Package Instance

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/53465?format=api",
    "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.13",
    "type": "maven",
    "namespace": "org.apache.tomcat.embed",
    "name": "tomcat-embed-core",
    "version": "8.5.13",
    "qualifiers": {},
    "subpath": "",
    "is_vulnerable": false,
    "next_non_vulnerable_version": "8.5.16",
    "latest_non_vulnerable_version": "11.0.0-M12",
    "affected_by_vulnerabilities": [],
    "fixing_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38548?format=api",
            "vulnerability_id": "VCID-3nsr-9s9y-ckft",
            "summary": "Improper Resource Shutdown or Release\nThe handling of an HTTP/2 `GOAWAY` frame for a connection did not close streams associated with that connection that were currently waiting for a `WINDOW_UPDATE` before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads.",
            "references": [
                {
                    "reference_url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/d24303fb095db072740d8154b0f0db3f2b8f67bc91a0562dbe89c738@%3Cannounce.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/d24303fb095db072740d8154b0f0db3f2b8f67bc91a0562dbe89c738@%3Cannounce.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201705-09",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/201705-09"
                },
                {
                    "reference_url": "https://security.netapp.com/advisory/ntap-20180614-0001/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.netapp.com/advisory/ntap-20180614-0001/"
                },
                {
                    "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
                },
                {
                    "reference_url": "http://www.securityfocus.com/bid/97531",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://www.securityfocus.com/bid/97531"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5650",
                    "reference_id": "CVE-2017-5650",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5650"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-9785-w233-x6hv",
                    "reference_id": "GHSA-9785-w233-x6hv",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-9785-w233-x6hv"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/53465?format=api",
                    "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.13",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.13"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/53461?format=api",
                    "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1"
                }
            ],
            "aliases": [
                "CVE-2017-5650",
                "GHSA-9785-w233-x6hv"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3nsr-9s9y-ckft"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38547?format=api",
            "vulnerability_id": "VCID-4nx6-t8vd-bqcu",
            "summary": "Information Exposure\nThe refactoring of the HTTP connectors introduced a regression in the send file processing. If the file processing completed quickly, it is possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.",
            "references": [
                {
                    "reference_url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=60918",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=60918"
                },
                {
                    "reference_url": "https://github.com/apache/tomcat",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/apache/tomcat"
                },
                {
                    "reference_url": "https://github.com/apache/tomcat/commit/494429ca210641b6b7affe89a2b0a6c0ff70109b",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/apache/tomcat/commit/494429ca210641b6b7affe89a2b0a6c0ff70109b"
                },
                {
                    "reference_url": "https://github.com/apache/tomcat/commit/9233d9d6a018be4415d4d7d6cb4fe01176adf1a8",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/apache/tomcat/commit/9233d9d6a018be4415d4d7d6cb4fe01176adf1a8"
                },
                {
                    "reference_url": "https://github.com/search?q=repo%3Aapache%2Ftomcat+apache.coyote+path%3A%2F%5Eres%5C%2Fbnd%5C%2F%2F&type=code",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/search?q=repo%3Aapache%2Ftomcat+apache.coyote+path%3A%2F%5Eres%5C%2Fbnd%5C%2F%2F&type=code"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/6694538826b87522fb723d2dcedd537e14ebe0a381d92e5525a531d8@%3Cannounce.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/6694538826b87522fb723d2dcedd537e14ebe0a381d92e5525a531d8@%3Cannounce.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/6694538826b87522fb723d2dcedd537e14ebe0a381d92e5525a531d8%40%3Cannounce.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/6694538826b87522fb723d2dcedd537e14ebe0a381d92e5525a531d8%40%3Cannounce.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201705-09",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/201705-09"
                },
                {
                    "reference_url": "https://security.netapp.com/advisory/ntap-20180614-0001",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.netapp.com/advisory/ntap-20180614-0001"
                },
                {
                    "reference_url": "https://security.netapp.com/advisory/ntap-20180614-0001/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.netapp.com/advisory/ntap-20180614-0001/"
                },
                {
                    "reference_url": "https://web.archive.org/web/20170417124228/http://www.securityfocus.com/bid/97544",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://web.archive.org/web/20170417124228/http://www.securityfocus.com/bid/97544"
                },
                {
                    "reference_url": "https://web.archive.org/web/20170420113605/http://www.securitytracker.com/id/1038219",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://web.archive.org/web/20170420113605/http://www.securitytracker.com/id/1038219"
                },
                {
                    "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
                },
                {
                    "reference_url": "http://www.securityfocus.com/bid/97544",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://www.securityfocus.com/bid/97544"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5651",
                    "reference_id": "CVE-2017-5651",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5651"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-9hg2-395j-83rm",
                    "reference_id": "GHSA-9hg2-395j-83rm",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-9hg2-395j-83rm"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/53465?format=api",
                    "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.13",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.13"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/53461?format=api",
                    "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.1"
                }
            ],
            "aliases": [
                "CVE-2017-5651",
                "GHSA-9hg2-395j-83rm"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4nx6-t8vd-bqcu"
        }
    ],
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.13"
}