Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/65287?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/65287?format=api", "purl": "pkg:maven/org.apache.cassandra/cassandra-all@4.0.10", "type": "maven", "namespace": "org.apache.cassandra", "name": "cassandra-all", "version": "4.0.10", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.0.20", "latest_non_vulnerable_version": "5.0.7", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63354?format=api", "vulnerability_id": "VCID-9255-jdmq-q3ge", "summary": "Apache Cassandra: Apache Cassandra: Denial of Service via repeated password changes", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32588.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32588.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32588", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21878", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21939", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21925", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32588" }, { "reference_url": "https://lists.apache.org/thread/2tnwjdnss378glxrsmnlzz3k53ftphrc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T14:43:30Z/" } ], "url": "https://lists.apache.org/thread/2tnwjdnss378glxrsmnlzz3k53ftphrc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32588", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32588" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/07/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/07/9" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456105", "reference_id": "2456105", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456105" }, { "reference_url": "https://github.com/advisories/GHSA-qffm-gf3j-6mvg", "reference_id": "GHSA-qffm-gf3j-6mvg", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qffm-gf3j-6mvg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110578?format=api", "purl": "pkg:maven/org.apache.cassandra/cassandra-all@4.0.20", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cassandra/cassandra-all@4.0.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/111000?format=api", "purl": "pkg:maven/org.apache.cassandra/cassandra-all@4.1.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cassandra/cassandra-all@4.1.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/110114?format=api", "purl": "pkg:maven/org.apache.cassandra/cassandra-all@5.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cassandra/cassandra-all@5.0.7" } ], "aliases": [ "CVE-2026-32588", "GHSA-qffm-gf3j-6mvg" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9255-jdmq-q3ge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89406?format=api", "vulnerability_id": "VCID-kp2h-v585-9kc2", "summary": "Apache Cassandra has sensitive Information Leak in cqlsh\nSensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via ~/.cassandra/cqlsh_history local file access.\n\nUsers are recommended to upgrade to version 4.0.20, which fixes this issue.\n\n--\nDescription: Cassandra's command-line tool, cqlsh, provides a command history feature that allows users to recall previously executed commands using the up/down arrow keys. These history records are saved in the ~/.cassandra/cqlsh_history file in the user's home directory.\n\nHowever, cqlsh does not redact sensitive information when saving command history. This means that if a user executes operations involving passwords (such as logging in or creating users) within cqlsh, these passwords are permanently stored in cleartext in the history file on the disk.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27315", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02857", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02812", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02866", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27315" }, { "reference_url": "https://github.com/apache/cassandra", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/cassandra" }, { "reference_url": "https://issues.apache.org/jira/browse/CASSANDRA-21180", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T14:37:35Z/" } ], "url": "https://issues.apache.org/jira/browse/CASSANDRA-21180" }, { "reference_url": "https://lists.apache.org/thread/ft77zrk2mzt8qsch4g6jqjj4901d22k3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T14:37:35Z/" } ], "url": "https://lists.apache.org/thread/ft77zrk2mzt8qsch4g6jqjj4901d22k3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27315", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27315" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/07/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/07/8" }, { "reference_url": "https://github.com/advisories/GHSA-fh34-c629-p8xj", "reference_id": "GHSA-fh34-c629-p8xj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fh34-c629-p8xj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110578?format=api", "purl": "pkg:maven/org.apache.cassandra/cassandra-all@4.0.20", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cassandra/cassandra-all@4.0.20" } ], "aliases": [ "CVE-2026-27315", "GHSA-fh34-c629-p8xj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kp2h-v585-9kc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56574?format=api", "vulnerability_id": "VCID-nm1w-nh18-a3f4", "summary": "Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions\nIncorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer.\n\nUsers with restricted data center access can update their own permissions via data control language (DCL) statements on affected versions.\n\nThis issue affects Apache Cassandra: from 4.0.0 through 4.0.15 and from 4.1.0 through 4.1.7 for CassandraNetworkAuthorizer, and from 5.0.0 through 5.0.2 for both CassandraNetworkAuthorizer and CassandraCIDRAuthorizer.