Resources/stubs\"],\"files\":[\"src/Symfony/Component/Intl/Resources/stubs/functions.php\"]},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Symfony Community\",\"homepage\":\"http://symfony.com/contributors\"},{\"name\":\"Fabien Potencier\",\"email\":\"[email protected]\"}],\"description\":\"The Symfony PHP framework\",\"homepage\":\"http://symfony.com\",\"keywords\":[\"framework\"],\"time\":\"2013-06-11T11:46:38+00:00\"},{\"name\":\"twig/twig\",\"version\":\"v1.35.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/twigphp/Twig.git\",\"reference\":\"daa657073e55b0a78cce8fdd22682fddecc6385f\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/twigphp/Twig/zipball/daa657073e55b0a78cce8fdd22682fddecc6385f\",\"reference\":\"daa657073e55b0a78cce8fdd22682fddecc6385f\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.3.3\"},\"require-dev\":{\"psr/container\":\"^1.0\",\"symfony/debug\":\"~2.7\",\"symfony/phpunit-bridge\":\"~3.3@dev\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.35-dev\"}},\"autoload\":{\"psr-0\":{\"Twig_\":\"lib/\"},\"psr-4\":{\"Twig\\\":\"src/\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"BSD-3-Clause\"],\"authors\":[{\"name\":\"Fabien Potencier\",\"email\":\"[email protected]\",\"homepage\":\"http://fabien.potencier.org\",\"role\":\"Lead Developer\"},{\"name\":\"Armin Ronacher\",\"email\":\"[email protected]\",\"role\":\"Project Founder\"},{\"name\":\"Twig Team\",\"homepage\":\"http://twig.sensiolabs.org/contributors\",\"role\":\"Contributors\"}],\"description\":\"Twig, the flexible, fast, and secure template language for PHP\",\"homepage\":\"http://twig.sensiolabs.org\",\"keywords\":[\"templating\"],\"time\":\"2017-09-27T18:06:46+00:00\"},{\"name\":\"yiisoft/yii\",\"version\":\"1.1.14\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/yiisoft/yii.git\",\"reference\":\"f0fee98ee84f70f1f3652f65562c9670e919cb4e\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/yiisoft/yii/zipball/f0fee98ee84f70f1f3652f65562c9670e919cb4e\",\"reference\":\"f0fee98ee84f70f1f3652f65562c9670e919cb4e\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.1.0\"},\"bin\":[\"framework/yiic\"],\"type\":\"library\",\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"BSD-3-Clause\"],\"authors\":[{\"name\":\"Qiang Xue\",\"email\":\"[email protected]\",\"homepage\":\"http://www.yiiframework.com/\",\"role\":\"Founder and project lead\"},{\"name\":\"Alexander Makarov\",\"email\":\"[email protected]\",\"homepage\":\"http://rmcreative.ru/\",\"role\":\"Core framework development\"},{\"name\":\"Maurizio Domba\",\"homepage\":\"http://mdomba.info/\",\"role\":\"Core framework development\"},{\"name\":\"Carsten Brandt\",\"email\":\"[email protected]\",\"homepage\":\"http://cebe.cc/\",\"role\":\"Core framework development\"},{\"name\":\"Wei Zhuo\",\"email\":\"[email protected]\",\"role\":\"Project site maintenance and development\"},{\"name\":\"Sebastián Thierer\",\"email\":\"[email protected]\",\"role\":\"Component development\"},{\"name\":\"Jeffrey Winesett\",\"email\":\"[email protected]\",\"role\":\"Documentation and marketing\"},{\"name\":\"Timur Ruziev\",\"email\":\"[email protected]\",\"homepage\":\"http://resurtm.com/\",\"role\":\"Core framework development\"},{\"name\":\"Paul Klimov\",\"email\":\"[email protected]\",\"role\":\"Core framework development\"}],\"description\":\"Yii Web Programming Framework\",\"homepage\":\"http://www.yiiframework.com/\",\"keywords\":[\"framework\",\"yii\"],\"time\":\"2013-08-12T00:12:08+00:00\"},{\"name\":\"zendframework/zendframework\",\"version\":\"2.1.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/zendframework/zendframework.git\",\"reference\":\"345a8cbedbe8de8a25bf18579fe54d169ac5075a\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/zendframework/zendframework/zipball/345a8cbedbe8de8a25bf18579fe54d169ac5075a\",\"reference\":\"345a8cbedbe8de8a25bf18579fe54d169ac5075a\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.3.3\"},\"replace\":{\"zendframework/zend-authentication\":\"self.version\",\"zendframework/zend-barcode\":\"self.version\",\"zendframework/zend-cache\":\"self.version\",\"zendframework/zend-captcha\":\"self.version\",\"zendframework/zend-code\":\"self.version\",\"zendframework/zend-config\":\"self.version\",\"zendframework/zend-console\":\"self.version\",\"zendframework/zend-crypt\":\"self.version\",\"zendframework/zend-db\":\"self.version\",\"zendframework/zend-debug\":\"self.version\",\"zendframework/zend-di\":\"self.version\",\"zendframework/zend-dom\":\"self.version\",\"zendframework/zend-escaper\":\"self.version\",\"zendframework/zend-eventmanager\":\"self.version\",\"zendframework/zend-feed\":\"self.version\",\"zendframework/zend-file\":\"self.version\",\"zendframework/zend-filter\":\"self.version\",\"zendframework/zend-form\":\"self.version\",\"zendframework/zend-http\":\"self.version\",\"zendframework/zend-i18n\":\"self.version\",\"zendframework/zend-inputfilter\":\"self.version\",\"zendframework/zend-json\":\"self.version\",\"zendframework/zend-ldap\":\"self.version\",\"zendframework/zend-loader\":\"self.version\",\"zendframework/zend-log\":\"self.version\",\"zendframework/zend-mail\":\"self.version\",\"zendframework/zend-math\":\"self.version\",\"zendframework/zend-memory\":\"self.version\",\"zendframework/zend-mime\":\"self.version\",\"zendframework/zend-modulemanager\":\"self.version\",\"zendframework/zend-mvc\":\"self.version\",\"zendframework/zend-navigation\":\"self.version\",\"zendframework/zend-paginator\":\"self.version\",\"zendframework/zend-permissions-acl\":\"self.version\",\"zendframework/zend-permissions-rbac\":\"self.version\",\"zendframework/zend-progressbar\":\"self.version\",\"zendframework/zend-serializer\":\"self.version\",\"zendframework/zend-server\":\"self.version\",\"zendframework/zend-servicemanager\":\"self.version\",\"zendframework/zend-session\":\"self.version\",\"zendframework/zend-soap\":\"self.version\",\"zendframework/zend-stdlib\":\"self.version\",\"zendframework/zend-tag\":\"self.version\",\"zendframework/zend-test\":\"self.version\",\"zendframework/zend-text\":\"self.version\",\"zendframework/zend-uri\":\"self.version\",\"zendframework/zend-validator\":\"self.version\",\"zendframework/zend-version\":\"self.version\",\"zendframework/zend-view\":\"self.version\",\"zendframework/zend-xmlrpc\":\"self.version\"},\"require-dev\":{\"doctrine/common\":\">=2.1\",\"phpunit/phpunit\":\"3.7.*\"},\"suggest\":{\"doctrine/common\":\"Doctrine\\Common >=2.1 for annotation features\",\"ext-intl\":\"ext/intl for i18n features\",\"pecl-weakref\":\"Implementation of weak references for Zend\\Stdlib\\CallbackHandler\",\"zendframework/zendpdf\":\"ZendPdf for creating PDF representations of barcodes\",\"zendframework/zendservice-recaptcha\":\"ZendService\\ReCaptcha for rendering ReCaptchas in Zend\\Captcha and/or Zend\\Form\"},\"bin\":[\"bin/classmap_generator.php\"],\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"2.1-dev\",\"dev-develop\":\"2.2-dev\"}},\"autoload\":{\"psr-0\":{\"Zend\\\":\"library/\",\"ZendTest\\\":\"tests/\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"BSD-3-Clause\"],\"description\":\"Zend Framework 2\",\"homepage\":\"http://framework.zend.com/\",\"keywords\":[\"framework\",\"zf2\"],\"time\":\"2013-01-30T16:46:21+00:00\"}],\"packages-dev\":[],\"aliases\":[],\"minimum-stability\":\"stable\",\"stability-flags\":[],\"prefer-stable\":false,\"prefer-lowest\":false,\"platform\":{\"php\":\">=5.3.2\"},\"platform-dev\":[]}"}]}}

Responses

200Success

application/json

post

/test/composer

POST /v1/test/composer HTTP/1.1
Host: api.snyk.io
Content-Type: application/json
Accept: */*
Content-Length: 28009

{
  "encoding": "plain",
  "files": {
    "target": {
      "contents": "{\"name\": \"vulnerable/project\",\"description\": \"A sample vulnerable project\",\"require\": {\"php\": \">=5.3.2\",\"symfony/symfony\": \"v2.3.1\",\"yiisoft/yii\": \"1.1.14\",\"zendframework/zendframework\": \"2.1.0\",\"aws/aws-sdk-php\": \"3.0.0\",\"doctrine/common\": \"2.5.0\"}}"
    },
    "additional": [
      {
        "contents": "{\"_readme\":[\"This file locks the dependencies of your project to a known state\",\"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file\",\"This file is @generated automatically\"],\"content-hash\":\"3a3771e545494c4c098e639bd68602ba\",\"packages\":[{\"name\":\"aws/aws-sdk-php\",\"version\":\"3.0.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/aws/aws-sdk-php.git\",\"reference\":\"4018c8f14a9e53003bb0417fa859c6a7ad57b53b\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/aws/aws-sdk-php/zipball/4018c8f14a9e53003bb0417fa859c6a7ad57b53b\",\"reference\":\"4018c8f14a9e53003bb0417fa859c6a7ad57b53b\",\"shasum\":\"\"},\"require\":{\"guzzlehttp/guzzle\":\"^5.3 || ^6.0.1\",\"guzzlehttp/promises\":\"^1.0.0\",\"guzzlehttp/psr7\":\"^1.0.0\",\"mtdowling/jmespath.php\":\"^2.2\",\"php\":\">=5.5\"},\"require-dev\":{\"ext-dom\":\"*\",\"ext-json\":\"*\",\"ext-openssl\":\"*\",\"ext-pcre\":\"*\",\"ext-simplexml\":\"*\",\"ext-spl\":\"*\",\"phpunit/phpunit\":\"^4.0\"},\"suggest\":{\"ext-curl\":\"To send requests using cURL\",\"ext-openssl\":\"Allows working with CloudFront private distributions and verifying received SNS messages\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"3.0-dev\"}},\"autoload\":{\"psr-4\":{\"Aws\\\":\"src/\"},\"files\":[\"src/functions.php\"]},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"Apache-2.0\"],\"authors\":[{\"name\":\"Amazon Web Services\",\"homepage\":\"http://aws.amazon.com\"}],\"description\":\"AWS SDK for PHP - Use Amazon Web Services in your PHP project\",\"homepage\":\"http://aws.amazon.com/sdkforphp\",\"keywords\":[\"amazon\",\"aws\",\"cloud\",\"dynamodb\",\"ec2\",\"glacier\",\"s3\",\"sdk\"],\"time\":\"2015-05-27T20:07:42+00:00\"},{\"name\":\"doctrine/annotations\",\"version\":\"v1.5.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/doctrine/annotations.git\",\"reference\":\"5beebb01b025c94e93686b7a0ed3edae81fe3e7f\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/doctrine/annotations/zipball/5beebb01b025c94e93686b7a0ed3edae81fe3e7f\",\"reference\":\"5beebb01b025c94e93686b7a0ed3edae81fe3e7f\",\"shasum\":\"\"},\"require\":{\"doctrine/lexer\":\"1.*\",\"php\":\"^7.1\"},\"require-dev\":{\"doctrine/cache\":\"1.*\",\"phpunit/phpunit\":\"^5.7\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.5.x-dev\"}},\"autoload\":{\"psr-4\":{\"Doctrine\\Common\\Annotations\\\":\"lib/Doctrine/Common/Annotations\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Roman Borschel\",\"email\":\"[email protected]\"},{\"name\":\"Benjamin Eberlei\",\"email\":\"[email protected]\"},{\"name\":\"Guilherme Blanco\",\"email\":\"[email protected]\"},{\"name\":\"Jonathan Wage\",\"email\":\"[email protected]\"},{\"name\":\"Johannes Schmitt\",\"email\":\"[email protected]\"}],\"description\":\"Docblock Annotations Parser\",\"homepage\":\"http://www.doctrine-project.org\",\"keywords\":[\"annotations\",\"docblock\",\"parser\"],\"time\":\"2017-07-22T10:58:02+00:00\"},{\"name\":\"doctrine/cache\",\"version\":\"v1.7.1\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/doctrine/cache.git\",\"reference\":\"b3217d58609e9c8e661cd41357a54d926c4a2a1a\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/doctrine/cache/zipball/b3217d58609e9c8e661cd41357a54d926c4a2a1a\",\"reference\":\"b3217d58609e9c8e661cd41357a54d926c4a2a1a\",\"shasum\":\"\"},\"require\":{\"php\":\"~7.1\"},\"conflict\":{\"doctrine/common\":\">2.2,<2.4\"},\"require-dev\":{\"alcaeus/mongo-php-adapter\":\"^1.1\",\"mongodb/mongodb\":\"^1.1\",\"phpunit/phpunit\":\"^5.7\",\"predis/predis\":\"~1.0\"},\"suggest\":{\"alcaeus/mongo-php-adapter\":\"Required to use legacy MongoDB driver\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.7.x-dev\"}},\"autoload\":{\"psr-4\":{\"Doctrine\\Common\\Cache\\\":\"lib/Doctrine/Common/Cache\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Roman Borschel\",\"email\":\"[email protected]\"},{\"name\":\"Benjamin Eberlei\",\"email\":\"[email protected]\"},{\"name\":\"Guilherme Blanco\",\"email\":\"[email protected]\"},{\"name\":\"Jonathan Wage\",\"email\":\"[email protected]\"},{\"name\":\"Johannes Schmitt\",\"email\":\"[email protected]\"}],\"description\":\"Caching library offering an object-oriented API for many cache backends\",\"homepage\":\"http://www.doctrine-project.org\",\"keywords\":[\"cache\",\"caching\"],\"time\":\"2017-08-25T07:02:50+00:00\"},{\"name\":\"doctrine/collections\",\"version\":\"v1.5.