Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/18003?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18003?format=api", "vulnerability_id": "VCID-9x73-dsqh-zybf", "summary": "Apache Linkis Authentication Bypass vulnerability\nIn Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values.\n\nWe recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization.", "aliases": [ { "alias": "CVE-2023-27987" }, { "alias": "GHSA-4x5h-xmv4-99wx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63391?format=api", "purl": "pkg:maven/org.apache.linkis/linkis@1.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28b1-qt5r-v3f2" }, { "vulnerability": "VCID-842d-kmv5-9yg7" }, { "vulnerability": "VCID-kebp-2per-ayg5" }, { "vulnerability": "VCID-uua2-ba2j-mqgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.linkis/linkis@1.3.2" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/570198?format=api", "purl": "pkg:maven/org.apache.linkis/linkis@1.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28b1-qt5r-v3f2" }, { "vulnerability": "VCID-4qm8-61y3-nqe7" }, { "vulnerability": "VCID-4tk2-kdjk-23a1" }, { "vulnerability": "VCID-9x73-dsqh-zybf" }, { "vulnerability": "VCID-auhs-h5j3-zba8" }, { "vulnerability": "VCID-d6jw-6tf4-4kec" }, { "vulnerability": "VCID-k2nt-5799-zfcq" }, { "vulnerability": "VCID-kebp-2per-ayg5" }, { "vulnerability": "VCID-t751-vbrf-pydw" }, { "vulnerability": "VCID-up1e-7r5s-jbgr" }, { "vulnerability": "VCID-uua2-ba2j-mqgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.linkis/linkis@1.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/570199?format=api", "purl": "pkg:maven/org.apache.linkis/linkis@1.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28b1-qt5r-v3f2" }, { "vulnerability": "VCID-4qm8-61y3-nqe7" }, { "vulnerability": "VCID-4tk2-kdjk-23a1" }, { "vulnerability": "VCID-9x73-dsqh-zybf" }, { "vulnerability": "VCID-auhs-h5j3-zba8" }, { "vulnerability": "VCID-d6jw-6tf4-4kec" }, { "vulnerability": "VCID-k2nt-5799-zfcq" }, { "vulnerability": "VCID-kebp-2per-ayg5" }, { "vulnerability": "VCID-t751-vbrf-pydw" }, { "vulnerability": "VCID-up1e-7r5s-jbgr" }, { "vulnerability": "VCID-uua2-ba2j-mqgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.linkis/linkis@1.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/570200?format=api", "purl": "pkg:maven/org.apache.linkis/linkis@1.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28b1-qt5r-v3f2" }, { "vulnerability": "VCID-4qm8-61y3-nqe7" }, { "vulnerability": "VCID-4tk2-kdjk-23a1" }, { "vulnerability": "VCID-9x73-dsqh-zybf" }, { "vulnerability": "VCID-auhs-h5j3-zba8" }, { "vulnerability": "VCID-d6jw-6tf4-4kec" }, { "vulnerability": "VCID-k2nt-5799-zfcq" }, { "vulnerability": "VCID-kebp-2per-ayg5" }, { "vulnerability": "VCID-t751-vbrf-pydw" }, { "vulnerability": "VCID-up1e-7r5s-jbgr" }, { "vulnerability": "VCID-uua2-ba2j-mqgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.linkis/linkis@1.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/570201?format=api", "purl": "pkg:maven/org.apache.linkis/linkis@1.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28b1-qt5r-v3f2" }, { "vulnerability": "VCID-4qm8-61y3-nqe7" }, { "vulnerability": "VCID-4tk2-kdjk-23a1" }, { "vulnerability": "VCID-9x73-dsqh-zybf" }, { "vulnerability": "VCID-auhs-h5j3-zba8" }, { "vulnerability": "VCID-d6jw-6tf4-4kec" }, { "vulnerability": "VCID-k2nt-5799-zfcq" }, { "vulnerability": "VCID-kebp-2per-ayg5" }, { "vulnerability": "VCID-t751-vbrf-pydw" }, { "vulnerability": "VCID-up1e-7r5s-jbgr" }, { "vulnerability": "VCID-uua2-ba2j-mqgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.linkis/linkis@1.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/570202?format=api", "purl": "pkg:maven/org.apache.linkis/linkis@1.