GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/38218?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38218?format=api",
    "vulnerability_id": "VCID-87wb-n62p-8ba3",
    "summary": "Improper Restriction of XML External Entity Reference\nXML external entity (XXE) vulnerability in the `SqlXmlUtil` code in Apache Derby, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving `XmlVTI` and the XML datatype.",
    "aliases": [
        {
            "alias": "CVE-2015-1832"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/52899?format=api",
            "purl": "pkg:maven/org.apache.derby/derby@10.12.1.1",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.derby/derby@10.12.1.1"
        }
    ],
    "affected_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/52898?format=api",
            "purl": "pkg:maven/org.apache.derby/derby@10.11.1.1",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-87wb-n62p-8ba3"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.derby/derby@10.11.1.1"
        }
    ],
    "references": [
        {
            "reference_url": "https://issues.apache.org/jira/browse/DERBY-6807",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "https://issues.apache.org/jira/browse/DERBY-6807"
        }
    ],
    "weaknesses": [
        {
            "cwe_id": 1035,
            "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities",
            "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."
        },
        {
            "cwe_id": 399,
            "name": "Resource Management Errors",
            "description": "Weaknesses in this category are related to improper management of system resources."
        },
        {
            "cwe_id": 611,
            "name": "Improper Restriction of XML External Entity Reference",
            "description": "The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output."
        },
        {
            "cwe_id": 937,
            "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities",
            "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."
        }
    ],
    "exploits": [],
    "severity_range_score": null,
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-87wb-n62p-8ba3"
}