Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/5849?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5849?format=api", "vulnerability_id": "VCID-dxkq-jhq6-qbad", "summary": "denial of service", "aliases": [ { "alias": "CVE-2020-13934" }, { "alias": "GHSA-vf77-8h7g-gghp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/2649?format=api", "purl": "pkg:alpm/archlinux/tomcat9@9.0.37-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/tomcat9@9.0.37-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/5556?format=api", "purl": "pkg:deb/debian/tomcat9@9.0.43-2~deb11u10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u10" }, { "url": "http://public2.vulnerablecode.io/api/packages/60397?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@8.5.56", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.56" }, { "url": "http://public2.vulnerablecode.io/api/packages/60398?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.36", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.36" }, { "url": "http://public2.vulnerablecode.io/api/packages/60399?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.0.0-M6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M6" }, { "url": "http://public2.vulnerablecode.io/api/packages/60409?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.56", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.56" }, { "url": "http://public2.vulnerablecode.io/api/packages/60410?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.36", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.36" }, { "url": "http://public2.vulnerablecode.io/api/packages/60411?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@10.0.0-M6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@10.0.0-M6" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/2648?format=api", "purl": "pkg:alpm/archlinux/tomcat9@9.0.35-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dxkq-jhq6-qbad" }, { "vulnerability": "VCID-jbh7-zmq6-bfgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/tomcat9@9.0.35-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/5555?format=api", "purl": "pkg:deb/debian/tomcat9@9.0.31-1~deb10u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9e2b-7qtg-tbaj" }, { "vulnerability": "VCID-dxkq-jhq6-qbad" }, { "vulnerability": "VCID-jbh7-zmq6-bfgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.31-1~deb10u6" }, { "url": "http://public2.vulnerablecode.io/api/packages/60394?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@8.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dxkq-jhq6-qbad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60395?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.0-M.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dxkq-jhq6-qbad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0-M.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/60396?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@10.0.0-M1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dxkq-jhq6-qbad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60406?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dxkq-jhq6-qbad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@8.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60407?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.0-M.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dxkq-jhq6-qbad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.0-M.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/60408?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat-coyote@10.0.0-M1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dxkq-jhq6-qbad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@10.0.0-M1" } ], "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934" }, { "reference_url": "https://lists.apache.org/thread.html/r61f411cf82488d6ec213063fc15feeeb88e31b0ca9c29652ee4f962e%40%3Cannounce.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r61f411cf82488d6ec213063fc15feeeb88e31b0ca9c29652ee4f962e%40%3Cannounce.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra072b1f786e7d139e86f1d1145572e0ff71cef38a96d9c6f5362aac8@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/ra072b1f786e7d139e86f1d1145572e0ff71cef38a96d9c6f5362aac8@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200724-0003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200724-0003" }, { "reference_url": "https://usn.ubuntu.com/4596-1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4596-1" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4727", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4727" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://security.archlinux.org/AVG-1205", "reference_id": "AVG-1205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1205" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13934", "reference_id": "CVE-2020-13934", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13934" }, { "reference_url": "https://github.com/advisories/GHSA-vf77-8h7g-gghp", "reference_id": "GHSA-vf77-8h7g-gghp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vf77-8h7g-gghp" } ], "weaknesses": [ { "cwe_id": 119, "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer", "description": "The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer." }, { "cwe_id": 476, "name": "NULL Pointer Dereference", "description": "A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dxkq-jhq6-qbad" }