Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/4805?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4805?format=api", "vulnerability_id": "VCID-h5ex-bm2j-fken", "summary": "Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.", "aliases": [ { "alias": "CVE-2012-2098" }, { "alias": "GHSA-6fxm-66hq-fc96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927015?format=api", "purl": "pkg:deb/debian/libcommons-compress-java@1.4.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcommons-compress-java@1.4.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049119?format=api", "purl": "pkg:deb/debian/libcommons-compress-java@1.4.1-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-75h3-dr39-3qb8" }, { "vulnerability": "VCID-fd7z-aksz-b7hv" }, { "vulnerability": "VCID-z5bc-s8qs-zbh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcommons-compress-java@1.4.1-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/927016?format=api", "purl": "pkg:deb/debian/libcommons-compress-java@1.20-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-p41w-msyv-u7bk" }, { "vulnerability": "VCID-qsw3-wm4k-m7h3" }, { "vulnerability": "VCID-qu4m-4u1a-r3cv" }, { "vulnerability": "VCID-vaar-ytpp-eqc7" }, { "vulnerability": "VCID-y6ff-umvz-zbgd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcommons-compress-java@1.20-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927014?format=api", "purl": "pkg:deb/debian/libcommons-compress-java@1.22-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cg72-sg2w-t3ft" }, { "vulnerability": "VCID-k4wn-j55z-b3dk" }, { "vulnerability": "VCID-p41w-msyv-u7bk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcommons-compress-java@1.22-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927017?format=api", "purl": "pkg:deb/debian/libcommons-compress-java@1.27.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcommons-compress-java@1.27.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/51256?format=api", "purl": "pkg:maven/org.apache.commons/commons-compress@1.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-p41w-msyv-u7bk" }, { "vulnerability": "VCID-qu4m-4u1a-r3cv" }, { "vulnerability": "VCID-vaar-ytpp-eqc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.4.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049117?format=api", "purl": "pkg:deb/debian/libcommons-compress-java@0~svn604876-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-75h3-dr39-3qb8" }, { "vulnerability": "VCID-fd7z-aksz-b7hv" }, { "vulnerability": "VCID-h5ex-bm2j-fken" }, { "vulnerability": "VCID-p41w-msyv-u7bk" }, { "vulnerability": "VCID-qsw3-wm4k-m7h3" }, { "vulnerability": "VCID-qu4m-4u1a-r3cv" }, { "vulnerability": "VCID-vaar-ytpp-eqc7" }, { "vulnerability": "VCID-y6ff-umvz-zbgd" }, { "vulnerability": "VCID-z5bc-s8qs-zbh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcommons-compress-java@0~svn604876-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049118?format=api", "purl": "pkg:deb/debian/libcommons-compress-java@1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-75h3-dr39-3qb8" }, { "vulnerability": "VCID-fd7z-aksz-b7hv" }, { "vulnerability": "VCID-h5ex-bm2j-fken" }, { "vulnerability": "VCID-z5bc-s8qs-zbh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcommons-compress-java@1.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/37530?format=api", "purl": "pkg:maven/org.apache.commons/commons-compress@1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h5ex-bm2j-fken" }, { "vulnerability": "VCID-vaar-ytpp-eqc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/37529?format=api", "purl": "pkg:maven/org.apache.commons/commons-compress@1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h5ex-bm2j-fken" }, { "vulnerability": "VCID-qu4m-4u1a-r3cv" }, { "vulnerability": "VCID-vaar-ytpp-eqc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/254998?format=api", "purl": "pkg:maven/org.apache.commons/commons-compress@1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h5ex-bm2j-fken" }, { "vulnerability": "VCID-qu4m-4u1a-r3cv" }, { "vulnerability": "VCID-vaar-ytpp-eqc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/62575?format=api", "purl": "pkg:maven/org.apache.commons/commons-compress@1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h5ex-bm2j-fken" }, { "vulnerability": "VCID-p41w-msyv-u7bk" }, { "vulnerability": "VCID-qu4m-4u1a-r3cv" }, { "vulnerability": "VCID-vaar-ytpp-eqc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/254999?format=api", "purl": "pkg:maven/org.apache.commons/commons-compress@1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h5ex-bm2j-fken" }, { "vulnerability": "VCID-p41w-msyv-u7bk" }, { "vulnerability": "VCID-qu4m-4u1a-r3cv" }, { "vulnerability": "VCID-vaar-ytpp-eqc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.4" } ], "references": [ { "reference_url": "http://ant.apache.org/security.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ant.apache.org/security.html" }, { "reference_url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0130.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0130.html" }, { "reference_url": "http://commons.apache.org/compress/security.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://commons.apache.org/compress/security.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081697.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081697.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081746.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081746.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105049.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105049.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105060.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105060.html" }, { "reference_url": "http://packetstormsecurity.org/files/113014/Apache-Commons-Compress-Apache-Ant-Denial-Of-Service.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.org/files/113014/Apache-Commons-Compress-Apache-Ant-Denial-Of-Service.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2098.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2098.