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/doctrine/collections.git\",\"reference\":\"a01ee38fcd999f34d9bfbcee59dbda5105449cbf\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/doctrine/collections/zipball/a01ee38fcd999f34d9bfbcee59dbda5105449cbf\",\"reference\":\"a01ee38fcd999f34d9bfbcee59dbda5105449cbf\",\"shasum\":\"\"},\"require\":{\"php\":\"^7.1\"},\"require-dev\":{\"doctrine/coding-standard\":\"~0.1@dev\",\"phpunit/phpunit\":\"^5.7\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.3.x-dev\"}},\"autoload\":{\"psr-0\":{\"Doctrine\\Common\\Collections\\\":\"lib/\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Roman Borschel\",\"email\":\"[email protected]\"},{\"name\":\"Benjamin Eberlei\",\"email\":\"[email protected]\"},{\"name\":\"Guilherme Blanco\",\"email\":\"[email protected]\"},{\"name\":\"Jonathan Wage\",\"email\":\"[email protected]\"},{\"name\":\"Johannes Schmitt\",\"email\":\"[email protected]\"}],\"description\":\"Collections Abstraction library\",\"homepage\":\"http://www.doctrine-project.org\",\"keywords\":[\"array\",\"collections\",\"iterator\"],\"time\":\"2017-07-22T10:37:32+00:00\"},{\"name\":\"doctrine/common\",\"version\":\"v2.5.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/doctrine/common.git\",\"reference\":\"cd8daf2501e10c63dced7b8b9b905844316ae9d3\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/doctrine/common/zipball/cd8daf2501e10c63dced7b8b9b905844316ae9d3\",\"reference\":\"cd8daf2501e10c63dced7b8b9b905844316ae9d3\",\"shasum\":\"\"},\"require\":{\"doctrine/annotations\":\"1.*\",\"doctrine/cache\":\"1.*\",\"doctrine/collections\":\"1.*\",\"doctrine/inflector\":\"1.*\",\"doctrine/lexer\":\"1.*\",\"php\":\">=5.3.2\"},\"require-dev\":{\"phpunit/phpunit\":\"~3.7\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"2.6.x-dev\"}},\"autoload\":{\"psr-0\":{\"Doctrine\\Common\\\":\"lib/\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Roman Borschel\",\"email\":\"[email protected]\"},{\"name\":\"Benjamin Eberlei\",\"email\":\"[email protected]\"},{\"name\":\"Guilherme Blanco\",\"email\":\"[email protected]\"},{\"name\":\"Jonathan Wage\",\"email\":\"[email protected]\"},{\"name\":\"Johannes Schmitt\",\"email\":\"[email protected]\"}],\"description\":\"Common Library for Doctrine projects\",\"homepage\":\"http://www.doctrine-project.org\",\"keywords\":[\"annotations\",\"collections\",\"eventmanager\",\"persistence\",\"spl\"],\"time\":\"2015-04-02T19:55:44+00:00\"},{\"name\":\"doctrine/inflector\",\"version\":\"v1.2.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/doctrine/inflector.git\",\"reference\":\"e11d84c6e018beedd929cff5220969a3c6d1d462\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/doctrine/inflector/zipball/e11d84c6e018beedd929cff5220969a3c6d1d462\",\"reference\":\"e11d84c6e018beedd929cff5220969a3c6d1d462\",\"shasum\":\"\"},\"require\":{\"php\":\"^7.0\"},\"require-dev\":{\"phpunit/phpunit\":\"^6.2\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.2.x-dev\"}},\"autoload\":{\"psr-4\":{\"Doctrine\\Common\\Inflector\\\":\"lib/Doctrine/Common/Inflector\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Roman Borschel\",\"email\":\"[email protected]\"},{\"name\":\"Benjamin Eberlei\",\"email\":\"[email protected]\"},{\"name\":\"Guilherme Blanco\",\"email\":\"[email protected]\"},{\"name\":\"Jonathan Wage\",\"email\":\"[email protected]\"},{\"name\":\"Johannes Schmitt\",\"email\":\"[email protected]\"}],\"description\":\"Common String Manipulations with regard to casing and singular/plural rules.\",\"homepage\":\"http://www.doctrine-project.org\",\"keywords\":[\"inflection\",\"pluralize\",\"singularize\",\"string\"],\"time\":\"2017-07-22T12:18:28+00:00\"},{\"name\":\"doctrine/lexer\",\"version\":\"v1.0.1\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/doctrine/lexer.git\",\"reference\":\"83893c552fd2045dd78aef794c31e694c37c0b8c\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/doctrine/lexer/zipball/83893c552fd2045dd78aef794c31e694c37c0b8c\",\"reference\":\"83893c552fd2045dd78aef794c31e694c37c0b8c\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.3.2\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.0.x-dev\"}},\"autoload\":{\"psr-0\":{\"Doctrine\\Common\\Lexer\\\":\"lib/\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Roman Borschel\",\"email\":\"[email protected]\"},{\"name\":\"Guilherme Blanco\",\"email\":\"[email protected]\"},{\"name\":\"Johannes Schmitt\",\"email\":\"[email protected]\"}],\"description\":\"Base library for a lexer that can be used in Top-Down, Recursive Descent Parsers.\",\"homepage\":\"http://www.doctrine-project.org\",\"keywords\":[\"lexer\",\"parser\"],\"time\":\"2014-09-09T13:34:57+00:00\"},{\"name\":\"guzzlehttp/guzzle\",\"version\":\"6.3.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/guzzle/guzzle.git\",\"reference\":\"f4db5a78a5ea468d4831de7f0bf9d9415e348699\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/guzzle/guzzle/zipball/f4db5a78a5ea468d4831de7f0bf9d9415e348699\",\"reference\":\"f4db5a78a5ea468d4831de7f0bf9d9415e348699\",\"shasum\":\"\"},\"require\":{\"guzzlehttp/promises\":\"^1.0\",\"guzzlehttp/psr7\":\"^1.4\",\"php\":\">=5.5\"},\"require-dev\":{\"ext-curl\":\"*\",\"phpunit/phpunit\":\"^4.0 || ^5.0\",\"psr/log\":\"^1.0\"},\"suggest\":{\"psr/log\":\"Required for using the Log middleware\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"6.2-dev\"}},\"autoload\":{\"files\":[\"src/functions_include.php\"],\"psr-4\":{\"GuzzleHttp\\\":\"src/\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Michael Dowling\",\"email\":\"[email protected]\",\"homepage\":\"https://github.com/mtdowling\"}],\"description\":\"Guzzle is a PHP HTTP client library\",\"homepage\":\"http://guzzlephp.org/\",\"keywords\":[\"client\",\"curl\",\"framework\",\"http\",\"http client\",\"rest\",\"web service\"],\"time\":\"2017-06-22T18:50:49+00:00\"},{\"name\":\"guzzlehttp/promises\",\"version\":\"v1.3.1\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/guzzle/promises.git\",\"reference\":\"a59da6cf61d80060647ff4d3eb2c03a2bc694646\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/guzzle/promises/zipball/a59da6cf61d80060647ff4d3eb2c03a2bc694646\",\"reference\":\"a59da6cf61d80060647ff4d3eb2c03a2bc694646\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.5.0\"},\"require-dev\":{\"phpunit/phpunit\":\"^4.0\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.4-dev\"}},\"autoload\":{\"psr-4\":{\"GuzzleHttp\\Promise\\\":\"src/\"},\"files\":[\"src/functions_include.php\"]},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Michael Dowling\",\"email\":\"[email protected]\",\"homepage\":\"https://github.com/mtdowling\"}],\"description\":\"Guzzle promises library\",\"keywords\":[\"promise\"],\"time\":\"2016-12-20T10:07:11+00:00\"},{\"name\":\"guzzlehttp/psr7\",\"version\":\"1.4.2\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/guzzle/psr7.git\",\"reference\":\"f5b8a8512e2b58b0071a7280e39f14f72e05d87c\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/guzzle/psr7/zipball/f5b8a8512e2b58b0071a7280e39f14f72e05d87c\",\"reference\":\"f5b8a8512e2b58b0071a7280e39f14f72e05d87c\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.4.0\",\"psr/http-message\":\"~1.0\"},\"provide\":{\"psr/http-message-implementation\":\"1.0\"},\"require-dev\":{\"phpunit/phpunit\":\"~4.0\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.4-dev\"}},\"autoload\":{\"psr-4\":{\"GuzzleHttp\\Psr7\\\":\"src/\"},\"files\":[\"src/functions_include.php\"]},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Michael Dowling\",\"email\":\"[email protected]\",\"homepage\":\"https://github.com/mtdowling\"},{\"name\":\"Tobias Schultze\",\"homepage\":\"https://github.com/Tobion\"}],\"description\":\"PSR-7 message implementation that also provides common utility methods\",\"keywords\":[\"http\",\"message\",\"request\",\"response\",\"stream\",\"uri\",\"url\"],\"time\":\"2017-03-20T17:10:46+00:00\"},{\"name\":\"mtdowling/jmespath.php\",\"version\":\"2.4.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/jmespath/jmespath.php.git\",\"reference\":\"adcc9531682cf87dfda21e1fd5d0e7a41d292fac\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/jmespath/jmespath.php/zipball/adcc9531682cf87dfda21e1fd5d0e7a41d292fac\",\"reference\":\"adcc9531682cf87dfda21e1fd5d0e7a41d292fac\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.4.0\"},\"require-dev\":{\"phpunit/phpunit\":\"~4.0\"},\"bin\":[\"bin/jp.php\"],\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"2.0-dev\"}},\"autoload\":{\"psr-4\":{\"JmesPath\\\":\"src/\"},\"files\":[\"src/JmesPath.php\"]},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Michael Dowling\",\"email\":\"[email protected]\",\"homepage\":\"https://github.com/mtdowling\"}],\"description\":\"Declaratively specify how to extract elements from a JSON document\",\"keywords\":[\"json\",\"jsonpath\"],\"time\":\"2016-12-03T22:08:25+00:00\"},{\"name\":\"psr/http-message\",\"version\":\"1.0.1\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/php-fig/http-message.git\",\"reference\":\"f6561bf28d520154e4b0ec72be95418abe6d9363\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/php-fig/http-message/zipball/f6561bf28d520154e4b0ec72be95418abe6d9363\",\"reference\":\"f6561bf28d520154e4b0ec72be95418abe6d9363\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.3.0\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.0.x-dev\"}},\"autoload\":{\"psr-4\":{\"Psr\\Http\\Message\\\":\"src/\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"PHP-FIG\",\"homepage\":\"http://www.php-fig.org/\"}],\"description\":\"Common interface for HTTP messages\",\"homepage\":\"https://github.com/php-fig/http-message\",\"keywords\":[\"http\",\"http-message\",\"psr\",\"psr-7\",\"request\",\"response\"],\"time\":\"2016-08-06T14:39:51+00:00\"},{\"name\":\"psr/log\",\"version\":\"1.0.2\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/php-fig/log.git\",\"reference\":\"4ebe3a8bf773a19edfe0a84b6585ba3d401b724d\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/php-fig/log/zipball/4ebe3a8bf773a19edfe0a84b6585ba3d401b724d\",\"reference\":\"4ebe3a8bf773a19edfe0a84b6585ba3d401b724d\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.3.0\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.0.x-dev\"}},\"autoload\":{\"psr-4\":{\"Psr\\Log\\\":\"Psr/Log/\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"PHP-FIG\",\"homepage\":\"http://www.php-fig.org/\"}],\"description\":\"Common interface for logging libraries\",\"homepage\":\"https://github.com/php-fig/log\",\"keywords\":[\"log\",\"psr\",\"psr-3\"],\"time\":\"2016-10-10T12:19:37+00:00\"},{\"name\":\"symfony/icu\",\"version\":\"v1.2.2\",\"target-dir\":\"Symfony/Component/Icu\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/symfony/icu.git\",\"reference\":\"d4d85d6055b87f394d941b45ddd3a9173e1e3d2a\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/symfony/icu/zipball/d4d85d6055b87f394d941b45ddd3a9173e1e3d2a\",\"reference\":\"d4d85d6055b87f394d941b45ddd3a9173e1e3d2a\",\"shasum\":\"\"},\"require\":{\"ext-intl\":\"*\",\"lib-icu\":\">=4.4\",\"php\":\">=5.3.3\",\"symfony/intl\":\"~2.3\"},\"type\":\"library\",\"autoload\":{\"psr-0\":{\"Symfony\\Component\\Icu\\\":\"\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Symfony Community\",\"homepage\":\"http://symfony.com/contributors\"},{\"name\":\"Bernhard Schussek\",\"email\":\"[email protected]\"}],\"description\":\"Contains an excerpt of the ICU data and classes to load it.\",\"homepage\":\"http://symfony.com\",\"keywords\":[\"icu\",\"intl\"],\"abandoned\":\"symfony/intl\",\"time\":\"2014-07-25T09:58:17+00:00\"},{\"name\":\"symfony/symfony\",\"version\":\"v2.3.1\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/symfony/symfony.git\",\"reference\":\"0902c606b4df1161f5b786ae89f37b71380b1f23\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/symfony/symfony/zipball/0902c606b4df1161f5b786ae89f37b71380b1f23\",\"reference\":\"0902c606b4df1161f5b786ae89f37b71380b1f23\",\"shasum\":\"\"},\"require\":{\"doctrine/common\":\"~2.2\",\"php\":\">=5.3.3\",\"psr/log\":\"~1.0\",\"symfony/icu\":\"~1.0\",\"twig/twig\":\"~1.11\"},\"replace\":{\"symfony/browser-kit\":\"self.version\",\"symfony/class-loader\":\"self.version\",\"symfony/config\":\"self.version\",\"symfony/console\":\"self.version\",\"symfony/css-selector\":\"self.version\",\"symfony/debug\":\"self.version\",\"symfony/dependency-injection\":\"self.version\",\"symfony/doctrine-bridge\":\"self.version\",\"symfony/dom-crawler\":\"self.version\",\"symfony/event-dispatcher\":\"self.version\",\"symfony/filesystem\":\"self.version\",\"symfony/finder\":\"self.version\",\"symfony/form\":\"self.version\",\"symfony/framework-bundle\":\"self.version\",\"symfony/http-foundation\":\"self.version\",\"symfony/http-kernel\":\"self.version\",\"symfony/intl\":\"self.version\",\"symfony/locale\":\"self.version\",\"symfony/monolog-bridge\":\"self.version\",\"symfony/options-resolver\":\"self.version\",\"symfony/process\":\"self.version\",\"symfony/propel1-bridge\":\"self.version\",\"symfony/property-access\":\"self.version\",\"symfony/proxy-manager-bridge\":\"self.version\",\"symfony/routing\":\"self.version\",\"symfony/security\":\"self.version\",\"symfony/security-bundle\":\"self.version\",\"symfony/serializer\":\"self.version\",\"symfony/stopwatch\":\"self.version\",\"symfony/swiftmailer-bridge\":\"self.version\",\"symfony/templating\":\"self.version\",\"symfony/translation\":\"self.version\",\"symfony/twig-bridge\":\"self.version\",\"symfony/twig-bundle\":\"self.version\",\"symfony/validator\":\"self.version\",\"symfony/web-profiler-bundle\":\"self.version\",\"symfony/yaml\":\"self.version\"},\"require-dev\":{\"doctrine/data-fixtures\":\"1.0.