Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/41765?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41765?format=api", "vulnerability_id": "VCID-hqpn-11du-rkex", "summary": "MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. `If-Modified-Since` and `If-Unmodified-Since` headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a specific bucket and also gain access to some amount of\ninformation such as `Last-Modified (of the latest version)`, `Etag (of the latest version)`, `x-amz-version-id (of the latest version)`, `Expires (metadata value of the latest version)`, `Cache-Control (metadata value of the latest version)`. This conditional check was being honored before validating if the anonymous access is indeed allowed on the metadata of an object. This issue has been addressed in commit `e0fe7cc3917`. Users must upgrade to RELEASE.2024-05-27T19-17-46Z for the fix. There are no known workarounds for this issue.", "aliases": [ { "alias": "CVE-2024-36107" }, { "alias": "GHSA-95fr-cm4m-q5p9" } ], "fixed_packages": [], "affected_packages": [], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36107.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36107.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36107", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.3456", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34382", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36107" }, { "reference_url": "https://github.com/minio/minio", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/minio/minio" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36107", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36107" }, { "reference_url": "https://github.com/minio/minio/pull/19810", "reference_id": "19810", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T20:51:21Z/" } ], "url": "https://github.com/minio/minio/pull/19810" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283783", "reference_id": "2283783", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283783" }, { "reference_url": "https://github.com/minio/minio/commit/e0fe7cc391724fc5baa85b45508f425020fe4272", "reference_id": "e0fe7cc391724fc5baa85b45508f425020fe4272", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T20:51:21Z/" } ], "url": "https://github.com/minio/minio/commit/e0fe7cc391724fc5baa85b45508f425020fe4272" }, { "reference_url": "https://github.com/minio/minio/security/advisories/GHSA-95fr-cm4m-q5p9", "reference_id": "GHSA-95fr-cm4m-q5p9", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T20:51:21Z/" } ], "url": "https://github.com/minio/minio/security/advisories/GHSA-95fr-cm4m-q5p9" }, { "reference_url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-Modified-Since", "reference_id": "If-Modified-Since", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T20:51:21Z/" } ], "url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-Modified-Since" }, { "reference_url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-Unmodified-Since", "reference_id": "If-Unmodified-Since", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T20:51:21Z/" } ], "url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-Unmodified-Since" } ], "weaknesses": [ { "cwe_id": 200, "name": "Exposure of Sensitive Information to an Unauthorized Actor", "description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hqpn-11du-rkex" }