Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/59864?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/59864?format=api", "purl": "pkg:maven/io.atomix/atomix@3.1.5", "type": "maven", "namespace": "io.atomix", "name": "atomix", "version": "3.1.5", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41911?format=api", "vulnerability_id": "VCID-3nuz-nbnn-m7g4", "summary": "An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node.\nAn issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node in a target cluster via manipulation of the variable terms in RaftContext.", "references": [ { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35211", "reference_id": "CVE-2020-35211", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35211" }, { "reference_url": "https://github.com/advisories/GHSA-4jhc-wjr3-pwh2", "reference_id": "GHSA-4jhc-wjr3-pwh2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4jhc-wjr3-pwh2" } ], "fixed_packages": [], "aliases": [ "CVE-2020-35211", "GHSA-4jhc-wjr3-pwh2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3nuz-nbnn-m7g4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41899?format=api", "vulnerability_id": "VCID-63j1-wrv4-eyhc", "summary": "Uncontrolled Resource Consumption\nA vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages.", "references": [ { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35210", "reference_id": "CVE-2020-35210", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35210" }, { "reference_url": "https://github.com/advisories/GHSA-mf27-wg66-m8f5", "reference_id": "GHSA-mf27-wg66-m8f5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mf27-wg66-m8f5" } ], "fixed_packages": [], "aliases": [ "CVE-2020-35210", "GHSA-mf27-wg66-m8f5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-63j1-wrv4-eyhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41900?format=api", "vulnerability_id": "VCID-d2u5-wzzv-bfba", "summary": "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')\nAn issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node.", "references": [ { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35213", "reference_id": "CVE-2020-35213", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35213" }, { "reference_url": "https://github.com/advisories/GHSA-2fqw-684c-pvp7", "reference_id": "GHSA-2fqw-684c-pvp7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2fqw-684c-pvp7" } ], "fixed_packages": [], "aliases": [ "CVE-2020-35213", "GHSA-2fqw-684c-pvp7" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d2u5-wzzv-bfba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41905?format=api", "vulnerability_id": "VCID-dzxn-j3yx-ubdj", "summary": "An issue in Atomix v3.1.5 allows a malicious Atomix node to remove states of ONOS storage via abuse of primitive operations.", "references": [ { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35214", "reference_id": "CVE-2020-35214", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35214" }, { "reference_url": "https://github.com/advisories/GHSA-m4h3-7mc2-v295", "reference_id": "GHSA-m4h3-7mc2-v295", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m4h3-7mc2-v295" } ], "fixed_packages": [], "aliases": [ "CVE-2020-35214", "GHSA-m4h3-7mc2-v295" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dzxn-j3yx-ubdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41897?format=api", "vulnerability_id": "VCID-gcgx-zs1e-fqe4", "summary": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')\nAn issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false member down event messages.", "references": [ { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35216", "reference_id": "CVE-2020-35216", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35216" }, { "reference_url": "https://github.com/advisories/GHSA-6vvh-5794-vpmj", "reference_id": "GHSA-6vvh-5794-vpmj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6vvh-5794-vpmj" } ], "fixed_packages": [], "aliases": [ "CVE-2020-35216", "GHSA-6vvh-5794-vpmj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gcgx-zs1e-fqe4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41903?format=api", "vulnerability_id": "VCID-p8xp-jj8y-67ga", "summary": "Exposure of Resource to Wrong Sphere\nAn issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share important states.", "references": [ { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35215", "reference_id": "CVE-2020-35215", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35215" }, { "reference_url": "https://github.com/advisories/GHSA-g7p8-r2ch-4rmf", "reference_id": "GHSA-g7p8-r2ch-4rmf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g7p8-r2ch-4rmf" } ], "fixed_packages": [], "aliases": [ "CVE-2020-35215", "GHSA-g7p8-r2ch-4rmf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p8xp-jj8y-67ga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41898?format=api", "vulnerability_id": "VCID-t9tx-rn9g-9bc9", "summary": "An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information.", "references": [ { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35209", "reference_id": "CVE-2020-35209", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35209" }, { "reference_url": "https://github.com/advisories/GHSA-7fr2-94h7-ccg2", "reference_id": "GHSA-7fr2-94h7-ccg2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7fr2-94h7-ccg2" } ], "fixed_packages": [], "aliases": [ "CVE-2020-35209", "GHSA-7fr2-94h7-ccg2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t9tx-rn9g-9bc9" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.atomix/atomix@3.1.5" }