VulnerableCode.io REST API

Lookup for vulnerable packages by Package URL.

GET /api/packages/66080?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/66080?format=api",
    "purl": "pkg:maven/org.apache.pulsar/pulsar-broker@2.10.3",
    "type": "maven",
    "namespace": "org.apache.pulsar",
    "name": "pulsar-broker",
    "version": "2.10.3",
    "qualifiers": {},
    "subpath": "",
    "is_vulnerable": true,
    "next_non_vulnerable_version": "3.0.4",
    "latest_non_vulnerable_version": "3.2.2",
    "affected_by_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47384?format=api",
            "vulnerability_id": "VCID-31bf-e53a-2ya1",
            "summary": "Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints\nThis vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. An authenticated user with produce permission can create subscriptions and update subscription properties on partitioned topics, even though this should be limited to users with consume permissions. This impact analysis assumes that Pulsar has been configured with the default authorization provider. For custom authorization providers, the impact could be slightly different. Additionally, the vulnerability allows an authenticated user to read, create, modify, and delete namespace properties in any namespace in any tenant. In Pulsar, namespace properties are reserved for user provided metadata about the namespace.\n\nThis issue affects Apache Pulsar versions from 2.7.1 to 2.10.6, from 2.11.0 to 2.11.4, from 3.0.0 to 3.0.3, from 3.1.0 to 3.1.3, and from 3.2.0 to 3.2.1.\n\n3.0 Apache Pulsar users should upgrade to at least 3.0.4.\n3.1 and 3.2 Apache Pulsar users should upgrade to at least 3.2.2.\n\nUsers operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29834.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.1",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29834.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29834",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00222",
                            "scoring_system": "epss",
                            "scoring_elements": "0.4495",
                            "published_at": "2026-06-05T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29834"
                },
                {
                    "reference_url": "https://github.com/apache/pulsar",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/apache/pulsar"
                },
                {
                    "reference_url": "https://github.com/apache/pulsar/commit/6ffe667cddad3e959e02ce31fd09b2f9a439d50a",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/apache/pulsar/commit/6ffe667cddad3e959e02ce31fd09b2f9a439d50a"
                },
                {
                    "reference_url": "https://github.com/apache/pulsar/commit/b51b74883fb66673161d0b73c6a7257d073c57a5",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/apache/pulsar/commit/b51b74883fb66673161d0b73c6a7257d073c57a5"
                },
                {
                    "reference_url": "https://lists.apache.org/thread/v0ltl94k9lg28qfr1f54hpkvvsjc5bj5",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T13:59:54Z/"
                        }
                    ],
                    "url": "https://lists.apache.org/thread/v0ltl94k9lg28qfr1f54hpkvvsjc5bj5"
                },
                {
                    "reference_url": "http://www.openwall.com/lists/oss-security/2024/04/02/2",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T13:59:54Z/"
                        }
                    ],
                    "url": "http://www.openwall.com/lists/oss-security/2024/04/02/2"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272689",
                    "reference_id": "2272689",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272689"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29834",
                    "reference_id": "CVE-2024-29834",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29834"
                },
                {
                    "reference_url": "https://pulsar.apache.org/security/CVE-2024-29834",
                    "reference_id": "CVE-2024-29834",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://pulsar.apache.org/security/CVE-2024-29834"
                },
                {
                    "reference_url": "https://pulsar.apache.org/security/CVE-2024-29834/",
                    "reference_id": "CVE-2024-29834",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T13:59:54Z/"
                        }
                    ],
                    "url": "https://pulsar.apache.org/security/CVE-2024-29834/"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-7mg2-6c6v-342r",
                    "reference_id": "GHSA-7mg2-6c6v-342r",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-7mg2-6c6v-342r"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/69617?format=api",
                    "purl": "pkg:maven/org.apache.pulsar/pulsar-broker@3.0.4",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-broker@3.0.4"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/69618?format=api",
                    "purl": "pkg:maven/org.apache.pulsar/pulsar-broker@3.2.2",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-broker@3.2.2"
                }
            ],
            "aliases": [
                "CVE-2024-29834",
                "GHSA-7mg2-6c6v-342r"
            ],
            "risk_score": 3.6,
            "exploitability": "0.5",
            "weighted_severity": "7.3",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-31bf-e53a-2ya1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45623?format=api",
            "vulnerability_id": "VCID-8rzm-uepy-57fa",
