Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/578249?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/578249?format=api", "purl": "pkg:maven/org.apache.jackrabbit/jackrabbit-core@1.4.10", "type": "maven", "namespace": "org.apache.jackrabbit", "name": "jackrabbit-core", "version": "1.4.10", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.22.2", "latest_non_vulnerable_version": "2.23.2-beta", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58087?format=api", "vulnerability_id": "VCID-4ms6-rggq-dqhn", "summary": "Apache Jackrabbit: Core and JCR Commons are vulnerable to Deserialization of Untrusted Data\nThere is a serialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons.\n\nThis issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1.\n\nDeployments that accept JNDI URIs for JCR lookup from untrusted users allows them to inject malicious JNDI references, potentially leading to arbitrary code execution through deserialization of untrusted data. Users are recommended to upgrade to version 2.22.2. JCR lookup through JNDI has been disabled by default in 2.22.2. Users of this feature need to enable it explicitly and are adviced to review their use of JNDI URI for JCR lookup.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58782.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58782.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58782", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00579", "scoring_system": "epss", "scoring_elements": "0.69285", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00579", "scoring_system": "epss", "scoring_elements": "0.69281", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00579", "scoring_system": "epss", "scoring_elements": "0.69289", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00579", "scoring_system": "epss", "scoring_elements": "0.6928", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00579", "scoring_system": "epss", "scoring_elements": "0.69265", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58782" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58782", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58782" }, { "reference_url": "https://github.com/apache/jackrabbit", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/jackrabbit" }, { "reference_url": "https://github.com/apache/jackrabbit/pull/229", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/jackrabbit/pull/229" }, { "reference_url": "https://issues.apache.org/jira/browse/JCR-5135", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/JCR-5135" }, { "reference_url": "https://lists.apache.org/thread/t4wdrost6dh17dh406g792j9wq6xmy6v", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-08T19:54:59Z/" } ], "url": "https://lists.apache.org/thread/t4wdrost6dh17dh406g792j9wq6xmy6v" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/09/06/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/09/06/3" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114861", "reference_id": "1114861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393816", "reference_id": "2393816", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393816" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58782", "reference_id": "CVE-2025-58782", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58782" }, { "reference_url": "https://github.com/advisories/GHSA-cxvc-g8f2-4gmm", "reference_id": "GHSA-cxvc-g8f2-4gmm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cxvc-g8f2-4gmm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86451?format=api", "purl": "pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.22.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.22.2" } ], "aliases": [ "CVE-2025-58782", "GHSA-cxvc-g8f2-4gmm" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4ms6-rggq-dqhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44034?format=api", "vulnerability_id": "VCID-gf7s-hs5a-sbbz", "summary": "Improper Input Validation\nXML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.", "references": [ { "reference_url": "http://mail-archives.apache.org/mod_mbox/jackrabbit-announce/201505.mbox/%3C555DA644.8080908%40greenbytes.de%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://mail-archives.apache.org/mod_mbox/jackrabbit-announce/201505.mbox/%3C555DA644.8080908%40greenbytes.de%3E" }, { "reference_url": "http://packetstormsecurity.com/files/132005/Jackrabbit-WebDAV-XXE-Injection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/132005/Jackrabbit-WebDAV-XXE-Injection.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1833.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1833.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1833", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.31034", "scoring_system": "epss", "scoring_elements": "0.96846", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.31034", "scoring_system": "epss", "scoring_elements": "0.96845", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.31034", "scoring_system": "epss", "scoring_elements": "0.96841", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.31034", "scoring_system": "epss", "scoring_elements": "0.96837", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.31034", "scoring_system": "epss", "scoring_elements": "0.9685", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1833" }, { "reference_url": "https://github.com/apache/jackrabbit", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/jackrabbit" }, { "reference_url": "https://github.com/apache/jackrabbit/commit/17e9f68f5a3f05ded20569777a7b07422680612d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/jackrabbit/commit/17e9f68f5a3f05ded20569777a7b07422680612d" }, { "reference_url": "https://github.com/apache/jackrabbit/commit/26e601934d0f439f0a61d62265f52936d79df40d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/jackrabbit/commit/26e601934d0f439f0a61d62265f52936d79df40d" }, { "reference_url": "https://github.com/apache/jackrabbit/commit/3903739363b79deb7579802fbc27b9b7448218b2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/jackrabbit/commit/3903739363b79deb7579802fbc27b9b7448218b2" }, { "reference_url": "https://github.com/apache/jackrabbit/commit/6191b366c607e65325a0116097aca8a359b36486", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/jackrabbit/commit/6191b366c607e65325a0116097aca8a359b36486" }, { "reference_url": "https://github.com/apache/jackrabbit/commit/89c5c4ed6ab250ad609829517f167d2dbe0abdd0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/jackrabbit/commit/89c5c4ed6ab250ad609829517f167d2dbe0abdd0" }, { "reference_url": "https://github.com/apache/jackrabbit/commit/b7fa1ae39641936872617ff95363353b0345b777", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/jackrabbit/commit/b7fa1ae39641936872617ff95363353b0345b777" }, { "reference_url": "https://github.com/apache/jackrabbit/commit/ddf9a3cd408397d0805917299c4114b09449373d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/jackrabbit/commit/ddf9a3cd408397d0805917299c4114b09449373d" }, { "reference_url": "https://issues.apache.org/jira/browse/JCR-3883", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/JCR-3883" }, { "reference_url": "https://www.exploit-db.com/exploits/37110", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/37110" }, { "reference_url": "https://www.exploit-db.com/exploits/37110/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/37110/" }, { "reference_url": "http://www.apache.org/dist/jackrabbit/2.10.1/RELEASE-NOTES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.apache.org/dist/jackrabbit/2.10.1/RELEASE-NOTES.txt" }, { "reference_url": "http://www.debian.org/security/2015/dsa-3298", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2015/dsa-3298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223883", "reference_id": "1223883", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223883" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787316", "reference_id": "787316", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787316" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1833", "reference_id": "CVE-2015-1833", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1833" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37110.py", "reference_id": "CVE-2015-1833;OSVDB-122382", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37110.py" }, { "reference_url": "https://github.com/advisories/GHSA-9284-j4c9-779q", "reference_id": "GHSA-9284-j4c9-779q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9284-j4c9-779q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63309?format=api", "purl": "pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.0.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/578271?format=api", "purl": "pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ms6-rggq-dqhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/63310?format=api", "purl": "pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/578283?format=api", "purl": "pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ms6-rggq-dqhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/63311?format=api", "purl": "pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ms6-rggq-dqhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/63312?format=api", "purl": "pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.6.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ms6-rggq-dqhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.6.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/63313?format=api", "purl": "pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ms6-rggq-dqhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/63314?format=api", "purl": "pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ms6-rggq-dqhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.10.1" } ], "aliases": [ "CVE-2015-1833", "GHSA-9284-j4c9-779q" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gf7s-hs5a-sbbz" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@1.4.10" }