Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/60957?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/60957?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.0", "type": "maven", "namespace": "com.fasterxml.jackson.core", "name": "jackson-databind", "version": "2.13.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.13.1", "latest_non_vulnerable_version": "2.16.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44688?format=api", "vulnerability_id": "VCID-2841-dnfz-2qgm", "summary": "jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode\njackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", "references": [ { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/3ccde7d938fea547e598fdefe9a82cff37fed5cb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/commit/3ccde7d938fea547e598fdefe9a82cff37fed5cb" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/3328", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/issues/3328" }, { "reference_url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12.6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12.6" }, { "reference_url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13.1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13.1" }, { "reference_url": "https://groups.google.com/g/jackson-user/c/OsBsirPM_Vw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/g/jackson-user/c/OsBsirPM_Vw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", "reference_id": "CVE-2021-46877", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46877" }, { "reference_url": "https://github.com/advisories/GHSA-3x8x-79m2-3w2w", "reference_id": "GHSA-3x8x-79m2-3w2w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3x8x-79m2-3w2w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64342?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.1" } ], "aliases": [ "CVE-2021-46877", "GHSA-3x8x-79m2-3w2w" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2841-dnfz-2qgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42632?format=api", "vulnerability_id": "VCID-8fr2-v728-cfcc", "summary": "Uncontrolled Resource Consumption\njackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.", "references": [ { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2816", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/issues/2816" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "reference_id": "CVE-2020-36518", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "reference_url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "reference_id": "GHSA-57j2-w4cx-62h2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60959?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2.1" } ], "aliases": [ "CVE-2020-36518", "GHSA-57j2-w4cx-62h2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8fr2-v728-cfcc" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.0" }