Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/33663?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33663?format=api", "vulnerability_id": "VCID-nnhm-vcmu-gkd7", "summary": "Denial of service in Apache Xerces2\nApache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.", "aliases": [ { "alias": "CVE-2012-0881" }, { "alias": "GHSA-vmqm-g3vh-847m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20333?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-c2s2-wsy6-sufn" }, { "vulnerability": "VCID-c3c2-b2bc-6bdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.12.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/147741?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gpd-vwgb-67cn" }, { "vulnerability": "VCID-a6wc-3mp6-63ek" }, { "vulnerability": "VCID-c2s2-wsy6-sufn" }, { "vulnerability": "VCID-c3c2-b2bc-6bdh" }, { "vulnerability": "VCID-nnhm-vcmu-gkd7" }, { "vulnerability": "VCID-qfw9-f3rm-kfah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/147742?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gpd-vwgb-67cn" }, { "vulnerability": "VCID-a6wc-3mp6-63ek" }, { "vulnerability": "VCID-c2s2-wsy6-sufn" }, { "vulnerability": "VCID-c3c2-b2bc-6bdh" }, { "vulnerability": "VCID-nnhm-vcmu-gkd7" }, { "vulnerability": "VCID-qfw9-f3rm-kfah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/147743?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gpd-vwgb-67cn" }, { "vulnerability": "VCID-a6wc-3mp6-63ek" }, { "vulnerability": "VCID-c2s2-wsy6-sufn" }, { "vulnerability": "VCID-c3c2-b2bc-6bdh" }, { "vulnerability": "VCID-nnhm-vcmu-gkd7" }, { "vulnerability": "VCID-qfw9-f3rm-kfah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20064?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gpd-vwgb-67cn" }, { "vulnerability": "VCID-a6wc-3mp6-63ek" }, { "vulnerability": "VCID-c2s2-wsy6-sufn" }, { "vulnerability": "VCID-c3c2-b2bc-6bdh" }, { "vulnerability": "VCID-nnhm-vcmu-gkd7" }, { "vulnerability": "VCID-qfw9-f3rm-kfah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/20065?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gpd-vwgb-67cn" }, { "vulnerability": "VCID-a6wc-3mp6-63ek" }, { "vulnerability": "VCID-c2s2-wsy6-sufn" }, { "vulnerability": "VCID-c3c2-b2bc-6bdh" }, { "vulnerability": "VCID-nnhm-vcmu-gkd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/147744?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gpd-vwgb-67cn" }, { "vulnerability": "VCID-a6wc-3mp6-63ek" }, { "vulnerability": "VCID-c2s2-wsy6-sufn" }, { "vulnerability": "VCID-c3c2-b2bc-6bdh" }, { "vulnerability": "VCID-nnhm-vcmu-gkd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/147745?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gpd-vwgb-67cn" }, { "vulnerability": "VCID-a6wc-3mp6-63ek" }, { "vulnerability": "VCID-c2s2-wsy6-sufn" }, { "vulnerability": "VCID-c3c2-b2bc-6bdh" }, { "vulnerability": "VCID-nnhm-vcmu-gkd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/147746?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gpd-vwgb-67cn" }, { "vulnerability": "VCID-a6wc-3mp6-63ek" }, { "vulnerability": "VCID-c2s2-wsy6-sufn" }, { "vulnerability": "VCID-c3c2-b2bc-6bdh" }, { "vulnerability": "VCID-nnhm-vcmu-gkd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/147747?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gpd-vwgb-67cn" }, { "vulnerability": "VCID-a6wc-3mp6-63ek" }, { "vulnerability": "VCID-c2s2-wsy6-sufn" }, { "vulnerability": "VCID-c3c2-b2bc-6bdh" }, { "vulnerability": "VCID-nnhm-vcmu-gkd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.6.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/147748?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.6.2-jaxb-1.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gpd-vwgb-67cn" }, { "vulnerability": "VCID-a6wc-3mp6-63ek" }, { "vulnerability": "VCID-c2s2-wsy6-sufn" }, { "vulnerability": "VCID-c3c2-b2bc-6bdh" }, { "vulnerability": "VCID-nnhm-vcmu-gkd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.6.2-jaxb-1.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/147749?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gpd-vwgb-67cn" }, { "vulnerability": "VCID-a6wc-3mp6-63ek" }, { "vulnerability": "VCID-c2s2-wsy6-sufn" }, { "vulnerability": "VCID-c3c2-b2bc-6bdh" }, { "vulnerability": "VCID-nnhm-vcmu-gkd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/147750?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gpd-vwgb-67cn" }, { "vulnerability": "VCID-a6wc-3mp6-63ek" }, { "vulnerability": "VCID-c2s2-wsy6-sufn" }, { "vulnerability": "VCID-c3c2-b2bc-6bdh" }, { "vulnerability": "VCID-nnhm-vcmu-gkd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/147751?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gpd-vwgb-67cn" }, { "vulnerability": "VCID-a6wc-3mp6-63ek" }, { "vulnerability": "VCID-c2s2-wsy6-sufn" }, { "vulnerability": "VCID-c3c2-b2bc-6bdh" }, { "vulnerability": "VCID-nnhm-vcmu-gkd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/147752?