*\",\"doctrine/dbal\":\"~2.2\",\"doctrine/orm\":\"~2.2,>=2.2.3\",\"ircmaxell/password-compat\":\"1.0.*\",\"monolog/monolog\":\"~1.3\",\"ocramius/proxy-manager\":\">=0.3.1,<0.4-dev\",\"propel/propel1\":\"1.6.*\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"2.3-dev\"}},\"autoload\":{\"psr-0\":{\"Symfony\\\":\"src/\"},\"classmap\":[\"src/Symfony/Component/HttpFoundation/Resources/stubs\",\"src/Symfony/Component/Intl/Resources/stubs\"],\"files\":[\"src/Symfony/Component/Intl/Resources/stubs/functions.php\"]},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Symfony Community\",\"homepage\":\"http://symfony.com/contributors\"},{\"name\":\"Fabien Potencier\",\"email\":\"[email protected]\"}],\"description\":\"The Symfony PHP framework\",\"homepage\":\"http://symfony.com\",\"keywords\":[\"framework\"],\"time\":\"2013-06-11T11:46:38+00:00\"},{\"name\":\"twig/twig\",\"version\":\"v1.35.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/twigphp/Twig.git\",\"reference\":\"daa657073e55b0a78cce8fdd22682fddecc6385f\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/twigphp/Twig/zipball/daa657073e55b0a78cce8fdd22682fddecc6385f\",\"reference\":\"daa657073e55b0a78cce8fdd22682fddecc6385f\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.3.3\"},\"require-dev\":{\"psr/container\":\"^1.0\",\"symfony/debug\":\"~2.7\",\"symfony/phpunit-bridge\":\"~3.3@dev\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.35-dev\"}},\"autoload\":{\"psr-0\":{\"Twig_\":\"lib/\"},\"psr-4\":{\"Twig\\\":\"src/\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"BSD-3-Clause\"],\"authors\":[{\"name\":\"Fabien Potencier\",\"email\":\"[email protected]\",\"homepage\":\"http://fabien.potencier.org\",\"role\":\"Lead Developer\"},{\"name\":\"Armin Ronacher\",\"email\":\"[email protected]\",\"role\":\"Project Founder\"},{\"name\":\"Twig Team\",\"homepage\":\"http://twig.sensiolabs.org/contributors\",\"role\":\"Contributors\"}],\"description\":\"Twig, the flexible, fast, and secure template language for PHP\",\"homepage\":\"http://twig.sensiolabs.org\",\"keywords\":[\"templating\"],\"time\":\"2017-09-27T18:06:46+00:00\"},{\"name\":\"yiisoft/yii\",\"version\":\"1.1.14\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/yiisoft/yii.git\",\"reference\":\"f0fee98ee84f70f1f3652f65562c9670e919cb4e\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/yiisoft/yii/zipball/f0fee98ee84f70f1f3652f65562c9670e919cb4e\",\"reference\":\"f0fee98ee84f70f1f3652f65562c9670e919cb4e\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.1.0\"},\"bin\":[\"framework/yiic\"],\"type\":\"library\",\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"BSD-3-Clause\"],\"authors\":[{\"name\":\"Qiang Xue\",\"email\":\"[email protected]\",\"homepage\":\"http://www.yiiframework.com/\",\"role\":\"Founder and project lead\"},{\"name\":\"Alexander Makarov\",\"email\":\"[email protected]\",\"homepage\":\"http://rmcreative.ru/\",\"role\":\"Core framework development\"},{\"name\":\"Maurizio Domba\",\"homepage\":\"http://mdomba.info/\",\"role\":\"Core framework development\"},{\"name\":\"Carsten Brandt\",\"email\":\"[email protected]\",\"homepage\":\"http://cebe.cc/\",\"role\":\"Core framework development\"},{\"name\":\"Wei Zhuo\",\"email\":\"[email protected]\",\"role\":\"Project site maintenance and development\"},{\"name\":\"Sebastián Thierer\",\"email\":\"[email protected]\",\"role\":\"Component development\"},{\"name\":\"Jeffrey Winesett\",\"email\":\"[email protected]\",\"role\":\"Documentation and marketing\"},{\"name\":\"Timur Ruziev\",\"email\":\"[email protected]\",\"homepage\":\"http://resurtm.com/\",\"role\":\"Core framework development\"},{\"name\":\"Paul Klimov\",\"email\":\"[email protected]\",\"role\":\"Core framework development\"}],\"description\":\"Yii Web Programming Framework\",\"homepage\":\"http://www.yiiframework.com/\",\"keywords\":[\"framework\",\"yii\"],\"time\":\"2013-08-12T00:12:08+00:00\"},{\"name\":\"zendframework/zendframework\",\"version\":\"2.1.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/zendframework/zendframework.git\",\"reference\":\"345a8cbedbe8de8a25bf18579fe54d169ac5075a\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/zendframework/zendframework/zipball/345a8cbedbe8de8a25bf18579fe54d169ac5075a\",\"reference\":\"345a8cbedbe8de8a25bf18579fe54d169ac5075a\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.3.3\"},\"replace\":{\"zendframework/zend-authentication\":\"self.version\",\"zendframework/zend-barcode\":\"self.version\",\"zendframework/zend-cache\":\"self.version\",\"zendframework/zend-captcha\":\"self.version\",\"zendframework/zend-code\":\"self.version\",\"zendframework/zend-config\":\"self.version\",\"zendframework/zend-console\":\"self.version\",\"zendframework/zend-crypt\":\"self.version\",\"zendframework/zend-db\":\"self.version\",\"zendframework/zend-debug\":\"self.version\",\"zendframework/zend-di\":\"self.version\",\"zendframework/zend-dom\":\"self.version\",\"zendframework/zend-escaper\":\"self.version\",\"zendframework/zend-eventmanager\":\"self.version\",\"zendframework/zend-feed\":\"self.version\",\"zendframework/zend-file\":\"self.version\",\"zendframework/zend-filter\":\"self.version\",\"zendframework/zend-form\":\"self.version\",\"zendframework/zend-http\":\"self.version\",\"zendframework/zend-i18n\":\"self.version\",\"zendframework/zend-inputfilter\":\"self.version\",\"zendframework/zend-json\":\"self.version\",\"zendframework/zend-ldap\":\"self.version\",\"zendframework/zend-loader\":\"self.version\",\"zendframework/zend-log\":\"self.version\",\"zendframework/zend-mail\":\"self.version\",\"zendframework/zend-math\":\"self.version\",\"zendframework/zend-memory\":\"self.version\",\"zendframework/zend-mime\":\"self.version\",\"zendframework/zend-modulemanager\":\"self.version\",\"zendframework/zend-mvc\":\"self.version\",\"zendframework/zend-navigation\":\"self.version\",\"zendframework/zend-paginator\":\"self.version\",\"zendframework/zend-permissions-acl\":\"self.version\",\"zendframework/zend-permissions-rbac\":\"self.version\",\"zendframework/zend-progressbar\":\"self.version\",\"zendframework/zend-serializer\":\"self.version\",\"zendframework/zend-server\":\"self.version\",\"zendframework/zend-servicemanager\":\"self.version\",\"zendframework/zend-session\":\"self.version\",\"zendframework/zend-soap\":\"self.version\",\"zendframework/zend-stdlib\":\"self.version\",\"zendframework/zend-tag\":\"self.version\",\"zendframework/zend-test\":\"self.version\",\"zendframework/zend-text\":\"self.version\",\"zendframework/zend-uri\":\"self.version\",\"zendframework/zend-validator\":\"self.version\",\"zendframework/zend-version\":\"self.version\",\"zendframework/zend-view\":\"self.version\",\"zendframework/zend-xmlrpc\":\"self.version\"},\"require-dev\":{\"doctrine/common\":\">=2.1\",\"phpunit/phpunit\":\"3.7.*\"},\"suggest\":{\"doctrine/common\":\"Doctrine\\Common >=2.1 for annotation features\",\"ext-intl\":\"ext/intl for i18n features\",\"pecl-weakref\":\"Implementation of weak references for Zend\\Stdlib\\CallbackHandler\",\"zendframework/zendpdf\":\"ZendPdf for creating PDF representations of barcodes\",\"zendframework/zendservice-recaptcha\":\"ZendService\\ReCaptcha for rendering ReCaptchas in Zend\\Captcha and/or Zend\\Form\"},\"bin\":[\"bin/classmap_generator.php\"],\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"2.1-dev\",\"dev-develop\":\"2.2-dev\"}},\"autoload\":{\"psr-0\":{\"Zend\\\":\"library/\",\"ZendTest\\\":\"tests/\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"BSD-3-Clause\"],\"description\":\"Zend Framework 2\",\"homepage\":\"http://framework.zend.com/\",\"keywords\":[\"framework\",\"zf2\"],\"time\":\"2013-01-30T16:46:21+00:00\"}],\"packages-dev\":[],\"aliases\":[],\"minimum-stability\":\"stable\",\"stability-flags\":[],\"prefer-stable\":false,\"prefer-lowest\":false,\"platform\":{\"php\":\">=5.3.2\"},\"platform-dev\":[]}"
      }
    ]
  }
}

200Success

{
  "ok": false,
  "issues": {
    "vulnerabilities": [
      {
        "id": "SNYK-PHP-AWSAWSSDKPHP-70003",
        "url": "https://snyk.io/vuln/SNYK-PHP-AWSAWSSDKPHP-70003",
        "title": "Arbitrary Code Execution",
        "type": "vuln",
        "description": "## Overview\n  Affected versions of [`aws/aws-sdk-php`](https://packagist.org/packages/aws/aws-sdk-php) are vulnerable to Arbitrary Code Execution.\n\nDoctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.\n\n## Remediation\nUpgrade `aws/aws-sdk-php` to version 3.2.1 or higher.\n\n## References\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2015-5723)\n- [Github ChangeLog](https://github.com/aws/aws-sdk-php/blob/master/CHANGELOG.md#321---2015-07-23)\n",
        "functions": [],
        "from": [
          "aws/[email protected]"
        ],
        "package": "aws/aws-sdk-php",
        "version": "3.0.0",
        "severity": "high",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            "<3.2.1"
          ]
        },
        "publicationTime": "2015-07-24T00:41:41Z",
        "disclosureTime": "2015-07-24T00:41:41Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2015-5723"
          ],
          "CWE": [
            "CWE-264"
          ]
        },
        "credit": [
          "Ryan Lane"
        ],
        "CVSSv3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "cvssScore": 7.8,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-DOCTRINECOMMON-70024",
        "url": "https://snyk.io/vuln/SNYK-PHP-DOCTRINECOMMON-70024",
        "title": "Arbitrary Code Execution",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`doctrine/common`](https://packagist.org/packages/doctrine/common) are vulnerable to Arbitrary Code Execution.\n\nDoctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.\n\n## Remediation\nUpgrade `doctrine/common` to version 2.5.1, 2.4.3 or higher.\n\n## References\n- [Doctrine Release Notes](http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html)\n",
        "functions": [],
        "from": [
          "doctrine/[email protected]"
        ],
        "package": "doctrine/common",
        "version": "2.5.0",
        "severity": "high",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            "<2.4.3",
            ">=2.5.0, <2.5.1"
          ]
        },
        "publicationTime": "2015-08-31T14:42:59Z",
        "disclosureTime": "2015-08-31T14:42:59Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2015-5723"
          ],
          "CWE": [
            "CWE-94"
          ]
        },
        "credit": [
          "Ryan Lane"
        ],
        "CVSSv3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "cvssScore": 7.8,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-DOCTRINECOMMON-70024",
        "url": "https://snyk.io/vuln/SNYK-PHP-DOCTRINECOMMON-70024",
        "title": "Arbitrary Code Execution",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`doctrine/common`](https://packagist.org/packages/doctrine/common) are vulnerable to Arbitrary Code Execution.\n\nDoctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.\n\n## Remediation\nUpgrade `doctrine/common` to version 2.5.1, 2.4.3 or higher.\n\n## References\n- [Doctrine Release Notes](http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]",
          "doctrine/[email protected]"
        ],
        "package": "doctrine/common",
        "version": "2.5.0",
        "severity": "high",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            "<2.4.3",
            ">=2.5.0, <2.5.1"
          ]
        },
        "publicationTime": "2015-08-31T14:42:59Z",
        "disclosureTime": "2015-08-31T14:42:59Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2015-5723"
          ],
          "CWE": [
            "CWE-94"
          ]
        },
        "credit": [
          "Ryan Lane"
        ],
        "CVSSv3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "cvssScore": 7.8,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-SYMFONYSYMFONY-173743",
        "url": "https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-173743",
        "title": "Cross-site Scripting (XSS)",
        "type": "vuln",