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2098", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.032", "scoring_system": "epss", "scoring_elements": "0.87036", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.032", "scoring_system": "epss", "scoring_elements": "0.86948", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.032", "scoring_system": "epss", "scoring_elements": "0.86958", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.032", "scoring_system": "epss", "scoring_elements": "0.86977", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.032", "scoring_system": "epss", "scoring_elements": "0.86969", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.032", "scoring_system": "epss", "scoring_elements": "0.86989", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.032", "scoring_system": "epss", "scoring_elements": "0.86996", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.032", "scoring_system": "epss", "scoring_elements": "0.87009", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.032", "scoring_system": "epss", "scoring_elements": "0.87004", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.032", "scoring_system": "epss", "scoring_elements": "0.86998", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.032", "scoring_system": "epss", "scoring_elements": "0.87014", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.032", "scoring_system": "epss", "scoring_elements": "0.87018", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.032", "scoring_system": "epss", "scoring_elements": "0.87016", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2098" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75857", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75857" }, { "reference_url": "https://github.com/apache/commons-compress", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/commons-compress" }, { "reference_url": "https://github.com/apache/commons-compress/commit/020c03d8ef579e80511023fb46ece30e9c3dd27d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/commons-compress/commit/020c03d8ef579e80511023fb46ece30e9c3dd27d" }, { "reference_url": "https://github.com/apache/commons-compress/commit/0600296ab8f8a0bbdfedd483f51b38005eb8e34e", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/commons-compress/commit/0600296ab8f8a0bbdfedd483f51b38005eb8e34e" }, { "reference_url": "https://github.com/apache/commons-compress/commit/1ce57d976c4f25fe99edcadf079840c278f3cb84", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/commons-compress/commit/1ce57d976c4f25fe99edcadf079840c278f3cb84" }, { "reference_url": "https://github.com/apache/commons-compress/commit/2ab2fcb356753927afaa731b9d2dcc47d3083408", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/commons-compress/commit/2ab2fcb356753927afaa731b9d2dcc47d3083408" }, { "reference_url": "https://github.com/apache/commons-compress/commit/654222e628097763ee6ca561ae77be5c06666173", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/commons-compress/commit/654222e628097763ee6ca561ae77be5c06666173" }, { "reference_url": "https://github.com/apache/commons-compress/commit/6ced422bf5eca3aac05396367bafb33ec21bf74e", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/commons-compress/commit/6ced422bf5eca3aac05396367bafb33ec21bf74e" }, { "reference_url": "https://github.com/apache/commons-compress/commit/6e95697e783767f3549f00d7d2e1b002eac4a3d4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/commons-compress/commit/6e95697e783767f3549f00d7d2e1b002eac4a3d4" }, { "reference_url": "https://github.com/apache/commons-compress/commit/8f702469cbf4c451b6dea349290bc4af0f6f76c7", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/commons-compress/commit/8f702469cbf4c451b6dea349290bc4af0f6f76c7" }, { "reference_url": "https://github.com/apache/commons-compress/commit/b06f7b41c936ef1a79589d16ea5c1d8b93f71f66", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/commons-compress/commit/b06f7b41c936ef1a79589d16ea5c1d8b93f71f66" }, { "reference_url": "https://github.com/apache/commons-compress/commit/cca0e6e5341aacddefd4c4d36cef7cbdbc2a8777", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/commons-compress/commit/cca0e6e5341aacddefd4c4d36cef7cbdbc2a8777" }, { "reference_url": "https://github.com/apache/commons-compress/commit/ea31005111f0abede7e43e4ba0012e62e0808b22", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/commons-compress/commit/ea31005111f0abede7e43e4ba0012e62e0808b22" }, { "reference_url": "https://github.com/apache/commons-compress/commit/fdd7459bc5470e90024dbe762249166481cce769", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/commons-compress/commit/fdd7459bc5470e90024dbe762249166481cce769" }, { "reference_url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@<solr-user.lucene.apache.org>", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@<solr-user.lucene.apache.org>" }, { "reference_url": "https://web.archive.org/web/20130525085523/http://www.securityfocus.com/bid/53676", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130525085523/http://www.securityfocus.com/bid/53676" }, { "reference_url": "https://web.archive.org/web/20140724002926/http://secunia.com/advisories/49286", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140724002926/http://secunia.com/advisories/49286" }, { "reference_url": "https://web.archive.org/web/20140724023114/http://secunia.com/advisories/49255", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140724023114/http://secunia.com/advisories/49255" }, { "reference_url": "https://web.archive.org/web/20200517014414/http://www.securitytracker.com/id?1027096", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200517014414/http://www.securitytracker.com/id?1027096" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/13/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/13/3" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674448", "reference_id": "674448", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674448" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=810406", "reference_id": "810406", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810406" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2098", "reference_id": "CVE-2012-2098", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2098" }, { "reference_url": "https://github.com/advisories/GHSA-6fxm-66hq-fc96", "reference_id": "GHSA-6fxm-66hq-fc96", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6fxm-66hq-fc96" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 310, "name": "Cryptographic Issues", "description": "Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 400, "name": "Uncontrolled Resource Consumption", "description": "The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h5ex-bm2j-fken" }