Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/10997?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10997?format=api", "vulnerability_id": "VCID-fp5s-gbub-8kfx", "summary": "Uncontrolled Resource Consumption\nA denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.", "aliases": [ { "alias": "CVE-2019-0820" }, { "alias": "GHSA-cmhx-cq75-c4mj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/37957?format=api", "purl": "pkg:nuget/System.Text.RegularExpressions@4.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/System.Text.RegularExpressions@4.3.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/37956?format=api", "purl": "pkg:nuget/System.Text.RegularExpressions@4.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fp5s-gbub-8kfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/System.Text.RegularExpressions@4.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/106131?format=api", "purl": "pkg:rpm/redhat/dotnet@2.1.507-2?arch=el8_0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7x66-h775-pfck" }, { "vulnerability": "VCID-fp5s-gbub-8kfx" }, { "vulnerability": "VCID-tqmj-zzhq-83a5" }, { "vulnerability": "VCID-umjr-e1we-4ua2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/dotnet@2.1.507-2%3Farch=el8_0" }, { "url": "http://public2.vulnerablecode.io/api/packages/106137?format=api", "purl": "pkg:rpm/redhat/rh-dotnet21@2.1-10?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fp5s-gbub-8kfx" }, { "vulnerability": "VCID-tqmj-zzhq-83a5" }, { "vulnerability": "VCID-umjr-e1we-4ua2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-dotnet21@2.1-10%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/106135?format=api", "purl": "pkg:rpm/redhat/rh-dotnet21-dotnet@2.1.507-2?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fp5s-gbub-8kfx" }, { "vulnerability": "VCID-tqmj-zzhq-83a5" }, { "vulnerability": "VCID-umjr-e1we-4ua2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-dotnet21-dotnet@2.1.507-2%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/106132?format=api", "purl": "pkg:rpm/redhat/rh-dotnet22@2.2-7?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fp5s-gbub-8kfx" }, { "vulnerability": "VCID-tqmj-zzhq-83a5" }, { "vulnerability": "VCID-umjr-e1we-4ua2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-dotnet22@2.2-7%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/106133?format=api", "purl": "pkg:rpm/redhat/rh-dotnet22-curl@7.61.1-2?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fp5s-gbub-8kfx" }, { "vulnerability": "VCID-tqmj-zzhq-83a5" }, { "vulnerability": "VCID-umjr-e1we-4ua2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-dotnet22-curl@7.61.1-2%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/106134?format=api", "purl": "pkg:rpm/redhat/rh-dotnet22-dotnet@2.2.107-2?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fp5s-gbub-8kfx" }, { "vulnerability": "VCID-tqmj-zzhq-83a5" }, { "vulnerability": "VCID-umjr-e1we-4ua2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-dotnet22-dotnet@2.2.107-2%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/106136?format=api", "purl": "pkg:rpm/redhat/rh-dotnetcore10-dotnetcore@1.0.16-1?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fp5s-gbub-8kfx" }, { "vulnerability": "VCID-tqmj-zzhq-83a5" }, { "vulnerability": "VCID-umjr-e1we-4ua2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-dotnetcore10-dotnetcore@1.0.16-1%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/106130?format=api", "purl": "pkg:rpm/redhat/rh-dotnetcore11-dotnetcore@1.1.13-1?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fp5s-gbub-8kfx" }, { "vulnerability": "VCID-tqmj-zzhq-83a5" }, { "vulnerability": "VCID-umjr-e1we-4ua2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-dotnetcore11-dotnetcore@1.1.13-1%3Farch=el7" } ], "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1259", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1259" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0820.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0820.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0820", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02652", "scoring_system": "epss", "scoring_elements": "0.85802", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02652", "scoring_system": "epss", "scoring_elements": "0.85766", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02652", "scoring_system": "epss", "scoring_elements": "0.85762", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02652", "scoring_system": "epss", "scoring_elements": "0.85781", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02652", "scoring_system": "epss", "scoring_elements": "0.85785", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02652", "scoring_system": "epss", "scoring_elements": "0.85779", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02652", "scoring_system": "epss", "scoring_elements": "0.85687", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02652", "scoring_system": "epss", "scoring_elements": "0.857", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02652", "scoring_system": "epss", "scoring_elements": "0.85718", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02652", "scoring_system": "epss", "scoring_elements": "0.85724", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02652", "scoring_system": "epss", "scoring_elements": "0.85744", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02652", "scoring_system": "epss", "scoring_elements": "0.85754", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02652", "scoring_system": "epss", "scoring_elements": "0.85769", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0820" }, { "reference_url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705506", "reference_id": "1705506", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705506" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0820", "reference_id": "CVE-2019-0820", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0820" }, { "reference_url": "https://github.com/advisories/GHSA-cmhx-cq75-c4mj", "reference_id": "GHSA-cmhx-cq75-c4mj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cmhx-cq75-c4mj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1236", "reference_id": "RHSA-2019:1236", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1236" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 400, "name": "Uncontrolled Resource Consumption", "description": "The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1333, "name": "Inefficient Regular Expression Complexity", "description": "The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fp5s-gbub-8kfx" }