{"url":"http://public2.vulnerablecode.io/api/packages/380018?format=json","purl":"pkg:maven/io.apiman/apiman-manager-api-impl@3.0.0.Final","type":"maven","namespace":"io.apiman","name":"apiman-manager-api-impl","version":"3.0.0.Final","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360910?format=json","vulnerability_id":"VCID-q124-p4ag-zkck","summary":"Apiman Manager API affected by Jackson denial of service vulnerability\n### Impact\n\nDue to a vulnerability in `jackson-databind <= 2.12.6.0`, an authenticated attacker could craft an Apiman policy configuration which, when saved, may cause a denial of service on the Apiman Manager API.\n\nThis does **not** affect the Apiman Gateway.\n\n### Patches\n\nUpgrade to Apiman 3.0.0.Final or later.\n\nIf you are using an older version of Apiman and need to remain on that version, contact your Apiman [support provider](https://www.apiman.io/support.html) for advice/long-term support.\n\n### Workarounds\n\nIf all users of the Apiman Manager are trusted then you may assess this is low risk, as an account is required to exploit the vulnerability.\n\n### References\n\n* Apiman maintainer and security contact: marc@blackparrotlabs.io\n* https://nvd.nist.gov/vuln/detail/CVE-2020-36518\n* https://github.com/FasterXML/jackson-databind/issues/2816","references":[{"reference_url":"https://github.com/apiman/apiman","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apiman/apiman"},{"reference_url":"https://github.com/apiman/apiman/security/advisories/GHSA-q95j-488q-5q3p","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apiman/apiman/security/advisories/GHSA-q95j-488q-5q3p"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36518","reference_id":"CVE-2020-36518","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36518"},{"reference_url":"https://github.com/advisories/GHSA-q95j-488q-5q3p","reference_id":"GHSA-q95j-488q-5q3p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q95j-488q-5q3p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380018?format=json","purl":"pkg:maven/io.apiman/apiman-manager-api-impl@3.0.0.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.apiman/apiman-manager-api-impl@3.0.0.Final"}],"aliases":["GHSA-q95j-488q-5q3p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q124-p4ag-zkck"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.apiman/apiman-manager-api-impl@3.0.0.Final"}