        "description": "## Overview\n\n[symfony/symfony](https://packagist.org/packages/symfony/symfony) is a PHP framework for web applications and a set of reusable PHP components.\n\n\nAffected versions of this package are vulnerable to Cross-site Scripting (XSS).\nA remote attacker could inject arbitrary web script or HTML via the \"file\" parameter in a URL.\n\n## Details\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\r\n\r\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.\r\n\r\nֿInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\r\n\r\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as  `&lt`; and `>` can be coded as `&gt`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.\r\n \r\nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. \r\n\r\n### Types of attacks\r\nThere are a few methods by which XSS can be manipulated:\r\n\r\n|Type|Origin|Description|\r\n|--|--|--|\r\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\r\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.| \r\n|**DOM-based**|Client|The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\r\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\r\n\r\n### Affected environments\r\nThe following environments are susceptible to an XSS attack:\r\n\r\n* Web servers\r\n* Application servers\r\n* Web application environments\r\n\r\n### How to prevent\r\nThis section describes the top best practices designed to specifically protect your code: \r\n\r\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. \r\n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents. \r\n* Give users the option to disable client-side scripts.\r\n* Redirect invalid requests.\r\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\r\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\r\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.\n\n## Remediation\n\nUpgrade `symfony/symfony` to version 4.1 or higher.\n\n\n## References\n\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2018-12040)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]"
        ],
        "package": "symfony/symfony",
        "version": "2.3.1",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            "<4.1"
          ]
        },
        "publicationTime": "2018-06-14T00:35:49Z",
        "disclosureTime": "2018-06-08T00:35:49Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2018-12040"
          ],
          "CWE": [
            "CWE-79"
          ]
        },
        "credit": [
          "Unknown"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "cvssScore": 6.1,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-SYMFONYSYMFONY-173744",
        "url": "https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-173744",
        "title": "Host Header Injection",
        "type": "vuln",
        "description": "## Overview\n\n[symfony/symfony](https://packagist.org/packages/symfony/symfony) is a PHP framework for web applications and a set of reusable PHP components.\n\n\nAffected versions of this package are vulnerable to Host Header Injection.\nWhen using `HttpCache`, the values of the `X-Forwarded-Host` headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection.\n\n## Remediation\n\nUpgrade `symfony/symfony` to version 2.7.49, 2.8.44, 3.3.18, 3.4.14, 4.0.14, 4.1.2 or higher.\n\n\n## References\n\n- [GitHub Commit](https://github.com/symfony/symfony/commit/725dee4cd8b4ccd52e335ae4b4522242cea9bd4a)\n\n- [GitHub Release Tag 4.1.3](https://github.com/symfony/symfony/releases/tag/v4.1.3)\n\n- [Symphony Security Blog](https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]"
        ],
        "package": "symfony/symfony",
        "version": "2.3.1",
        "severity": "high",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            "<2.7.49",
            ">=2.8.0, <2.8.44",
            ">=3.3.0, <3.3.18",
            ">=3.4.0, <3.4.14",
            ">=4.0.0, <4.0.14",
            ">=4.1.0, <4.1.2"
          ]
        },
        "publicationTime": "2018-08-05T13:44:27Z",
        "disclosureTime": "2018-07-31T17:24:43Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2018-14774"
          ],
          "CWE": [
            "CWE-444"
          ]
        },
        "credit": [
          "Chaosversum"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
        "cvssScore": 7.2,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-SYMFONYSYMFONY-173745",
        "url": "https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-173745",
        "title": "Cross-site Scripting (XSS)",
        "type": "vuln",
        "description": "## Overview\n\n[symfony/symfony](https://packagist.org/packages/symfony/symfony) is a PHP framework for web applications and a set of reusable PHP components.\n\n\nAffected versions of this package are vulnerable to Cross-site Scripting (XSS)\nvia the content page.\n\n## Details\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\r\n\r\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.\r\n\r\nֿInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\r\n\r\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as  `&lt`; and `>` can be coded as `&gt`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.\r\n \r\nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. \r\n\r\n### Types of attacks\r\nThere are a few methods by which XSS can be manipulated:\r\n\r\n|Type|Origin|Description|\r\n|--|--|--|\r\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\r\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.| \r\n|**DOM-based**|Client|The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\r\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\r\n\r\n### Affected environments\r\nThe following environments are susceptible to an XSS attack:\r\n\r\n* Web servers\r\n* Application servers\r\n* Web application environments\r\n\r\n### How to prevent\r\nThis section describes the top best practices designed to specifically protect your code: \r\n\r\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. \r\n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents. \r\n* Give users the option to disable client-side scripts.\r\n* Redirect invalid requests.\r\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\r\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\r\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.\n\n## Remediation\n\nUpgrade `symfony/symfony` to version 2.7.7 or higher.\n\n\n## References\n\n- [GitHub Commit](https://github.com/symphonycms/symphony-2/commit/1ace6b31867cc83267b3550686271c9c65ac3ec0)\n\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2018-12043)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]"
        ],
        "package": "symfony/symfony",
        "version": "2.3.1",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            "<2.7.7"
          ]
        },
        "publicationTime": "2018-06-13T10:56:51Z",
        "disclosureTime": "2018-06-07T21:05:47Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2018-12043"
          ],
          "CWE": [
            "CWE-79"
          ]
        },
        "credit": [
          "Unknown"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "cvssScore": 6.1,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-SYMFONYSYMFONY-70207",
        "url": "https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70207",
        "title": "Loss of Information",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Loss of Information.\n\nWhen using the Validator component, if Symfony\\\\Component\\\\Validator\\\\Mapping\\\\Cache\\\\ApcCache is enabled (or any other cache implementing Symfony\\\\Component\\\\Validator\\\\Mapping\\\\Cache\\\\CacheInterface), some information is lost during serialization (the collectionCascaded and the collectionCascadedDeeply fields).\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.3, 2.1.12, 2.2.5, 2.0.24 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]"
        ],
        "package": "symfony/symfony",
        "version": "2.3.1",
        "severity": "low",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            ">=2.3.0, <2.3.3",
            ">=2.1.0, <2.1.12",
            ">=2.2.0, <2.2.5",
            ">=2, <2.0.24"
          ]
        },
        "publicationTime": "2013-08-17T07:55:32Z",
        "disclosureTime": "2013-08-17T07:55:32Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2013-4751"
          ],
          "CWE": [
            "CWE-221"
          ]
        },
        "credit": [
          "Alexandre Salome"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "cvssScore": 3.7,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-SYMFONYSYMFONY-70208",
        "url": "https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70208",
        "title": "HTTP Host Header Poisoning",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to HTTP Host Header Poisoning.\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.3, 2.1.12, 2.2.5, 2.0.24 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]"
        ],
        "package": "symfony/symfony",
        "version": "2.3.1",
        "severity": "high",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            ">=2.3.0, <2.3.3",
            ">=2.1.0, <2.1.12",
            ">=2.2.0, <2.2.5",
            ">=2, <2.0.24"
          ]
        },
        "publicationTime": "2013-08-17T09:14:49Z",
        "disclosureTime": "2013-08-17T09:14:49Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2013-4752"
          ],
          "CWE": [
            "CWE-74"
          ]
        },
        "credit": [
          "Jordan Alliot"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
        "cvssScore": 8.2,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-SYMFONYSYMFONY-70209",
        "url": "https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70209",
        "title": "Denial of Service (DoS)",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Denial of Service (DoS).\n\nThe Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to [CVE-2013-5750](https://snyk.io/vuln/SNYK-PHP-FRIENDSOFSYMFONYUSERBUNDLE-70102).\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\n\n\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\n\n\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\n\n\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\n\n\nTwo common types of DoS vulnerabilities:\n\n\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\n\n\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example,  [npm `ws` package](npm:ws:20171108)\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.6, 2.1.13, 2.2.9, 2.0.25 or higher.\n\n## References\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2013-5958)\n- [Symfony Release Notes](http://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]"
        ],
        "package": "symfony/symfony",
        "version": "2.3.1",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            ">=2, <2.0.25",
            ">=2.1.0, <2.1.13",
            ">=2.2.0, <2.2.9",
            ">=2.3.0, <2.3.6"
          ]
        },
        "publicationTime": "2013-10-10T08:30:51Z",
        "disclosureTime": "2013-10-10T08:30:51Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2013-5958"
          ],
          "CWE": [
            "CWE-400"
          ]
        },
        "credit": [
          "Unknown"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "cvssScore": 5.3,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-SYMFONYSYMFONY-70210",
        "url": "https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70210",
        "title": "Arbitrary Code Injection",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Arbitrary Code Injection.\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.19, 2.2.0, 2.4.9, 2.5.4, 2.3.0, 2.1.0 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released)\n- [GitHub Commit](https://github.com/symfony/symfony/commit/06a80fbdbe744ad6f3010479ba64ef5cf35dd9af)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]"
        ],
        "package": "symfony/symfony",
        "version": "2.3.1",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            ">=2.3.0, <2.3.19",
            ">=2.1.0, <2.2.0",
            ">=2.4.0, <2.4.9",
            ">=2.5.0, <2.5.4",
            ">=2.2.0, <2.3.0",
            ">=2, <2.1.0"
          ]
        },
        "publicationTime": "2014-07-25T22:18:02Z",
        "disclosureTime": "2014-07-25T22:18:02Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2014-4931"
          ],
          "CWE": [
            "CWE-94"
          ]
        },
        "credit": [
          "Jeremy Derussé"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
        "cvssScore": 5.6,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-SYMFONYSYMFONY-70211",
        "url": "https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70211",
        "title": "Denial of Service (DoS)",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Denial of Service (DoS).\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\n\n\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\n\n\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\n\n\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\n\n\nTwo common types of DoS vulnerabilities:\n\n\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\n\n\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example,  [npm `ws` package](npm:ws:20171108)\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.19, 2.4.9, 2.5.4 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/cve-2014-5244-denial-of-service-with-a-malicious-http-host-header)\n- [GitHub PR](https://github.com/symfony/symfony/pull/11828)\n- [GitHub Commit](https://github.com/symfony/symfony/commit/1ee96a8b1b0987ffe2a62dca7ad268bf9edfa9b8)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]"
