Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/13083?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13083?format=api", "vulnerability_id": "VCID-nxay-hm6f-g3d3", "summary": "Uncontrolled Resource Consumption\nThere is a possible DoS vulnerability in the multipart parser in Rack. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.", "aliases": [ { "alias": "CVE-2018-16470" }, { "alias": "GHSA-hg78-4f6x-99wq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/206265?format=api", "purl": "pkg:deb/debian/ruby-rack@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/206260?format=api", "purl": "pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-prpy-7zzn-yuay" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/206258?format=api", "purl": "pkg:deb/debian/ruby-rack@2.2.22-0%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-prpy-7zzn-yuay" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.22-0%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/206262?format=api", "purl": "pkg:deb/debian/ruby-rack@3.1.20-0%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-prpy-7zzn-yuay" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.20-0%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/206261?format=api", "purl": "pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/56007?format=api", "purl": "pkg:gem/rack@2.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tdz9-czjp-4fcg" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.6" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56005?format=api", "purl": "pkg:gem/rack@2.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-nxay-hm6f-g3d3" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tdz9-czjp-4fcg" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-v4fe-p2td-37hq" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/56006?format=api", "purl": "pkg:gem/rack@2.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-nxay-hm6f-g3d3" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tdz9-czjp-4fcg" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-v4fe-p2td-37hq" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.5" } ], "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3172", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3172" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16470", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38974", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16470" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913003", "reference_id": "913003", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913003" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16470", "reference_id": "CVE-2018-16470", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16470" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2018-16470.yml", "reference_id": "CVE-2018-16470.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2018-16470.yml" }, { "reference_url": "https://github.com/advisories/GHSA-hg78-4f6x-99wq", "reference_id": "GHSA-hg78-4f6x-99wq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hg78-4f6x-99wq" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 400, "name": "Uncontrolled Resource Consumption", "description": "The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": "5.3 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nxay-hm6f-g3d3" }