            "summary": "Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a client connects directly to a broker with a specially crafted connect command when the broker is configured with authenticateOriginalAuthData=false.\n\nThis issue affects Apache Pulsar: through 2.9.4, from 2.10.0 through 2.10.3, 2.11.0.\n\n2.9 Pulsar Broker users should upgrade to at least 2.9.5.\n2.10 Pulsar Broker users should upgrade to at least 2.10.4.\n2.11 Pulsar Broker users should upgrade to at least 2.11.1.\n3.0 Pulsar Broker users are unaffected.\nAny users running the Pulsar Broker for 2.8.* and earlier should upgrade to one of the above patched versions.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31007",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00073",
                            "scoring_system": "epss",
                            "scoring_elements": "0.22334",
                            "published_at": "2026-06-05T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31007"
                },
                {
                    "reference_url": "https://github.com/apache/pulsar",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/apache/pulsar"
                },
                {
                    "reference_url": "https://lists.apache.org/thread/qxn99xxyp0zv6jchjggn3soyo5gvqfxj",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N"
                        },
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:35:46Z/"
                        }
                    ],
                    "url": "https://lists.apache.org/thread/qxn99xxyp0zv6jchjggn3soyo5gvqfxj"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31007",
                    "reference_id": "CVE-2023-31007",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31007"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/66065?format=api",
                    "purl": "pkg:maven/org.apache.pulsar/pulsar-broker@2.10.4",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-31bf-e53a-2ya1"
                        },
                        {
                            "vulnerability": "VCID-c4mz-mrrx-63g2"
                        },
                        {
                            "vulnerability": "VCID-ewj7-etuc-2fch"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-broker@2.10.4"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/66066?format=api",
                    "purl": "pkg:maven/org.apache.pulsar/pulsar-broker@2.11.1",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-31bf-e53a-2ya1"
                        },
                        {
                            "vulnerability": "VCID-c4mz-mrrx-63g2"
                        },
                        {
                            "vulnerability": "VCID-ewj7-etuc-2fch"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-broker@2.11.1"
                }
            ],
            "aliases": [
                "CVE-2023-31007",
                "GHSA-47r2-phr8-m8cp"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8rzm-uepy-57fa"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45621?format=api",
            "vulnerability_id": "VCID-9byk-3h6x-8bcb",
            "summary": "Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role.\nThis issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from 2.10.0 before 2.10.4, 2.11.0.\n\nThe vulnerability is exploitable when an attacker can connect directly to the Pulsar Broker. If an attacker is connecting through the Pulsar Proxy, there is no known way to exploit this authorization vulnerability.\n\nThere are two known risks for affected users. First, an attacker could produce garbage messages to any topic in the cluster. Second, an attacker could produce messages to the topic level policies topic for other tenants and influence topic settings that could lead to exfiltration and/or deletion of messages for other tenants.\n\n2.8 Pulsar Broker users and earlier are unaffected.\n2.9 Pulsar Broker users should upgrade to one of the patched versions.\n2.10 Pulsar Broker users should upgrade to at least 2.10.4.\n2.11 Pulsar Broker users should upgrade to at least 2.11.1.\n3.0 Pulsar Broker users are unaffected.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30428",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00114",
                            "scoring_system": "epss",
                            "scoring_elements": "0.29651",
                            "published_at": "2026-06-05T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30428"
                },
                {
                    "reference_url": "https://github.com/apache/pulsar",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/apache/pulsar"
                },
                {
                    "reference_url": "https://github.com/apache/pulsar/pull/19184",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/apache/pulsar/pull/19184"
                },
                {
                    "reference_url": "https://lists.apache.org/thread/v39hqtgrmyxr85rmofwvgrktnflbq3q5",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T13:37:10Z/"
                        }
                    ],
                    "url": "https://lists.apache.org/thread/v39hqtgrmyxr85rmofwvgrktnflbq3q5"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30428",
                    "reference_id": "CVE-2023-30428",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30428"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/66065?format=api",
                    "purl": "pkg:maven/org.apache.pulsar/pulsar-broker@2.10.4",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-31bf-e53a-2ya1"
                        },
                        {
                            "vulnerability": "VCID-c4mz-mrrx-63g2"
                        },
                        {
                            "vulnerability": "VCID-ewj7-etuc-2fch"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-broker@2.10.4"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/66066?format=api",
                    "purl": "pkg:maven/org.apache.pulsar/pulsar-broker@2.11.1",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-31bf-e53a-2ya1"