        ],
        "package": "symfony/symfony",
        "version": "2.3.1",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            ">=2, <2.3.19",
            ">=2.4.0, <2.4.9",
            ">=2.5.0, <2.5.4"
          ]
        },
        "publicationTime": "2014-09-03T07:37:21Z",
        "disclosureTime": "2014-09-03T07:37:21Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2014-5244"
          ],
          "CWE": [
            "CWE-400"
          ]
        },
        "credit": [
          "Unknown"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "cvssScore": 5.3,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-SYMFONYSYMFONY-70212",
        "url": "https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70212",
        "title": "Information Exposure",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Information Exposure.\n\nWhen you enable the ESI feature and when you are using a proxy like Varnish that you configured as a trusted proxy, the FragmentHandler considered requests to render fragments as coming from a trusted source, even if the client was requesting them directly. Symfony can not distinguish between ESI requests done on behalf of the client by Varnish and faked fragment requests coming directly from the client.\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.19, 2.2.0, 2.4.9, 2.5.4, 2.3.0, 2.1.0 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/cve-2014-5245-direct-access-of-esi-urls-behind-a-trusted-proxy)\n- [GitHub PR](https://github.com/symfony/symfony/pull/11831)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]"
        ],
        "package": "symfony/symfony",
        "version": "2.3.1",
        "severity": "low",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            ">=2.3.0, <2.3.19",
            ">=2.1.0, <2.2.0",
            ">=2.4.0, <2.4.9",
            ">=2.5.0, <2.5.4",
            ">=2.2.0, <2.3.0",
            ">=2, <2.1.0"
          ]
        },
        "publicationTime": "2014-09-03T07:40:02Z",
        "disclosureTime": "2014-09-03T07:40:02Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2014-5245"
          ],
          "CWE": [
            "CWE-200"
          ]
        },
        "credit": [
          "Cédric Nirousset",
          "Trent Steel",
          "Christophe Coevoet"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "cvssScore": 3.7,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-SYMFONYSYMFONY-70213",
        "url": "https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70213",
        "title": "Authentication Bypass",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Authentication Bypass.\n\nWhen an application uses an HTTP basic or digest authentication, Symfony does not parse the Authorization header properly, which could be exploited in some server setups (no exploits have been demonstrated though.)\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.19, 2.2.0, 2.4.9, 2.5.4, 2.3.0, 2.1.0 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/cve-2014-6061-security-issue-when-parsing-the-authorization-header)\n- [GitHub Issue](https://github.com/symfony/symfony/pull/11829)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]"
        ],
        "package": "symfony/symfony",
        "version": "2.3.1",
        "severity": "low",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            ">=2.3.0, <2.3.19",
            ">=2.1.0, <2.2.0",
            ">=2.4.0, <2.4.9",
            ">=2.5.0, <2.5.4",
            ">=2.2.0, <2.3.0",
            ">=2, <2.1.0"
          ]
        },
        "publicationTime": "2014-09-03T07:38:23Z",
        "disclosureTime": "2014-09-03T07:38:23Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2014-6061"
          ],
          "CWE": [
            "CWE-592"
          ]
        },
        "credit": [
          "Damien Tournoud"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "cvssScore": 3.7,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-SYMFONYSYMFONY-70214",
        "url": "https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70214",
        "title": "Cross-site Request Forgery (CSRF)",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Cross-site Request Forgery (CSRF).\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.19, 2.2.0, 2.4.9, 2.5.4, 2.3.0, 2.1.0 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/cve-2014-6072-csrf-vulnerability-in-the-web-profiler)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]"
        ],
        "package": "symfony/symfony",
        "version": "2.3.1",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            ">=2.3.0, <2.3.19",
            ">=2.1.0, <2.2.0",
            ">=2.4.0, <2.4.9",
            ">=2.5.0, <2.5.4",
            ">=2.2.0, <2.3.0",
            ">=2, <2.1.0"
          ]
        },
        "publicationTime": "2014-09-03T07:40:30Z",
        "disclosureTime": "2014-09-03T07:40:30Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2014-6072"
          ],
          "CWE": [
            "CWE-352"
          ]
        },
        "credit": [
          "Unknown"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
        "cvssScore": 6.3,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-SYMFONYSYMFONY-70215",
        "url": "https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70215",
        "title": "Arbitrary Code Injection",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Arbitrary Code Injection.\n\nEval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a `language=\"php\"` attribute of a SCRIPT element.\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.27, 2.6.6, 2.2.0, 2.5.0, 2.5.11, 2.3.0, 2.1.0 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/cve-2015-2308-esi-code-injection)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]"
        ],
        "package": "symfony/symfony",
        "version": "2.3.1",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            ">=2.3.0, <2.3.27",
            ">=2.6.0, <2.6.6",
            ">=2.1.0, <2.2.0",
            ">=2.4.0, <2.5.0",
            ">=2.5.0, <2.5.11",
            ">=2.2.0, <2.3.0",
            ">=2, <2.1.0"
          ]
        },
        "publicationTime": "2015-04-01T18:55:26Z",
        "disclosureTime": "2015-04-01T18:55:26Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2015-2308"
          ],
          "CWE": [
            "CWE-94"
          ]
        },
        "credit": [
          "Unknown"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
        "cvssScore": 6.3,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-SYMFONYSYMFONY-70216",
        "url": "https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70216",
        "title": "Man-in-the-Middle (MitM)",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Man-in-the-Middle (MitM).\n\nThe `Symfony\\Component\\HttpFoundation\\Request` class provides a mechanism that ensures it does not trust HTTP header values coming from a \"non-trusted\" client. Unfortunately, it assumes that the remote address is always a trusted client if at least one trusted proxy is involved in the request; this allows a man-in-the-middle attack between the latest trusted proxy and the web server.\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.27, 2.5.11, 2.6.6 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]"
        ],
        "package": "symfony/symfony",
        "version": "2.3.1",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            ">=2, <2.3.27",
            ">=2.4.0, <2.5.11",
            ">=2.6.0, <2.6.6"
          ]
        },
        "publicationTime": "2015-04-01T18:55:26Z",
        "disclosureTime": "2015-04-01T18:55:26Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2015-2309"
          ],
          "CWE": [
            "CWE-300"
          ]
        },
        "credit": [
          "Dmitrii Chekaliuk"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "cvssScore": 6.5,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-SYMFONYSYMFONY-70218",
        "url": "https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70218",
        "title": "Session Fixation",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Session Fixation.\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.35, 2.6.12, 2.5.0, 2.7.7, 2.6.0 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]"
        ],
        "package": "symfony/symfony",
        "version": "2.3.1",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            ">=2.3.0, <2.3.35",
            ">=2.6.0, <2.6.12",
            ">=2.4.0, <2.5.0",
            ">=2.7.0, <2.7.7",
            ">=2.5.0, <2.6.0"
          ]
        },
        "publicationTime": "2015-11-23T11:45:06Z",
        "disclosureTime": "2015-11-23T11:45:06Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2015-8124"
          ],
          "CWE": [
            "CWE-384"
          ]
        },
        "credit": [
          "Unknown"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
        "cvssScore": 6.3,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-SYMFONYSYMFONY-70219",
        "url": "https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70219",
        "title": "Timing Attack",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Timing Attack.\n\nSymfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving:\n* Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices or\n* Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener class in the Symfony Security Component, or\n* legacy CSRF implementation from the Symfony/Component/Form/Extension/Csrf/CsrfProvider/DefaultCsrfProvider class in the Symfony Form component.\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.35, 2.6.12, 2.5.0, 2.7.7, 2.6.0 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/cve-2015-8125-potential-remote-timing-attack-vulnerability-in-security-remember-me-service)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]"
        ],
        "package": "symfony/symfony",
        "version": "2.3.1",
        "severity": "high",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            ">=2.3.0, <2.3.35",
            ">=2.6.0, <2.6.12",
            ">=2.4.0, <2.5.0",
            ">=2.7.0, <2.7.7",
            ">=2.5.0, <2.6.0"
          ]
        },
        "publicationTime": "2015-11-23T11:45:06Z",
        "disclosureTime": "2015-11-23T11:45:06Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2015-8125"
          ],
          "CWE": [
            "CWE-208"
          ]
        },
        "credit": [
          "Sebastiaan Stok"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
        "cvssScore": 7.3,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-SYMFONYSYMFONY-70220",
        "url": "https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70220",
        "title": "Insecure Randomness",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Insecure Randomness .\n\nThe nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.37, 2.6.13, 2.5.0, 2.7.9, 2.6.0 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]"
        ],
        "package": "symfony/symfony",
        "version": "2.3.1",
        "severity": "high",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            ">=2.3.0, <2.3.37",
            ">=2.6.0, <2.6.13",
            ">=2.4.0, <2.5.0",
            ">=2.7.0, <2.7.9",
            ">=2.5.0, <2.6.0"
          ]
        },
        "publicationTime": "2016-01-14T09:59:32Z",
        "disclosureTime": "2016-01-14T09:59:32Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2016-1902"
          ],
          "CWE": [
            "CWE-330"
          ]
        },
        "credit": [
          "Unknown"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "cvssScore": 7.5,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-SYMFONYSYMFONY-70222",
        "url": "https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70222",
        "title": "Denial of Service (DoS)",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Denial of Service (DoS).\n\nThe attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\n\n\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\n\n\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\n\n\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\n\n\nTwo common types of DoS vulnerabilities:\n\n\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\n\n\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example,  [npm `ws` package](npm:ws:20171108)\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.41, 2.7.0, 2.5.0, 2.7.13, 2.6.0, 2.8.6, 3.0.6 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session)\n- [GitHub PR](https://github.com/symfony/symfony/pull/18733)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]"
        ],
        "package": "symfony/symfony",
        "version": "2.3.1",
        "severity": "high",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            ">=2.3.0, <2.3.41",
            ">=2.6.0, <2.7.0",
            ">=2.4.0, <2.5.0",
