Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/42354?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42354?format=api", "vulnerability_id": "VCID-ba6b-dcwy-qya4", "summary": "Improper Restriction of XML External Entity Reference\nPostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.", "aliases": [ { "alias": "CVE-2020-13692" }, { "alias": "GHSA-88cc-g835-76rp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/103047?format=api", "purl": "pkg:deb/debian/libpgjava@42.2.12-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpgjava@42.2.12-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/103043?format=api", "purl": "pkg:deb/debian/libpgjava@42.2.15-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-y6bd-xgvn-jub9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpgjava@42.2.15-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/103041?format=api", "purl": "pkg:deb/debian/libpgjava@42.5.5-0%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-y6bd-xgvn-jub9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpgjava@42.5.5-0%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/103045?format=api", "purl": "pkg:deb/debian/libpgjava@42.7.7-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-y6bd-xgvn-jub9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpgjava@42.7.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/103044?format=api", "purl": "pkg:deb/debian/libpgjava@42.7.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpgjava@42.7.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/60560?format=api", "purl": "pkg:maven/org.postgresql/postgresql@42.2.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.postgresql/postgresql@42.2.13" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60559?format=api", "purl": "pkg:maven/org.postgresql/postgresql@9.4.1212.jre6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ba6b-dcwy-qya4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.postgresql/postgresql@9.4.1212.jre6" }, { "url": "http://public2.vulnerablecode.io/api/packages/140628?format=api", "purl": "pkg:rpm/redhat/postgresql-jdbc@8.4.704-4?arch=el6_10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ba6b-dcwy-qya4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/postgresql-jdbc@8.4.704-4%3Farch=el6_10" }, { "url": "http://public2.vulnerablecode.io/api/packages/140626?format=api", "purl": "pkg:rpm/redhat/postgresql-jdbc@9.2.1002-8?arch=el7_8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ba6b-dcwy-qya4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/postgresql-jdbc@9.2.1002-8%3Farch=el7_8" }, { "url": "http://public2.vulnerablecode.io/api/packages/140629?format=api", "purl": "pkg:rpm/redhat/postgresql-jdbc@42.2.3-3?arch=el8_0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ba6b-dcwy-qya4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/postgresql-jdbc@42.2.3-3%3Farch=el8_0" }, { "url": "http://public2.vulnerablecode.io/api/packages/140630?format=api", "purl": "pkg:rpm/redhat/postgresql-jdbc@42.2.3-3?arch=el8_1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ba6b-dcwy-qya4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/postgresql-jdbc@42.2.3-3%3Farch=el8_1" }, { "url": "http://public2.vulnerablecode.io/api/packages/140631?format=api", "purl": "pkg:rpm/redhat/postgresql-jdbc@42.2.3-3?arch=el8_2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ba6b-dcwy-qya4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/postgresql-jdbc@42.2.3-3%3Farch=el8_2" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13692.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13692.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13692", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07801", "scoring_system": "epss", "scoring_elements": "0.92119", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13692" }, { "reference_url": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65" }, { "reference_url": "https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13" }, { "reference_url": "https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb@%3Ccommits.camel.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb@%3Ccommits.camel.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e@%3Ccommits.camel.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e@%3Ccommits.camel.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0@%3Ccommits.camel.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0@%3Ccommits.camel.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a@%3Ccommits.camel.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a@%3Ccommits.camel.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f@%3Cnotifications.netbeans.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f@%3Cnotifications.netbeans.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e@%3Ccommits.camel.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e@%3Ccommits.camel.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0@%3Ccommits.camel.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0@%3Ccommits.camel.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977@%3Cnotifications.netbeans.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977@%3Cnotifications.netbeans.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae@%3Ccommits.camel.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae@%3Ccommits.camel.apache.org%3E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200619-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200619-0005" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200619-0005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200619-0005/" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5196", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2022/dsa-5196" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852985", "reference_id": "1852985", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852985" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962828", "reference_id": "962828", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962828" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13692", "reference_id": "CVE-2020-13692", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13692" }, { "reference_url": "https://github.com/advisories/GHSA-88cc-g835-76rp", "reference_id": "GHSA-88cc-g835-76rp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-88cc-g835-76rp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3005", "reference_id": "RHSA-2020:3005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3176", "reference_id": "RHSA-2020:3176", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3176" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3209", "reference_id": "RHSA-2020:3209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3209" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3248", "reference_id": "RHSA-2020:3248", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3248" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3283", "reference_id": "RHSA-2020:3283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3284", "reference_id": "RHSA-2020:3284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3284" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3285", "reference_id": "RHSA-2020:3285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3286", "reference_id": "RHSA-2020:3286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3675", "reference_id": "RHSA-2020:3675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3678", "reference_id": "RHSA-2020:3678", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3678" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5568", "reference_id": "RHSA-2020:5568", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5568" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0110", "reference_id": "RHSA-2021:0110", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0110" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 611, "name": "Improper Restriction of XML External Entity Reference", "description": "The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ba6b-dcwy-qya4" }