                        },
                        {
                            "vulnerability": "VCID-c4mz-mrrx-63g2"
                        },
                        {
                            "vulnerability": "VCID-ewj7-etuc-2fch"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-broker@2.11.1"
                }
            ],
            "aliases": [
                "CVE-2023-30428",
                "GHSA-j2r7-3rvw-g7gx"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9byk-3h6x-8bcb"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45624?format=api",
            "vulnerability_id": "VCID-bsyh-2rap-33h2",
            "summary": "Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar.\n\nThis issue affects Apache Pulsar: before 2.10.4, and 2.11.0.\n\nWhen a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy's role for authorization instead of the client's role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role.\n\nThe recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version.\n\n2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.\n2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.\n3.0 Pulsar Function Worker users are unaffected.\nAny users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30429",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00078",
                            "scoring_system": "epss",
                            "scoring_elements": "0.23427",
                            "published_at": "2026-06-05T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30429"
                },
                {
                    "reference_url": "https://github.com/apache/pulsar",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.6",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/apache/pulsar"
                },
                {
                    "reference_url": "https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.6",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T20:40:14Z/"
                        }
                    ],
                    "url": "https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30429",
                    "reference_id": "CVE-2023-30429",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.6",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30429"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-g9cv-v3v4-3h8r",
                    "reference_id": "GHSA-g9cv-v3v4-3h8r",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-g9cv-v3v4-3h8r"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/66065?format=api",
                    "purl": "pkg:maven/org.apache.pulsar/pulsar-broker@2.10.4",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-31bf-e53a-2ya1"
                        },
                        {
                            "vulnerability": "VCID-c4mz-mrrx-63g2"
                        },
                        {
                            "vulnerability": "VCID-ewj7-etuc-2fch"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-broker@2.10.4"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/66066?format=api",
                    "purl": "pkg:maven/org.apache.pulsar/pulsar-broker@2.11.1",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-31bf-e53a-2ya1"
                        },
                        {
                            "vulnerability": "VCID-c4mz-mrrx-63g2"
                        },
                        {
                            "vulnerability": "VCID-ewj7-etuc-2fch"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-broker@2.11.1"
                }
            ],
            "aliases": [
                "CVE-2023-30429",
                "GHSA-g9cv-v3v4-3h8r"
            ],
            "risk_score": 4.5,
            "exploitability": "0.5",
            "weighted_severity": "9.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bsyh-2rap-33h2"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46710?format=api",
            "vulnerability_id": "VCID-c4mz-mrrx-63g2",
            "summary": "Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an attacker to connect to the /pingpong endpoint without authentication.\n\nThis issue affects Apache Pulsar WebSocket Proxy: from 2.8.0 through 2.8.*, from 2.9.0 through 2.9.*, from 2.10.0 through 2.10.4, from 2.11.0 through 2.11.1, 3.0.0.\n\nThe known risks include a denial of service due to the WebSocket Proxy accepting any connections, and excessive data transfer due to misuse of the WebSocket ping/pong feature.\n\n2.10 Pulsar WebSocket Proxy users should upgrade to at least 2.10.5.\n2.11 Pulsar WebSocket Proxy users should upgrade to at least 2.11.2.\n3.0 Pulsar WebSocket Proxy users should upgrade to at least 3.0.1.\n3.1 Pulsar WebSocket Proxy users are unaffected.\nAny users running the Pulsar WebSocket Proxy for 2.8, 2.9, and earlier should upgrade to one of the above patched versions.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37544",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00067",
                            "scoring_system": "epss",
                            "scoring_elements": "0.20944",
                            "published_at": "2026-06-05T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37544"
                },
                {
                    "reference_url": "https://github.com/apache/pulsar",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/apache/pulsar"
                },
                {
                    "reference_url": "https://github.com/apache/pulsar/commit/11ee36d0351644a006d2a8639bdcc714fb602358",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/apache/pulsar/commit/11ee36d0351644a006d2a8639bdcc714fb602358"
                },
                {
                    "reference_url": "https://github.com/apache/pulsar/commit/894192fb6542e504be43034a3c33e90f9c6e528a",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/apache/pulsar/commit/894192fb6542e504be43034a3c33e90f9c6e528a"