            ">=2.7.0, <2.7.13",
            ">=2.5.0, <2.6.0",
            ">=2.8.0, <2.8.6",
            ">=3, <3.0.6"
          ]
        },
        "publicationTime": "2016-05-09T21:31:02Z",
        "disclosureTime": "2016-05-09T21:31:02Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2016-4423"
          ],
          "CWE": [
            "CWE-400"
          ]
        },
        "credit": [
          "Marek Alaksa"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "cvssScore": 7.5,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-SYMFONYSYMFONY-72196",
        "url": "https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-72196",
        "title": "Denial of Service (DoS)",
        "type": "vuln",
        "description": "## Overview\n[symfony/symfony](https://packagist.org/packages/symfony/symfony) is a set of reusable PHP components.\n\nAffected versions of this package are vulnerable to Denial of Service (DoS) attacks via the `PDOSessionHandler` class.\n\n**An application is vulnerable when:**\n\n* It uses `PDOSessionHandler` to store its sessions\n* And it uses MySQL as a backend for sessions managed by `PDOSessionHandler`\n* And the SQL mode does not contain `STRICT_ALL_TABLES` or `STRICT_TRANS_TABLES`.\n\nWith this configuration, An attacker may conduct a denial of service by a well-crafted session, which leads to an infinite loop in the code.\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\n\n\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\n\n\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\n\n\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\n\n\nTwo common types of DoS vulnerabilities:\n\n\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\n\n\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example,  [npm `ws` package](npm:ws:20171108)\n\n## Remediation\nUpgrade `symfony/symfony` to versions 2.7.48, 2.8.41, 3.3.17, 3.4.11, 4.0.11 or higher.\n\n## References\n- [Symphony Security Advisory](https://symfony.com/cve-2018-11386)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]"
        ],
        "package": "symfony/symfony",
        "version": "2.3.1",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            "<2.7.48",
            ">=2.8.0, <2.8.41",
            ">=3.0.0, <3.3.17",
            ">=3.4.0, <3.4.11",
            ">=4.0.0, <4.0.11"
          ]
        },
        "publicationTime": "2018-05-30T11:36:38.154000Z",
        "disclosureTime": "2018-05-30T03:25:45.531000Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2018-11386"
          ],
          "CWE": [
            "CWE-835"
          ]
        },
        "credit": [
          "Federico Stange"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "cvssScore": 5.9,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-SYMFONYSYMFONY-72197",
        "url": "https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-72197",
        "title": "Access Restriction Bypass",
        "type": "vuln",
        "description": "## Overview\n[symfony/symfony](https://packagist.org/packages/symfony/symfony) is a set of PHP components.\n\nAffected versions of this package are vulnerable to Access Restriction Bypass. A misconfigured LDAP server allowed unauthorized access, due to a missing check for `null` passwords.\n\n**Note:** This is related to [CVE-2016-2403](https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70221).\n\n## Remediation\nUpgrade `symfony/symfony` to versions 2.8.37, 3.3.17, 3.4.7, 4.0.7 or higher.\n\n## References\n- [Symphony Security Advisory](https://symfony.com/cve-2018-11407)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]"
        ],
        "package": "symfony/symfony",
        "version": "2.3.1",
        "severity": "critical",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            "<2.8.37",
            ">=3.0.0, <3.3.17",
            ">=3.4.0, <3.4.7",
            ">=4.0.0, <4.0.7"
          ]
        },
        "publicationTime": "2018-05-30T11:36:38.236000Z",
        "disclosureTime": "2018-05-30T03:25:45.532000Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2018-11407"
          ],
          "CWE": [
            "CWE-284"
          ]
        },
        "credit": [
          "Theo Bouge"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "cvssScore": 9.8,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-SYMFONYSYMFONY-72198",
        "url": "https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-72198",
        "title": "CSRF Token Fixation",
        "type": "vuln",
        "description": "## Overview\n[symfony/symfony](https://packagist.org/packages/symfony/symfony) is a set of reusable PHP components.\n\nAffected versions of this package are vulnerable to CSRF Token Fixation. CSRF tokens where not erased during logout, when the `invalidate_session` option was disabled. By default, a user’s session is invalidated when the user is logged out.\n\n## Remediation\nUpgrade `symfony/symfony` to versions 2.7.48, 2.8.41, 3.3.17, 3.4.11, 4.0.11 or higher.\n\n## References\n- [Symphony Security Advisory](https://symfony.com/cve-2018-11406)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]"
        ],
        "package": "symfony/symfony",
        "version": "2.3.1",
        "severity": "high",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            "<2.7.48",
            ">=2.8.0, <2.8.41",
            ">=3.0.0, <3.3.17",
            ">=3.4.0, <3.4.11",
            ">=4.0.0, <4.0.11"
          ]
        },
        "publicationTime": "2018-05-30T11:36:38.318000Z",
        "disclosureTime": "2018-05-30T03:25:45.533000Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2018-11406"
          ],
          "CWE": [
            "CWE-384"
          ]
        },
        "credit": [
          "Kevin Liagre"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "cvssScore": 8.8,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-SYMFONYSYMFONY-72199",
        "url": "https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-72199",
        "title": "Open Redirect",
        "type": "vuln",
        "description": "## Overview\n[symfony/symfony](https://packagist.org/packages/symfony/symfony) is a set of reusable PHP components.\n\nAffected versions of this package are vulnerable to Open Redirect. This is due to an incomplete fix for [CVE-2017-16652](https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70381). There was an an edge case when the `security.http_utils` was inlined by the container.\n\n## Remediation\nUpgrade `symfony/symfony` to versions 2.7.48, 2.8.41, 3.3.17, 3.4.11, 4.0.11 or higher.\n\n## References\n- [Symphony Security Advisory](https://symfony.com/cve-2018-11408)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]"
        ],
        "package": "symfony/symfony",
        "version": "2.3.1",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            "<2.7.48",
            ">=2.8.0, <2.8.41",
            ">=3.0.0, <3.3.17",
            ">=3.4.0, <3.4.11",
            ">=4.0.0, <4.0.11"
          ]
        },
        "publicationTime": "2018-05-30T11:36:38.403000Z",
        "disclosureTime": "2018-05-30T03:25:45.535000Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2018-11408"
          ],
          "CWE": [
            "CWE-601"
          ]
        },
        "credit": [
          "Antal Aron"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "cvssScore": 6.1,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-SYMFONYSYMFONY-72200",
        "url": "https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-72200",
        "title": "Session Fixation",
        "type": "vuln",
        "description": "## Overview\n[symfony/symfony](https://packagist.org/packages/symfony/symfony) is a set of reusable PHP components.\n\nAffected versions of this package are vulnerable to Session Fixation via the `Guard` login feature. An attacker may be able to impersonate the victim towards the web application if the session id value was previously known to the attacker. This allows the attacker to access a Symfony web application with the attacked user's permissions.\n\n**Note:**\n* The `Guard authentication` login feature must be enabled for the attack to be applicable.\n* The attacker must have access to the `PHPSESSID` cookie value or has successfully set a new value in the user's browser.\n\n## Remediation\nUpgrade `symfony/symfony` to versions 2.7.48, 2.8.41, 3.3.17, 3.4.11, 4.0.11 or higher.\n\n## References\n- [Symphony Security Advisory](https://symfony.com/cve-2018-11385)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]"
        ],
        "package": "symfony/symfony",
        "version": "2.3.1",
        "severity": "high",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            "<2.7.48",
            ">=2.8.0, <2.8.41",
            ">=3.0.0, <3.3.17",
            ">=3.4.0, <3.4.11",
            ">=4.0.0, <4.0.11"
          ]
        },
        "publicationTime": "2018-05-30T11:36:38.526000Z",
        "disclosureTime": "2018-05-30T03:25:45.536000Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2018-11385"
          ],
          "CWE": [
            "CWE-384"
          ]
        },
        "credit": [
          "Chris Wilkinson"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "cvssScore": 8.1,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-SYMFONYSYMFONY-72246",
        "url": "https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-72246",
        "title": "Cross-site Scripting (XSS)",
        "type": "vuln",
        "description": "## Overview\n[symfony/symfony](https://packagist.org/packages/symfony/symfony) is the The Symfony PHP framework.\n\nAffected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks via the `ExceptionHandler.php` method.\n\n## Details\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\r\n\r\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.\r\n\r\nֿInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\r\n\r\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as  `&lt`; and `>` can be coded as `&gt`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.\r\n \r\nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. \r\n\r\n### Types of attacks\r\nThere are a few methods by which XSS can be manipulated:\r\n\r\n|Type|Origin|Description|\r\n|--|--|--|\r\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\r\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.| \r\n|**DOM-based**|Client|The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\r\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\r\n\r\n### Affected environments\r\nThe following environments are susceptible to an XSS attack:\r\n\r\n* Web servers\r\n* Application servers\r\n* Web application environments\r\n\r\n### How to prevent\r\nThis section describes the top best practices designed to specifically protect your code: \r\n\r\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. \r\n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents. \r\n* Give users the option to disable client-side scripts.\r\n* Redirect invalid requests.\r\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\r\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\r\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.\n\n\n## Remediation\nUpgrade `symfony/symfony` to versions 2.7.33, 2.8.26, 3.2.13, 3.3.6 or higher.\n\n## References\n- [GitHub PR](https://github.com/symfony/symfony/pull/23684)\n- [GitHub Issue](https://github.com/symfony/symfony/issues/27987)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]"
        ],
        "package": "symfony/symfony",
        "version": "2.3.1",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            "<2.7.33",
            ">=2.8.0, <2.8.26",
            ">=3.0.0, <3.2.13",
            ">=3.3.0, <3.3.6"
          ]
        },
        "publicationTime": "2018-07-30T13:57:42.005000Z",
        "disclosureTime": "2018-07-20T00:54:33.251000Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2017-18343"
          ],
          "CWE": [
            "CWE-79"
          ]
        },
        "credit": [
          "Unknown"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "cvssScore": 6.1,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-TWIGTWIG-173776",
        "url": "https://snyk.io/vuln/SNYK-PHP-TWIGTWIG-173776",
        "title": "Information Exposure",
        "type": "vuln",
        "description": "## Overview\n\n[twig/twig](https://packagist.org/packages/twig/twig) is a flexible, fast, and secure template language for PHP.\n\n\nAffected versions of this package are vulnerable to Information Exposure\ndue to allowing the evaluation of non-trusted templates in a sandbox, where everything is forbidden if not explicitly allowed by a sandbox policy (tags, filters, functions, method calls, ...).\n\n\n*Note: If you are not using the sandbox, your code is not affected.*\n\n## Remediation\n\nUpgrade `twig/twig` to version 1.38.0, 2.7.0 or higher.\n\n\n## References\n\n- [GitHub Commit](https://github.com/twigphp/Twig/commit/0f3af98ef6e71929ad67fb6e5f3ad65777c1c4c5)\n\n- [Twig Security Advisory](https://symfony.com/blog/twig-sandbox-information-disclosure)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]",
