Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/68400?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/68400?format=api", "purl": "pkg:maven/org.apache.inlong/manager-pojo@1.10.0", "type": "maven", "namespace": "org.apache.inlong", "name": "manager-pojo", "version": "1.10.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.12.0", "latest_non_vulnerable_version": "2.2.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54761?format=api", "vulnerability_id": "VCID-kc1h-rggv-y3g4", "summary": "Apache Inlong Deserialization of Untrusted Data vulnerability\nDeserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.7.0 through 1.11.0. The attackers can bypass using malicious parameters.\n\nUsers are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick [1], [2] to solve it.\n\n[1] https://github.com/apache/inlong/pull/9694\n\n[2] https://github.com/apache/inlong/pull/9707", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26579", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.68035", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.68048", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.68057", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.68049", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26579" }, { "reference_url": "https://github.com/apache/inlong", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/inlong" }, { "reference_url": "https://github.com/apache/inlong/commit/23e3e00cae1fd120b089fca54f7440945dfe11a4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/inlong/commit/23e3e00cae1fd120b089fca54f7440945dfe11a4" }, { "reference_url": "https://github.com/apache/inlong/commit/cdf616670942fec7d09fae2452e2ea215205dd1d", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/inlong/commit/cdf616670942fec7d09fae2452e2ea215205dd1d" }, { "reference_url": "https://github.com/apache/inlong/pull/9694", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/inlong/pull/9694" }, { "reference_url": "https://github.com/apache/inlong/pull/9707", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/inlong/pull/9707" }, { "reference_url": "https://lists.apache.org/thread/d2hndtvh6bll4pkl91o2oqxyynhr54k3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-09T15:50:40Z/" } ], "url": "https://lists.apache.org/thread/d2hndtvh6bll4pkl91o2oqxyynhr54k3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/05/09/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-09T15:50:40Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/05/09/2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26579", "reference_id": "CVE-2024-26579", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26579" }, { "reference_url": "https://github.com/advisories/GHSA-fgh3-pwmp-3qw3", "reference_id": "GHSA-fgh3-pwmp-3qw3", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-09T15:50:40Z/" } ], "url": "https://github.com/advisories/GHSA-fgh3-pwmp-3qw3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81217?format=api", "purl": "pkg:maven/org.apache.inlong/manager-pojo@1.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-pojo@1.12.0" } ], "aliases": [ "CVE-2024-26579", "GHSA-fgh3-pwmp-3qw3" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kc1h-rggv-y3g4" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46773?format=api", "vulnerability_id": "VCID-cxqk-swjn-ruaq", "summary": "Apache InLong Manager Remote Code Execution vulnerability\nImproper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it.\n\n[1] https://github.com/apache/inlong/pull/9329", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51784", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07083", "scoring_system": "epss", "scoring_elements": "0.91679", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.07083", "scoring_system": "epss", "scoring_elements": "0.91678", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.07083", "scoring_system": "epss", "scoring_elements": "0.9168", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.07083", "scoring_system": "epss", "scoring_elements": "0.91683", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51784" }, { "reference_url": "https://github.com/apache/inlong", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/inlong" }, { "reference_url": "https://github.com/apache/inlong/commit/1607837be28438c0ccae8da15afb653f2afed090", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/inlong/commit/1607837be28438c0ccae8da15afb653f2afed090" }, { "reference_url": "https://github.com/apache/inlong/pull/9329", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/inlong/pull/9329" }, { "reference_url": "https://lists.apache.org/thread/4nxbyl6mh5jgh0plk0qposbxwn6w9h8j", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-16T15:51:40Z/" } ], "url": "https://lists.apache.org/thread/4nxbyl6mh5jgh0plk0qposbxwn6w9h8j" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/03/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-16T15:51:40Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/03/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51784", "reference_id": "CVE-2023-51784", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51784" }, { "reference_url": "https://github.com/advisories/GHSA-9xg9-hh45-xcm6", "reference_id": "GHSA-9xg9-hh45-xcm6", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9xg9-hh45-xcm6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68400?format=api", "purl": "pkg:maven/org.apache.inlong/manager-pojo@1.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kc1h-rggv-y3g4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-pojo@1.10.0" } ], "aliases": [ "CVE-2023-51784", "GHSA-9xg9-hh45-xcm6" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cxqk-swjn-ruaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46776?format=api", "vulnerability_id": "VCID-qvta-52a2-tqcm", "summary": "Apache InLong Manager Arbitrary File Read Vulnerability\nDeserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it.\n\n[1] https://github.com/apache/inlong/pull/9331", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51785", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54231", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54208", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54233", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54242", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51785" }, { "reference_url": "https://github.com/apache/inlong", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/inlong" }, { "reference_url": "https://github.com/apache/inlong/commit/d674bfe28416aff728eabafc1f6b8bb9ba5a5b8e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/inlong/commit/d674bfe28416aff728eabafc1f6b8bb9ba5a5b8e" }, { "reference_url": "https://github.com/apache/inlong/pull/9331", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/inlong/pull/9331" }, { "reference_url": "https://lists.apache.org/thread/g0yjmtjqvp8bnf1j0tdsk0nhfozjdjno", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-06T14:54:34Z/" } ], "url": "https://lists.apache.org/thread/g0yjmtjqvp8bnf1j0tdsk0nhfozjdjno" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/03/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-06T14:54:34Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/03/2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51785", "reference_id": "CVE-2023-51785", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51785" }, { "reference_url": "https://github.com/advisories/GHSA-crwj-2r3c-gx2g", "reference_id": "GHSA-crwj-2r3c-gx2g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-crwj-2r3c-gx2g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68400?format=api", "purl": "pkg:maven/org.apache.inlong/manager-pojo@1.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kc1h-rggv-y3g4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-pojo@1.10.0" } ], "aliases": [ "CVE-2023-51785", "GHSA-crwj-2r3c-gx2g" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qvta-52a2-tqcm" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.inlong/manager-pojo@1.10.0" }