\n\nOperators using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer on affected versions should review data access rules for potential breaches. Users are recommended to upgrade to versions 4.0.16, 4.1.8, 5.0.3, which fixes the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24860.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24860.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24860", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.36995", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37021", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37028", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24860" }, { "reference_url": "https://github.com/apache/cassandra", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/cassandra" }, { "reference_url": "https://lists.apache.org/thread/yjo5on4tf7s1r9qklc4byrz30b8vkm2d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:43:54Z/" } ], "url": "https://lists.apache.org/thread/yjo5on4tf7s1r9qklc4byrz30b8vkm2d" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250214-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250214-0005" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/02/03/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/02/03/3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343726", "reference_id": "2343726", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343726" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24860", "reference_id": "CVE-2025-24860", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24860" }, { "reference_url": "https://github.com/advisories/GHSA-3cjf-fwcq-xh22", "reference_id": "GHSA-3cjf-fwcq-xh22", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3cjf-fwcq-xh22" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84002?format=api", "purl": "pkg:maven/org.apache.cassandra/cassandra-all@4.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9255-jdmq-q3ge" }, { "vulnerability": "VCID-kp2h-v585-9kc2" }, { "vulnerability": "VCID-q1n6-k6kb-xqc5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cassandra/cassandra-all@4.0.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/84003?format=api", "purl": "pkg:maven/org.apache.cassandra/cassandra-all@4.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9255-jdmq-q3ge" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cassandra/cassandra-all@4.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/84004?format=api", "purl": "pkg:maven/org.apache.cassandra/cassandra-all@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6a5t-qng2-6ffz" }, { "vulnerability": "VCID-9255-jdmq-q3ge" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cassandra/cassandra-all@5.0.3" } ], "aliases": [ "CVE-2025-24860", "GHSA-3cjf-fwcq-xh22" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nm1w-nh18-a3f4" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45305?format=api", "vulnerability_id": "VCID-e1dm-7a5s-y3c9", "summary": "Improper Privilege Management\nPrivilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra\nThis issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1.\n\nWORKAROUND\nThe vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users.\n\nMITIGATION\nUpgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30601", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06054", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06057", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0607", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30601" }, { "reference_url": "https://github.com/apache/cassandra", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/cassandra" }, { "reference_url": "https://github.com/apache/cassandra/commit/22d74c711658507addfd67e2c78b04a9b88413b2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/cassandra/commit/22d74c711658507addfd67e2c78b04a9b88413b2" }, { "reference_url": "https://github.com/apache/cassandra/commit/aafb4d19448f12ce600dc4e84a5b181308825b32", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/cassandra/commit/aafb4d19448f12ce600dc4e84a5b181308825b32" }, { "reference_url": "https://issues.apache.org/jira/browse/CASSANDRA-18550", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/CASSANDRA-18550" }, { "reference_url": "https://lists.apache.org/thread/f74p9jdhmmp7vtrqd8lgm8bq3dhxl8vn", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T20:47:35Z/" } ], "url": "https://lists.apache.org/thread/f74p9jdhmmp7vtrqd8lgm8bq3dhxl8vn" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30601", "reference_id": "CVE-2023-30601", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30601" }, { "reference_url": "https://github.com/advisories/GHSA-m9p2-j4hg-g373", "reference_id": "GHSA-m9p2-j4hg-g373", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m9p2-j4hg-g373" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65287?format=api", "purl": "pkg:maven/org.apache.cassandra/cassandra-all@4.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9255-jdmq-q3ge" }, { "vulnerability": "VCID-kp2h-v585-9kc2" }, { "vulnerability": "VCID-nm1w-nh18-a3f4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cassandra/cassandra-all@4.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/65288?format=api", "purl": "pkg:maven/org.apache.cassandra/cassandra-all@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9255-jdmq-q3ge" }, { "vulnerability": "VCID-nm1w-nh18-a3f4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cassandra/cassandra-all@4.1.2" } ], "aliases": [ "CVE-2023-30601", "GHSA-m9p2-j4hg-g373" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e1dm-7a5s-y3c9" } ], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cassandra/cassandra-all@4.0.10" }