Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/45357?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45357?format=api", "vulnerability_id": "VCID-tqye-27ur-eyf5", "summary": "@keystone-6/core's bundled cuid package known to be insecure\n### Summary\nThe `cuid` package used by `@keystone-6/*` and upstream dependencies is deprecated and [marked as insecure by the author](https://github.com/paralleldrive/cuid#status-deprecated-due-to-security-use-cuid2-instead). \n\nAs reported by the author\n> Cuid and other k-sortable and non-cryptographic ids (Ulid, ObjectId, KSUID, all UUIDs) are all insecure. Use @paralleldrive/cuid2 instead.\n\n### What are doing about this?\n- [We are waiting on Prisma](https://github.com/keystonejs/keystone/issues/8282) to add support for [`cuid2`](https://github.com/paralleldrive/cuid2)\n- Alternatively, we might default to a random string ourselves\n\n### What can I do about this?\nWe have added a work-around for users who want to provide custom identifiers in https://github.com/keystonejs/keystone/pull/8645\n\n### What if I need a `cuid`?\nThe features marked as a security vulnerability by @paralleldrive are sometimes actually needed ([as written in the README of `cuid`](https://github.com/paralleldrive/cuid#motivation)) - the problem is the inherent risks that features like this can have.\n\nYou might actually want the features of a monotonically increasing (auto-increment, k-sortable), and timestamp-based id as part of your application, and keystone should support that - but you might not want them by _default_.\nThis is why this security advisory has been accepted by me (@dcousens), we currently use cuid identifiers by default, and that should change.\n\n### Impact\nI have accepted this security advisory on the basis that we don't need this kind of identifier typically, and the need for them should be driven by an application's requirements, not a convenient default.", "aliases": [ { "alias": "GHSA-5fp6-4xw3-xqq3" }, { "alias": "GMS-2023-1872" } ], "fixed_packages": [], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/656152?format=api", "purl": "pkg:npm/%40keystone-6/core@0.0.0-rc-20221013033655", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@0.0.0-rc-20221013033655" }, { "url": "http://public2.vulnerablecode.io/api/packages/656153?format=api", "purl": "pkg:npm/%40keystone-6/core@0.0.0-rc-20230214225011", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@0.0.0-rc-20230214225011" }, { "url": "http://public2.vulnerablecode.io/api/packages/656154?format=api", "purl": "pkg:npm/%40keystone-6/core@0.0.0-rc-20230220024700", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@0.0.0-rc-20230220024700" }, { "url": "http://public2.vulnerablecode.io/api/packages/656155?format=api", "purl": "pkg:npm/%40keystone-6/core@0.0.0-rc-20230328041955", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@0.0.0-rc-20230328041955" }, { "url": "http://public2.vulnerablecode.io/api/packages/656156?format=api", "purl": "pkg:npm/%40keystone-6/core@0.0.0-rc-20230329060432", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@0.0.0-rc-20230329060432" }, { "url": "http://public2.vulnerablecode.io/api/packages/656157?format=api", "purl": "pkg:npm/%40keystone-6/core@0.0.0-rc-20230330050032", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@0.0.0-rc-20230330050032" }, { "url": "http://public2.vulnerablecode.io/api/packages/656158?format=api", "purl": "pkg:npm/%40keystone-6/core@0.0.0-rc-20230412063326", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@0.0.0-rc-20230412063326" }, { "url": "http://public2.vulnerablecode.io/api/packages/656159?format=api", "purl": "pkg:npm/%40keystone-6/core@0.0.0-rc-20230412064346", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@0.0.0-rc-20230412064346" }, { "url": "http://public2.vulnerablecode.io/api/packages/656160?format=api", "purl": "pkg:npm/%40keystone-6/core@0.0.0-rc-20230512055539", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@0.0.0-rc-20230512055539" }, { "url": "http://public2.vulnerablecode.io/api/packages/656161?format=api", "purl": "pkg:npm/%40keystone-6/core@0.0.0-rc-20230523070754", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@0.0.0-rc-20230523070754" }, { "url": "http://public2.vulnerablecode.io/api/packages/656162?format=api", "purl": "pkg:npm/%40keystone-6/core@1.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@1.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/656163?format=api", "purl": "pkg:npm/%40keystone-6/core@1.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@1.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/656164?format=api", "purl": "pkg:npm/%40keystone-6/core@1.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@1.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/656165?format=api", "purl": "pkg:npm/%40keystone-6/core@1.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@1.