Package Instance

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/941801?format=api",
    "purl": "pkg:deb/debian/undertow@2.2.0-1?distro=sid",
    "type": "deb",
    "namespace": "debian",
    "name": "undertow",
    "version": "2.2.0-1",
    "qualifiers": {
        "distro": "sid"
    },
    "subpath": "",
    "is_vulnerable": false,
    "next_non_vulnerable_version": "2.2.4-1",
    "latest_non_vulnerable_version": "2.3.20-1",
    "affected_by_vulnerabilities": [],
    "fixing_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35684?format=api",
            "vulnerability_id": "VCID-73st-24ck-uydb",
            "summary": "HTTP Request Smuggling in Undertow\nA flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10687.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10687.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10687",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00123",
                            "scoring_system": "epss",
                            "scoring_elements": "0.3121",
                            "published_at": "2026-04-24T12:55:00Z"
                        },
                        {
                            "value": "0.00123",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31387",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00123",
                            "scoring_system": "epss",
                            "scoring_elements": "0.3144",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00123",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31471",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00123",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31474",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.00123",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31432",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00123",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31396",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00123",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31429",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00123",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31409",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00123",
                            "scoring_system": "epss",
                            "scoring_elements": "0.3138",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.00123",
                            "scoring_system": "epss",
                            "scoring_elements": "0.3139",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.00123",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31527",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.00123",
                            "scoring_system": "epss",
                            "scoring_elements": "0.3157",
                            "published_at": "2026-04-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10687"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687"
                },
                {
                    "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0015",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.netapp.com/advisory/ntap-20220210-0015"
                },
                {
                    "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0015/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.netapp.com/advisory/ntap-20220210-0015/"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-p9w3-gwc2-cr49",
                    "reference_id": "GHSA-p9w3-gwc2-cr49",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-p9w3-gwc2-cr49"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2020:3192",
                    "reference_id": "RHSA-2020:3192",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2020:3192"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2021:0872",
                    "reference_id": "RHSA-2021:0872",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2021:0872"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2021:0873",
                    "reference_id": "RHSA-2021:0873",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2021:0873"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2021:0874",
                    "reference_id": "RHSA-2021:0874",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2021:0874"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2021:0885",
                    "reference_id": "RHSA-2021:0885",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2021:0885"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/941801?format=api",
                    "purl": "pkg:deb/debian/undertow@2.2.0-1?distro=sid",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.2.0-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/941790?format=api",
                    "purl": "pkg:deb/debian/undertow@2.3.20-1?distro=sid",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid"
                }
            ],
            "aliases": [
                "CVE-2020-10687",
                "GHSA-p9w3-gwc2-cr49"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-73st-24ck-uydb"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46035?format=api",
            "vulnerability_id": "VCID-bpuw-kn4r-6kau",
            "summary": "HTTP request smuggling in Undertow\nA flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20220.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20220.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20220",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00182",
                            "scoring_system": "epss",
                            "scoring_elements": "0.39632",
                            "published_at": "2026-04-24T12:55:00Z"
                        },
                        {
                            "value": "0.00182",
                            "scoring_system": "epss",
                            "scoring_elements": "0.39843",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00182",
                            "scoring_system": "epss",
                            "scoring_elements": "0.39898",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00182",
                            "scoring_system": "epss",
                            "scoring_elements": "0.39911",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00182",
                            "scoring_system": "epss",
                            "scoring_elements": "0.39921",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.00182",
                            "scoring_system": "epss",
                            "scoring_elements": "0.39886",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00182",
                            "scoring_system": "epss",
                            "scoring_elements": "0.39866",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00182",
                            "scoring_system": "epss",
                            "scoring_elements": "0.39916",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00182",
                            "scoring_system": "epss",
                            "scoring_elements": "0.39887",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00182",
                            "scoring_system": "epss",
                            "scoring_elements": "0.39807",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.00182",
                            "scoring_system": "epss",
                            "scoring_elements": "0.39744",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.00182",
                            "scoring_system": "epss",
                            "scoring_elements": "0.39892",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.00182",
                            "scoring_system": "epss",
                            "scoring_elements": "0.3992",
                            "published_at": "2026-04-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20220"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923133",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923133"
                },
                {
                    "reference_url": "https://github.com/undertow-io/undertow/commit/9e797b2f99617fdad0471eaa88c711ee7f44605f",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/undertow-io/undertow/commit/9e797b2f99617fdad0471eaa88c711ee7f44605f"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20220",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20220"
                },
                {
                    "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0013",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.netapp.com/advisory/ntap-20220210-0013"
                },
                {
                    "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0013/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.netapp.com/advisory/ntap-20220210-0013/"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-qjwc-v72v-fq6r",
                    "reference_id": "GHSA-qjwc-v72v-fq6r",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-qjwc-v72v-fq6r"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2021:0872",
                    "reference_id": "RHSA-2021:0872",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2021:0872"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2021:0873",
                    "reference_id": "RHSA-2021:0873",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2021:0873"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2021:0874",
                    "reference_id": "RHSA-2021:0874",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2021:0874"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2021:0885",
                    "reference_id": "RHSA-2021:0885",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2021:0885"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2021:0974",
                    "reference_id": "RHSA-2021:0974",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2021:0974"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2021:2210",
                    "reference_id": "RHSA-2021:2210",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2021:2210"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2021:2755",
                    "reference_id": "RHSA-2021:2755",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2021:2755"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/941801?format=api",
                    "purl": "pkg:deb/debian/undertow@2.2.0-1?distro=sid",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.2.0-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/941790?format=api",
                    "purl": "pkg:deb/debian/undertow@2.3.20-1?distro=sid",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid"
                }
            ],
            "aliases": [
                "CVE-2021-20220",
                "GHSA-qjwc-v72v-fq6r"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bpuw-kn4r-6kau"
        }
    ],
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.2.0-1%3Fdistro=sid"
}