Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/92483?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92483?format=api", "vulnerability_id": "VCID-kwvv-s1tz-zucm", "summary": "Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.", "aliases": [ { "alias": "CVE-2019-6706" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/115461?format=api", "purl": "pkg:deb/debian/lua50@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua50@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/115460?format=api", "purl": "pkg:deb/debian/lua50@5.0.3-8.1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua50@5.0.3-8.1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/115435?format=api", "purl": "pkg:deb/debian/lua5.1@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.1@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/115434?format=api", "purl": "pkg:deb/debian/lua5.1@5.1.5-11?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.1@5.1.5-11%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/115433?format=api", "purl": "pkg:deb/debian/lua5.1@5.1.5-12?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.1@5.1.5-12%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/115432?format=api", "purl": "pkg:deb/debian/lua5.1@5.1.5-8.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.1@5.1.5-8.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/115430?format=api", "purl": "pkg:deb/debian/lua5.1@5.1.5-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.1@5.1.5-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/115441?format=api", "purl": "pkg:deb/debian/lua5.2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/115439?format=api", "purl": "pkg:deb/debian/lua5.2@5.2.4-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.2@5.2.4-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/115437?format=api", "purl": "pkg:deb/debian/lua5.2@5.2.4-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.2@5.2.4-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/115440?format=api", "purl": "pkg:deb/debian/lua5.2@5.2.4-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.2@5.2.4-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/115445?format=api", "purl": "pkg:deb/debian/lua5.3@5.3.3-1.1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.3@5.3.3-1.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/115444?format=api", "purl": "pkg:deb/debian/lua5.3@5.3.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.3@5.3.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/115443?format=api", "purl": "pkg:deb/debian/lua5.3@5.3.6-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.3@5.3.6-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/115446?format=api", "purl": "pkg:deb/debian/lua5.3@5.3.6-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.3@5.3.6-3%3Fdistro=trixie" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/146011?format=api", "purl": "pkg:rpm/redhat/lua@5.3.4-11?arch=el8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kwvv-s1tz-zucm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/lua@5.3.4-11%3Farch=el8" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6706.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6706.json" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1670019", "reference_id": "1670019", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1670019" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920321", "reference_id": "920321", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3706", "reference_id": "RHSA-2019:3706", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3706" } ], "weaknesses": [ { "cwe_id": 416, "name": "Use After Free", "description": "Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code." } ], "exploits": [], "severity_range_score": "7.5 - 7.5", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kwvv-s1tz-zucm" }