Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/63305?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/63305?format=api", "purl": "pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.6.0", "type": "maven", "namespace": "org.apache.jackrabbit", "name": "jackrabbit-core", "version": "2.6.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.6.6", "latest_non_vulnerable_version": "2.23.2-beta", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44034?format=api", "vulnerability_id": "VCID-gf7s-hs5a-sbbz", "summary": "Improper Input Validation\nXML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.", "references": [ { "reference_url": "http://mail-archives.apache.org/mod_mbox/jackrabbit-announce/201505.mbox/%3C555DA644.8080908%40greenbytes.de%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://mail-archives.apache.org/mod_mbox/jackrabbit-announce/201505.mbox/%3C555DA644.8080908%40greenbytes.de%3E" }, { "reference_url": "http://packetstormsecurity.com/files/132005/Jackrabbit-WebDAV-XXE-Injection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/132005/Jackrabbit-WebDAV-XXE-Injection.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1833.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1833.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1833", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.31034", "scoring_system": "epss", "scoring_elements": "0.96837", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1833" }, { "reference_url": "https://github.com/apache/jackrabbit", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/jackrabbit" }, { "reference_url": "https://github.com/apache/jackrabbit/commit/17e9f68f5a3f05ded20569777a7b07422680612d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/jackrabbit/commit/17e9f68f5a3f05ded20569777a7b07422680612d" }, { "reference_url": "https://github.com/apache/jackrabbit/commit/26e601934d0f439f0a61d62265f52936d79df40d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/jackrabbit/commit/26e601934d0f439f0a61d62265f52936d79df40d" }, { "reference_url": "https://github.com/apache/jackrabbit/commit/3903739363b79deb7579802fbc27b9b7448218b2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/jackrabbit/commit/3903739363b79deb7579802fbc27b9b7448218b2" }, { "reference_url": "https://github.com/apache/jackrabbit/commit/6191b366c607e65325a0116097aca8a359b36486", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/jackrabbit/commit/6191b366c607e65325a0116097aca8a359b36486" }, { "reference_url": "https://github.com/apache/jackrabbit/commit/89c5c4ed6ab250ad609829517f167d2dbe0abdd0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/jackrabbit/commit/89c5c4ed6ab250ad609829517f167d2dbe0abdd0" }, { "reference_url": "https://github.com/apache/jackrabbit/commit/b7fa1ae39641936872617ff95363353b0345b777", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/jackrabbit/commit/b7fa1ae39641936872617ff95363353b0345b777" }, { "reference_url": "https://github.com/apache/jackrabbit/commit/ddf9a3cd408397d0805917299c4114b09449373d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/jackrabbit/commit/ddf9a3cd408397d0805917299c4114b09449373d" }, { "reference_url": "https://issues.apache.org/jira/browse/JCR-3883", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/JCR-3883" }, { "reference_url": "https://www.exploit-db.com/exploits/37110", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/37110" }, { "reference_url": "https://www.exploit-db.com/exploits/37110/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/37110/" }, { "reference_url": "http://www.apache.org/dist/jackrabbit/2.10.1/RELEASE-NOTES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.apache.org/dist/jackrabbit/2.10.1/RELEASE-NOTES.txt" }, { "reference_url": "http://www.debian.org/security/2015/dsa-3298", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2015/dsa-3298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223883", "reference_id": "1223883", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223883" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787316", "reference_id": "787316", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787316" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1833", "reference_id": "CVE-2015-1833", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1833" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37110.py", "reference_id": "CVE-2015-1833;OSVDB-122382", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37110.py" }, { "reference_url": "https://github.com/advisories/GHSA-9284-j4c9-779q", "reference_id": "GHSA-9284-j4c9-779q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9284-j4c9-779q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63312?format=api", "purl": "pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.6.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.6.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/63313?format=api", "purl": "pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.8.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/63314?format=api", "purl": "pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.10.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.10.1" } ], "aliases": [ "CVE-2015-1833", "GHSA-9284-j4c9-779q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gf7s-hs5a-sbbz" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.6.0" }