          "twig/[email protected]"
        ],
        "package": "twig/twig",
        "version": "1.35.0",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            ">=1.0.0, <1.38.0",
            ">=2.0.0, <2.7.0"
          ]
        },
        "publicationTime": "2019-03-12T13:58:49Z",
        "disclosureTime": "2019-03-12T13:58:49Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2019-9942"
          ],
          "CWE": [
            "CWE-200"
          ]
        },
        "credit": [
          "Fabien Potencier"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/RL:O",
        "cvssScore": 4.8,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-TWIGTWIG-72239",
        "url": "https://snyk.io/vuln/SNYK-PHP-TWIGTWIG-72239",
        "title": "Server Side Template Injection (SSTI)",
        "type": "vuln",
        "description": "## Overview\n[twig/twig](https://packagist.org/packages/twig/twig) is a flexible, fast, and secure template language for PHP.\n\nAffected versions of this package are vulnerable to Server Side Template Injection (SSTI) via the `search_key` parameter.\n\n## Remediation\nUpgrade `twig/twig` to version 2.4.4 or higher.\n\n## References\n- [Exploit-DB](https://www.exploit-db.com/exploits/44102/)\n- [GitHub Commit](https://github.com/twigphp/Twig/commit/eddb97148ad779f27e670e1e3f19fb323aedafeb)\n- [GitHub ChangLog](https://github.com/twigphp/Twig/blob/2.x/CHANGELOG)\n",
        "functions": [],
        "from": [
          "symfony/[email protected]",
          "twig/[email protected]"
        ],
        "package": "twig/twig",
        "version": "1.35.0",
        "severity": "critical",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            "<2.4.4"
          ]
        },
        "publicationTime": "2018-07-23T13:46:08.115000Z",
        "disclosureTime": "2018-07-10T15:06:02.373000Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2018-13818"
          ],
          "CWE": [
            "CWE-94"
          ]
        },
        "credit": [
          "Unknown"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "cvssScore": 9.8,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-YIISOFTYII-70295",
        "url": "https://snyk.io/vuln/SNYK-PHP-YIISOFTYII-70295",
        "title": "Arbitrary Code Execution",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`yiisoft/yii`](https://packagist.org/packages/yiisoft/yii) are vulnerable to Arbitrary Code Execution.\n\nThe CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.\n\n## Remediation\nUpgrade `yiisoft/yii` to version 1.1.15 or higher.\n\n## References\n- [Yii Framework Security Advisory](http://www.yiiframework.com/news/78/yii-1-1-15-is-released-security-fix/)\n",
        "functions": [],
        "from": [
          "yiisoft/[email protected]"
        ],
        "package": "yiisoft/yii",
        "version": "1.1.14",
        "severity": "high",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            "<1.1.15"
          ]
        },
        "publicationTime": "2014-06-30T07:15:00Z",
        "disclosureTime": "2014-06-30T07:15:00Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2014-4672"
          ],
          "CWE": [
            "CWE-94"
          ]
        },
        "credit": [
          "Unknown"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
        "cvssScore": 7.3,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70321",
        "url": "https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70321",
        "title": "Route Parameter Injection",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to Route Parameter Injection.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.1.4, 2.0.8 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2013-01)\n",
        "functions": [],
        "from": [
          "zendframework/[email protected]"
        ],
        "package": "zendframework/zendframework",
        "version": "2.1.0",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            ">=2.1.0, <2.1.4",
            ">=2, <2.0.8"
          ]
        },
        "publicationTime": "2013-03-13T08:39:38Z",
        "disclosureTime": "2013-03-13T08:39:38Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [],
          "CWE": [
            "CWE-74"
          ]
        },
        "credit": [
          "codemagician"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "cvssScore": 6.5,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70322",
        "url": "https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70322",
        "title": "Information Exposure",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to Information Exposure.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.1.4, 2.0.8 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2013-02)\n",
        "functions": [],
        "from": [
          "zendframework/[email protected]"
        ],
        "package": "zendframework/zendframework",
        "version": "2.1.0",
        "severity": "low",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            ">=2.1.0, <2.1.4",
            ">=2, <2.0.8"
          ]
        },
        "publicationTime": "2013-03-13T15:05:23Z",
        "disclosureTime": "2013-03-13T15:05:23Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [],
          "CWE": [
            "CWE-200"
          ]
        },
        "credit": [
          "Pádraic Brady"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "cvssScore": 3.7,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70323",
        "url": "https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70323",
        "title": "SQL Injection",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to SQL Injection due to execution of platform-specific SQL containing interpolations.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.1.4, 2.0.8 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2013-03)\n",
        "functions": [],
        "from": [
          "zendframework/[email protected]"
        ],
        "package": "zendframework/zendframework",
        "version": "2.1.0",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            ">=2.1.0, <2.1.4",
            ">=2, <2.0.8"
          ]
        },
        "publicationTime": "2013-03-13T15:04:50Z",
        "disclosureTime": "2013-03-13T15:04:50Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [],
          "CWE": [
            "CWE-89"
          ]
        },
        "credit": [
          "Axel Helmert"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
        "cvssScore": 6.3,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70324",
        "url": "https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70324",
        "title": "IP Spoofing",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to Potential IP Spoofing.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.2.5 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2013-04)\n",
        "functions": [],
        "from": [
          "zendframework/[email protected]"
        ],
        "package": "zendframework/zendframework",
        "version": "2.1.0",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            "<2.2.5"
          ]
        },
        "publicationTime": "2013-10-31T10:35:17Z",
        "disclosureTime": "2013-10-31T10:35:17Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [],
          "CWE": [
            "CWE-290"
          ]
        },
        "credit": [
          "Steve Talbot"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "cvssScore": 5.3,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70325",
        "url": "https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70325",
        "title": "XML External Entity (XXE) Injection",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to XML External Entity (XXE) Injection.\n\n## Details\n\nXXE Injection is a type of attack against an application that parses XML input.\nXML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\n\n\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.\n\n\nFor example, below is a sample XML document, containing an XML element- username.\n\n\n```xml\n<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n\n   <username>John</username>\n\n</xml>\n```\n\n\nAn external XML entity - `xxe`, is defined using a system identifier and present within a DOCTYPE header. These entities can access local or remote content. For example the below code contains an external XML entity that would fetch the content of  `/etc/passwd` and display it to the user rendered by `username`.\n\n\n```xml\n<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<!DOCTYPE foo [\n\n   <!ENTITY xxe SYSTEM \"file:///etc/passwd\" >]>\n\n   <username>&xxe;</username>\n\n</xml>\n```\n\n\nOther XXE Injection attacks can access local resources that may not stop returning data, possibly impacting application availability and leading to Denial of Service.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.1.6, 2.2.6 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2014-01)\n",
        "functions": [],
        "from": [
          "zendframework/[email protected]"
        ],
        "package": "zendframework/zendframework",
        "version": "2.1.0",
        "severity": "high",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            ">=2.1.0, <2.1.6",
            ">=2.2.0, <2.2.6"
          ]
        },
        "publicationTime": "2014-02-26T16:02:02Z",
        "disclosureTime": "2014-02-26T16:02:02Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [],
          "CWE": [
            "CWE-611"
          ]
        },
        "credit": [
          "Lukas Reschke"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
        "cvssScore": 7.3,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70326",
        "url": "https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70326",
        "title": "Cross-site Scripting (XSS)",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to Cross-site Scripting (XSS).\n\n## Details\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\r\n\r\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.\r\n\r\nֿInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\r\n\r\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as  `&lt`; and `>` can be coded as `&gt`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.\r\n \r\nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. \r\n\r\n### Types of attacks\r\nThere are a few methods by which XSS can be manipulated:\r\n\r\n|Type|Origin|Description|\r\n|--|--|--|\r\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\r\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.| \r\n|**DOM-based**|Client|The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\r\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\r\n\r\n### Affected environments\r\nThe following environments are susceptible to an XSS attack:\r\n\r\n* Web servers\r\n* Application servers\r\n* Web application environments\r\n\r\n### How to prevent\r\nThis section describes the top best practices designed to specifically protect your code: \r\n\r\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. \r\n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents. \r\n* Give users the option to disable client-side scripts.\r\n* Redirect invalid requests.\r\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\r\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\r\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.\n\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.3.1, 2.2.7 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2014-03)\n",
        "functions": [],
        "from": [
          "zendframework/[email protected]"
        ],
        "package": "zendframework/zendframework",
        "version": "2.1.0",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            ">=2.3.0, <2.3.1",
            ">=2, <2.2.7"
          ]
        },
        "publicationTime": "2014-02-26T16:02:02Z",
        "disclosureTime": "2014-02-26T16:02:02Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [],
          "CWE": [
            "CWE-79"
          ]
        },
        "credit": [
          "Unknown"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "cvssScore": 6.5,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70327",
        "url": "https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70327",
        "title": "Authentication Bypass",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to Authentication Bypass.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.3.3, 2.2.8 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2014-05)\n",
        "functions": [],
        "from": [
          "zendframework/[email protected]"
        ],
        "package": "zendframework/zendframework",
        "version": "2.1.0",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            ">=2.3.0, <2.3.3",