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/656166?format=api", "purl": "pkg:npm/%40keystone-6/core@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/656167?format=api", "purl": "pkg:npm/%40keystone-6/core@2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@2.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/504545?format=api", "purl": "pkg:npm/%40keystone-6/core@2.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-k428-up64-47d9" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@2.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/615328?format=api", "purl": "pkg:npm/%40keystone-6/core@2.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-k428-up64-47d9" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@2.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/145010?format=api", "purl": "pkg:npm/%40keystone-6/core@2.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@2.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/504630?format=api", "purl": "pkg:npm/%40keystone-6/core@3.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-r13j-pm6j-8ubf" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@3.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/618568?format=api", "purl": "pkg:npm/%40keystone-6/core@3.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-r13j-pm6j-8ubf" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@3.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/148805?format=api", "purl": "pkg:npm/%40keystone-6/core@3.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@3.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/656168?format=api", "purl": "pkg:npm/%40keystone-6/core@3.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@3.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/656169?format=api", "purl": "pkg:npm/%40keystone-6/core@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@3.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/656170?format=api", "purl": "pkg:npm/%40keystone-6/core@3.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@3.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/656171?format=api", "purl": "pkg:npm/%40keystone-6/core@3.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@3.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/656172?format=api", "purl": "pkg:npm/%40keystone-6/core@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@4.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/656173?format=api", "purl": "pkg:npm/%40keystone-6/core@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@4.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/656174?format=api", "purl": "pkg:npm/%40keystone-6/core@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@5.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/656175?format=api", "purl": "pkg:npm/%40keystone-6/core@5.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@5.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/656176?format=api", "purl": "pkg:npm/%40keystone-6/core@5.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@5.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/656177?format=api", "purl": "pkg:npm/%40keystone-6/core@5.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@5.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/65373?format=api", "purl": "pkg:npm/%40keystone-6/core@5.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kdx-3r3z-nye2" }, { "vulnerability": "VCID-gxmq-8d4q-xqdm" }, { "vulnerability": "VCID-ppy6-36tw-sqft" }, { "vulnerability": "VCID-tqye-27ur-eyf5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540keystone-6/core@5.3.1" } ], "references": [ { "reference_url": "https://github.com/keystonejs/keystone", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keystonejs/keystone" }, { "reference_url": "https://github.com/keystonejs/keystone/issues/8282#issuecomment-1586019823", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keystonejs/keystone/issues/8282#issuecomment-1586019823" }, { "reference_url": "https://github.com/paralleldrive/cuid#status-deprecated-due-to-security-use-cuid2-instead", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/paralleldrive/cuid#status-deprecated-due-to-security-use-cuid2-instead" }, { "reference_url": "https://github.com/advisories/GHSA-5fp6-4xw3-xqq3", "reference_id": "GHSA-5fp6-4xw3-xqq3", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5fp6-4xw3-xqq3" }, { "reference_url": "https://github.com/keystonejs/keystone/security/advisories/GHSA-5fp6-4xw3-xqq3", "reference_id": "GHSA-5fp6-4xw3-xqq3", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keystonejs/keystone/security/advisories/GHSA-5fp6-4xw3-xqq3" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": "0.1 - 3", "exploitability": "0.5", "weighted_severity": "2.7", "risk_score": 1.4, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tqye-27ur-eyf5" }