                },
                {
                    "reference_url": "https://github.com/apache/pulsar/commit/eac263e8f2a93d3b9f707b97c7bbcbc2a826569f",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/apache/pulsar/commit/eac263e8f2a93d3b9f707b97c7bbcbc2a826569f"
                },
                {
                    "reference_url": "https://lists.apache.org/thread/od0k9zts1toc9h9snbqq4pjpyx28mv4m",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.apache.org/thread/od0k9zts1toc9h9snbqq4pjpyx28mv4m"
                },
                {
                    "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/20/2",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "http://www.openwall.com/lists/oss-security/2023/12/20/2"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37544",
                    "reference_id": "CVE-2023-37544",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37544"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-83q5-whqp-r8jr",
                    "reference_id": "GHSA-83q5-whqp-r8jr",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-83q5-whqp-r8jr"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/68314?format=api",
                    "purl": "pkg:maven/org.apache.pulsar/pulsar-broker@2.10.5",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-31bf-e53a-2ya1"
                        },
                        {
                            "vulnerability": "VCID-erw1-cs2v-kub8"
                        },
                        {
                            "vulnerability": "VCID-ewj7-etuc-2fch"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-broker@2.10.5"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/68315?format=api",
                    "purl": "pkg:maven/org.apache.pulsar/pulsar-broker@2.11.2",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-31bf-e53a-2ya1"
                        },
                        {
                            "vulnerability": "VCID-ewj7-etuc-2fch"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-broker@2.11.2"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/68316?format=api",
                    "purl": "pkg:maven/org.apache.pulsar/pulsar-broker@3.0.1",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-31bf-e53a-2ya1"
                        },
                        {
                            "vulnerability": "VCID-ewj7-etuc-2fch"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-broker@3.0.1"
                }
            ],
            "aliases": [
                "CVE-2023-37544",
                "GHSA-83q5-whqp-r8jr"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c4mz-mrrx-63g2"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45613?format=api",
            "vulnerability_id": "VCID-dnz1-ydf1-z3gj",
            "summary": "Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Function Worker.\n\nThis issue affects Apache Pulsar: before 2.10.4, and 2.11.0.\n\nAny authenticated user can retrieve a source's configuration or a sink's configuration without authorization. Many sources and sinks contain credentials in the configuration, which could lead to leaked credentials. This vulnerability is mitigated by the fact that there is not a known way for an authenticated user to enumerate another tenant's sources or sinks, meaning the source or sink name would need to be guessed in order to exploit this vulnerability.\n\nThe recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version.\n\n2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.\n2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.\n3.0 Pulsar Function Worker users are unaffected.\nAny users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37579",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00103",
                            "scoring_system": "epss",
                            "scoring_elements": "0.27844",
                            "published_at": "2026-06-05T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37579"
                },
                {
                    "reference_url": "https://github.com/apache/pulsar",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/apache/pulsar"
                },
                {
                    "reference_url": "https://lists.apache.org/thread/0dmn3cb5n2p08o3cpj3ycfhzfqs2ppwz",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T13:34:09Z/"
                        }
                    ],
                    "url": "https://lists.apache.org/thread/0dmn3cb5n2p08o3cpj3ycfhzfqs2ppwz"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37579",
                    "reference_id": "CVE-2023-37579",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37579"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-74mc-g2xv-pch2",
                    "reference_id": "GHSA-74mc-g2xv-pch2",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-74mc-g2xv-pch2"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/66065?format=api",
                    "purl": "pkg:maven/org.apache.pulsar/pulsar-broker@2.10.4",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-31bf-e53a-2ya1"
                        },
                        {
                            "vulnerability": "VCID-c4mz-mrrx-63g2"
                        },
                        {
                            "vulnerability": "VCID-ewj7-etuc-2fch"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-broker@2.10.4"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/66066?format=api",
                    "purl": "pkg:maven/org.apache.pulsar/pulsar-broker@2.11.1",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-31bf-e53a-2ya1"
                        },
                        {
                            "vulnerability": "VCID-c4mz-mrrx-63g2"
                        },
                        {