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28b1-qt5r-v3f2" }, { "vulnerability": "VCID-4qm8-61y3-nqe7" }, { "vulnerability": "VCID-4tk2-kdjk-23a1" }, { "vulnerability": "VCID-9x73-dsqh-zybf" }, { "vulnerability": "VCID-auhs-h5j3-zba8" }, { "vulnerability": "VCID-d6jw-6tf4-4kec" }, { "vulnerability": "VCID-k2nt-5799-zfcq" }, { "vulnerability": "VCID-kebp-2per-ayg5" }, { "vulnerability": "VCID-t751-vbrf-pydw" }, { "vulnerability": "VCID-up1e-7r5s-jbgr" }, { "vulnerability": "VCID-uua2-ba2j-mqgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.linkis/linkis@1.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/570203?format=api", "purl": "pkg:maven/org.apache.linkis/linkis@1.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28b1-qt5r-v3f2" }, { "vulnerability": "VCID-4qm8-61y3-nqe7" }, { "vulnerability": "VCID-4tk2-kdjk-23a1" }, { "vulnerability": "VCID-9x73-dsqh-zybf" }, { "vulnerability": "VCID-auhs-h5j3-zba8" }, { "vulnerability": "VCID-d6jw-6tf4-4kec" }, { "vulnerability": "VCID-k2nt-5799-zfcq" }, { "vulnerability": "VCID-kebp-2per-ayg5" }, { "vulnerability": "VCID-t751-vbrf-pydw" }, { "vulnerability": "VCID-up1e-7r5s-jbgr" }, { "vulnerability": "VCID-uua2-ba2j-mqgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.linkis/linkis@1.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/62595?format=api", "purl": "pkg:maven/org.apache.linkis/linkis@1.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28b1-qt5r-v3f2" }, { "vulnerability": "VCID-4qm8-61y3-nqe7" }, { "vulnerability": "VCID-4tk2-kdjk-23a1" }, { "vulnerability": "VCID-842d-kmv5-9yg7" }, { "vulnerability": "VCID-9x73-dsqh-zybf" }, { "vulnerability": "VCID-d6jw-6tf4-4kec" }, { "vulnerability": "VCID-k2nt-5799-zfcq" }, { "vulnerability": "VCID-kebp-2per-ayg5" }, { "vulnerability": "VCID-t751-vbrf-pydw" }, { "vulnerability": "VCID-up1e-7r5s-jbgr" }, { "vulnerability": "VCID-uua2-ba2j-mqgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.linkis/linkis@1.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/63390?format=api", "purl": "pkg:maven/org.apache.linkis/linkis@1.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28b1-qt5r-v3f2" }, { "vulnerability": "VCID-4tk2-kdjk-23a1" }, { "vulnerability": "VCID-842d-kmv5-9yg7" }, { "vulnerability": "VCID-9x73-dsqh-zybf" }, { "vulnerability": "VCID-d6jw-6tf4-4kec" }, { "vulnerability": "VCID-k2nt-5799-zfcq" }, { "vulnerability": "VCID-kebp-2per-ayg5" }, { "vulnerability": "VCID-up1e-7r5s-jbgr" }, { "vulnerability": "VCID-uua2-ba2j-mqgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.linkis/linkis@1.3.1" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27987", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47743", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27987" }, { "reference_url": "https://github.com/apache/linkis", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/linkis" }, { "reference_url": "https://linkis.apache.org/docs/latest/auth/token", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://linkis.apache.org/docs/latest/auth/token" }, { "reference_url": "https://lists.apache.org/thread/3cr1cz3210wzwngldwrqzm43vwhghp0p", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-17T20:20:28Z/" } ], "url": "https://lists.apache.org/thread/3cr1cz3210wzwngldwrqzm43vwhghp0p" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/04/10/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-17T20:20:28Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2023/04/10/3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27987", "reference_id": "CVE-2023-27987", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27987" }, { "reference_url": "https://github.com/advisories/GHSA-4x5h-xmv4-99wx", "reference_id": "GHSA-4x5h-xmv4-99wx", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4x5h-xmv4-99wx" } ], "weaknesses": [ { "cwe_id": 294, "name": "Authentication Bypass by Capture-replay", "description": "A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes)." }, { "cwe_id": 326, "name": "Inadequate Encryption Strength", "description": "The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9x73-dsqh-zybf" }