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gpd-vwgb-67cn" }, { "vulnerability": "VCID-a6wc-3mp6-63ek" }, { "vulnerability": "VCID-c2s2-wsy6-sufn" }, { "vulnerability": "VCID-c3c2-b2bc-6bdh" }, { "vulnerability": "VCID-nnhm-vcmu-gkd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/19956?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gpd-vwgb-67cn" }, { "vulnerability": "VCID-a6wc-3mp6-63ek" }, { "vulnerability": "VCID-c2s2-wsy6-sufn" }, { "vulnerability": "VCID-c3c2-b2bc-6bdh" }, { "vulnerability": "VCID-nnhm-vcmu-gkd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/19957?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a6wc-3mp6-63ek" }, { "vulnerability": "VCID-c2s2-wsy6-sufn" }, { "vulnerability": "VCID-c3c2-b2bc-6bdh" }, { "vulnerability": "VCID-nnhm-vcmu-gkd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.10.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/20332?format=api", "purl": "pkg:maven/xerces/xercesImpl@2.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a6wc-3mp6-63ek" }, { "vulnerability": "VCID-c2s2-wsy6-sufn" }, { "vulnerability": "VCID-c3c2-b2bc-6bdh" }, { "vulnerability": "VCID-nnhm-vcmu-gkd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/xerces/xercesImpl@2.11.0" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0881.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0881.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0881", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02102", "scoring_system": "epss", "scoring_elements": "0.84028", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02102", "scoring_system": "epss", "scoring_elements": "0.84088", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02102", "scoring_system": "epss", "scoring_elements": "0.84065", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02102", "scoring_system": "epss", "scoring_elements": "0.8407", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02102", "scoring_system": "epss", "scoring_elements": "0.84077", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02102", "scoring_system": "epss", "scoring_elements": "0.8406", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02102", "scoring_system": "epss", "scoring_elements": "0.84011", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02102", "scoring_system": "epss", "scoring_elements": "0.83997", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02102", "scoring_system": "epss", "scoring_elements": "0.84054", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02102", "scoring_system": "epss", "scoring_elements": "0.8403", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0881" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=787104", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=787104" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881" }, { "reference_url": "https://github.com/apache/xerces2-j/commit/992b5d9c24102ad20330d36c0a71162753a37449", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/xerces2-j/commit/992b5d9c24102ad20330d36c0a71162753a37449" }, { "reference_url": "https://issues.apache.org/jira/browse/XERCESJ-1685", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/XERCESJ-1685" }, { "reference_url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73@%3Cj-users.xerces.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73@%3Cj-users.xerces.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rea7b831dceeb2a2fa817be6f63b08722042e3647fb2d47c144370a56@%3Ccommon-issues.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rea7b831dceeb2a2fa817be6f63b08722042e3647fb2d47c144370a56@%3Ccommon-issues.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rea7b831dceeb2a2fa817be6f63b08722042e3647fb2d47c144370a56%40%3Ccommon-issues.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rea7b831dceeb2a2fa817be6f63b08722042e3647fb2d47c144370a56%40%3Ccommon-issues.hadoop.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0881", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0881" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2014/07/08/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2014/07/08/11" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/07/08/11", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2014/07/08/11" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:xerces2_java:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:xerces2_java:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:xerces2_java:*:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-vmqm-g3vh-847m", "reference_id": "GHSA-vmqm-g3vh-847m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vmqm-g3vh-847m" } ], "weaknesses": [ { "cwe_id": 400, "name": "Uncontrolled Resource Consumption", "description": "The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources." }, { "cwe_id": 407, "name": "Inefficient Algorithmic Complexity", "description": "An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 399, "name": "Resource Management Errors", "description": "Weaknesses in this category are related to improper management of system resources." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nnhm-vcmu-gkd7" }