                            "vulnerability": "VCID-ewj7-etuc-2fch"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-broker@2.11.1"
                }
            ],
            "aliases": [
                "CVE-2023-37579",
                "GHSA-74mc-g2xv-pch2"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dnz1-ydf1-z3gj"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46964?format=api",
            "vulnerability_id": "VCID-ewj7-etuc-2fch",
            "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nObservable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification.\nUsers are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the `saslJaasServerRoleTokenSignerSecretPath` file.\n\nAny component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker.\n\n2.11 Pulsar users should upgrade to at least 2.11.3.\n3.0 Pulsar users should upgrade to at least 3.0.2.\n3.1 Pulsar users should upgrade to at least 3.1.1.\nAny users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions.\n\nFor additional details on this attack vector, please refer to https://codahale.com/a-lesson-in-timing-attacks/ .",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51437",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00095",
                            "scoring_system": "epss",
                            "scoring_elements": "0.26492",
                            "published_at": "2026-06-05T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51437"
                },
                {
                    "reference_url": "https://github.com/apache/pulsar",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/apache/pulsar"
                },
                {
                    "reference_url": "https://github.com/apache/pulsar/commit/6274fa01a75d74d559bb7e514c970f1fc07d15bc",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/apache/pulsar/commit/6274fa01a75d74d559bb7e514c970f1fc07d15bc"
                },
                {
                    "reference_url": "https://github.com/apache/pulsar/commit/bc1019fa8ed37b8a4c8bb01e3662c6c015e1bc27",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/apache/pulsar/commit/bc1019fa8ed37b8a4c8bb01e3662c6c015e1bc27"
                },
                {
                    "reference_url": "https://github.com/apache/pulsar/commit/c05954e66ff33098aeb848f4bde51613ace7e47e",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/apache/pulsar/commit/c05954e66ff33098aeb848f4bde51613ace7e47e"
                },
                {
                    "reference_url": "https://github.com/apache/pulsar/commit/c27beca64cc93848c40a374f19eaf4d3cc4f4f03",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/apache/pulsar/commit/c27beca64cc93848c40a374f19eaf4d3cc4f4f03"
                },
                {
                    "reference_url": "https://github.com/apache/pulsar/pull/21061",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/apache/pulsar/pull/21061"
                },
                {
                    "reference_url": "https://lists.apache.org/thread/5kgmvvolf5tzp5rz9xjwfg2ncwvqqgl5",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-07T15:10:54Z/"
                        }
                    ],
                    "url": "https://lists.apache.org/thread/5kgmvvolf5tzp5rz9xjwfg2ncwvqqgl5"
                },
                {
                    "reference_url": "https://www.openwall.com/lists/oss-security/2024/02/07/1",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-07T15:10:54Z/"
                        }
                    ],
                    "url": "https://www.openwall.com/lists/oss-security/2024/02/07/1"
                },
                {
                    "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/07/1",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "http://www.openwall.com/lists/oss-security/2024/02/07/1"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51437",
                    "reference_id": "CVE-2023-51437",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51437"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-c57v-4vg5-cm2x",
                    "reference_id": "GHSA-c57v-4vg5-cm2x",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-c57v-4vg5-cm2x"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/69355?format=api",
                    "purl": "pkg:maven/org.apache.pulsar/pulsar-broker@2.10.6",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-31bf-e53a-2ya1"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-broker@2.10.6"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/68807?format=api",
                    "purl": "pkg:maven/org.apache.pulsar/pulsar-broker@2.11.3",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-31bf-e53a-2ya1"
                        },
                        {
                            "vulnerability": "VCID-erw1-cs2v-kub8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-broker@2.11.3"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/68808?format=api",
                    "purl": "pkg:maven/org.apache.pulsar/pulsar-broker@3.0.2",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-31bf-e53a-2ya1"
                        },
                        {
                            "vulnerability": "VCID-erw1-cs2v-kub8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-broker@3.0.2"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/68809?format=api",
                    "purl": "pkg:maven/org.apache.pulsar/pulsar-broker@3.1.1",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-31bf-e53a-2ya1"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-broker@3.1.1"
                }
            ],
            "aliases": [
                "CVE-2023-51437",
                "GHSA-c57v-4vg5-cm2x"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ewj7-etuc-2fch"
        }
    ],
    "fixing_vulnerabilities": [],
    "risk_score": "3.1",
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-broker@2.10.3"
}

Package Instance