            ">=2, <2.2.8"
          ]
        },
        "publicationTime": "2014-09-16T22:00:00Z",
        "disclosureTime": "2014-09-16T22:00:00Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2014-8088"
          ],
          "CWE": [
            "CWE-592"
          ]
        },
        "credit": [
          "Matthew Daley"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "cvssScore": 5.3,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70328",
        "url": "https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70328",
        "title": "SQL Injection",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to SQL Injection vector when manually quoting values for sqlsrv extension, using null byte.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.3.3, 2.2.8 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2014-06)\n",
        "functions": [],
        "from": [
          "zendframework/[email protected]"
        ],
        "package": "zendframework/zendframework",
        "version": "2.1.0",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            ">=2.3.0, <2.3.3",
            ">=2, <2.2.8"
          ]
        },
        "publicationTime": "2014-09-16T22:00:00Z",
        "disclosureTime": "2014-09-16T22:00:00Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2014-8089"
          ],
          "CWE": [
            "CWE-89"
          ]
        },
        "credit": [
          "Jonas Sandström"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
        "cvssScore": 6.3,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70329",
        "url": "https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70329",
        "title": "Insufficient Session Validation",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to Insufficient Session Validation.\n\n`Zend\\Session` session validators do not work as expected if set prior to the start of a session.\n\nThe implication is that subsequent calls to `Zend\\Session\\SessionManager#start()` (in later requests, assuming a session was created) will not have any validator metadata attached, which causes any validator metadata to be re-built from scratch, thus marking the session as valid.\n\nAn attacker is thus able to simply ignore session validators such as `RemoteAddr` or `HttpUserAgent`, since the \"signature\" that these validators check against is not being stored in the session.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.3.4, 2.2.9 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2015-01)\n",
        "functions": [],
        "from": [
          "zendframework/[email protected]"
        ],
        "package": "zendframework/zendframework",
        "version": "2.1.0",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            ">=2.3.0, <2.3.4",
            ">=2, <2.2.9"
          ]
        },
        "publicationTime": "2015-01-14T22:00:00Z",
        "disclosureTime": "2015-01-14T22:00:00Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [],
          "CWE": [
            "CWE-284"
          ]
        },
        "credit": [
          "Yuriy Dyachenko"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "cvssScore": 5.3,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70330",
        "url": "https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70330",
        "title": "SQL Injection",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to SQL Injection.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.3.5, 2.2.10 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2015-02)\n",
        "functions": [],
        "from": [
          "zendframework/[email protected]"
        ],
        "package": "zendframework/zendframework",
        "version": "2.1.0",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            ">=2.3.0, <2.3.5",
            ">=2, <2.2.10"
          ]
        },
        "publicationTime": "2015-02-18T19:15:09Z",
        "disclosureTime": "2015-02-18T19:15:09Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2015-0270"
          ],
          "CWE": [
            "CWE-89"
          ]
        },
        "credit": [
          "Grigory Ivanov"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
        "cvssScore": 6.3,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70332",
        "url": "https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70332",
        "title": "CRLF Injection",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to Potential CRLF injection attacks in mail and HTTP headers.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.3.8, 2.4.1 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2015-04)\n",
        "functions": [],
        "from": [
          "zendframework/[email protected]"
        ],
        "package": "zendframework/zendframework",
        "version": "2.1.0",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            "<2.3.8",
            ">=2.4.0, <2.4.1"
          ]
        },
        "publicationTime": "2015-05-07T08:53:42Z",
        "disclosureTime": "2015-05-07T08:53:42Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2015-3154"
          ],
          "CWE": [
            "CWE-113"
          ]
        },
        "credit": [
          "Filippo Tessarotto",
          "Maks3w"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "cvssScore": 5.3,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70333",
        "url": "https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70333",
        "title": "XML External Entity (XXE) Injection",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to XML External Entity (XXE) Injection.\n\n\n## Details\n\n\nXXE Injection is a type of attack against an application that parses XML input.\nXML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\n\n\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.\n\n\nFor example, below is a sample XML document, containing an XML element- username.\n\n\n```xml\n<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n\n   <username>John</username>\n\n</xml>\n```\n\n\nAn external XML entity - `xxe`, is defined using a system identifier and present within a DOCTYPE header. These entities can access local or remote content. For example the below code contains an external XML entity that would fetch the content of  `/etc/passwd` and display it to the user rendered by `username`.\n\n\n```xml\n<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<!DOCTYPE foo [\n\n   <!ENTITY xxe SYSTEM \"file:///etc/passwd\" >]>\n\n   <username>&xxe;</username>\n\n</xml>\n```\n\n\nOther XXE Injection attacks can access local resources that may not stop returning data, possibly impacting application availability and leading to Denial of Service.\n\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.4.6, 2.5.1 or higher.\n\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2015-06)",
        "functions": [],
        "from": [
          "zendframework/[email protected]"
        ],
        "package": "zendframework/zendframework",
        "version": "2.1.0",
        "severity": "medium",
        "exploitMaturity": "proof-of-concept",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            "<2.4.6",
            ">=2.5.0, <2.5.1"
          ]
        },
        "publicationTime": "2015-08-03T15:13:58Z",
        "disclosureTime": "2015-08-03T15:13:58Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2015-5161"
          ],
          "CWE": [
            "CWE-611"
          ]
        },
        "credit": [
          "Dawid Golunski"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:R",
        "cvssScore": 6.3,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70335",
        "url": "https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70335",
        "title": "Information Exposure",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to Information Exposure.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.4.9 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2015-09)\n",
        "functions": [],
        "from": [
          "zendframework/[email protected]"
        ],
        "package": "zendframework/zendframework",
        "version": "2.1.0",
        "severity": "low",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            "<2.4.9"
          ]
        },
        "publicationTime": "2015-11-23T14:30:00Z",
        "disclosureTime": "2015-11-23T14:30:00Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [],
          "CWE": [
            "CWE-200"
          ]
        },
        "credit": [
          "Vincent Herbulot"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "cvssScore": 3.7,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70336",
        "url": "https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70336",
        "title": "Information Exposure",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to Information Exposure.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.4.9 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2015-10)\n",
        "functions": [],
        "from": [
          "zendframework/[email protected]"
        ],
        "package": "zendframework/zendframework",
        "version": "2.1.0",
        "severity": "high",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            ">=2, <2.4.9"
          ]
        },
        "publicationTime": "2015-11-23T14:30:00Z",
        "disclosureTime": "2015-11-23T14:30:00Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [
            "CVE-2015-7503"
          ],
          "CWE": [
            "CWE-200"
          ]
        },
        "credit": [
          "Unknown"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "cvssScore": 7.5,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70337",
        "url": "https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70337",
        "title": "Arbitrary Code Execution",
        "type": "vuln",
        "description": "## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to Arbitrary Code Execution.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.4.11 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2016-04)\n",
        "functions": [],
        "from": [
          "zendframework/[email protected]"
        ],
        "package": "zendframework/zendframework",
        "version": "2.1.0",
        "severity": "high",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            "<2.4.11"
          ]
        },
        "publicationTime": "2016-12-19T15:29:00Z",
        "disclosureTime": "2016-12-19T15:29:00Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [],
          "CWE": [
            "CWE-94"
          ]
        },
        "credit": [
          "Dawid Golunski"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
        "cvssScore": 7.3,
        "patches": [],
        "upgradePath": []
      },
      {
        "id": "SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-72268",
        "url": "https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-72268",
        "title": "Arbitrary URL Rewrite",
        "type": "vuln",
        "description": "## Overview\n[zendframework/zendframework](https://packagist.org/packages/zendframework/zendframework) provides functionality for consuming RSS and Atom feeds.\n\nAffected versions of this package are vulnerable to Arbitrary URL Rewrite. The request URI marshaling process contains logic that inspects HTTP request headers that are specific to a given server-side URL rewrite mechanism. \n\nWhen these headers are present on systems not running the specific URL rewriting mechanism, the URLs are subject to rewriting, allowing a malicious client or proxy to emulate the headers to request arbitrary content.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.5.0 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2018-01)\n",
        "functions": [],
        "from": [
          "zendframework/[email protected]"
        ],
        "package": "zendframework/zendframework",
        "version": "2.1.0",
        "severity": "medium",
        "exploitMaturity": "no-known-exploit",
        "language": "php",
        "packageManager": "composer",
        "semver": {
          "vulnerable": [
            "<2.5.0"
          ]
        },
        "publicationTime": "2018-08-15T08:34:54.643000Z",
        "disclosureTime": "2018-08-02T16:29:46.707000Z",
        "isUpgradable": false,
        "isPatchable": false,
        "isPinnable": false,
        "identifiers": {
          "CVE": [],
          "CWE": [
            "CWE-601"
          ]
        },
        "credit": [
          "Drupal Security Team"
        ],
        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "cvssScore": 5.3,
        "patches": [],
        "upgradePath": []
      }
    ],
    "licenses": []
  },
  "dependencyCount": 31,
  "org": {
    "name": "atokeneduser",
    "id": "4a18d42f-0706-4ad0-b127-24078731fbed"
  },
  "licensesPolicy": null,
  "packageManager": "composer"
}

PreviousTenants NextTests

Last updated 4 months ago

Was this helpful?