Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/92810?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/92810?format=api", "purl": "pkg:rpm/redhat/openstack-nova@1:20.4.1-1.20221005193235?arch=el8ost", "type": "rpm", "namespace": "redhat", "name": "openstack-nova", "version": "1:20.4.1-1.20221005193235", "qualifiers": { "arch": "el8ost" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18163?format=api", "vulnerability_id": "VCID-e6ne-73mv-73bc", "summary": "OpenStack Nova vulnerable to unauthorized access to potentially sensitive data\nIn OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40767.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40767.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-40767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74711", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74706", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74704", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74671", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74663", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74627", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74635", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74655", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74632", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74618", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74586", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74612", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74585", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74698", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74662", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-40767" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://launchpad.net/bugs/2071734", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/" } ], "url": "https://launchpad.net/bugs/2071734" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40767", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40767" }, { "reference_url": "https://review.opendev.org/c/openstack/nova/+/924731", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.opendev.org/c/openstack/nova/+/924731" }, { "reference_url": "https://security.openstack.org", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/" } ], "url": "https://security.openstack.org" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2024-002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2024-002.html" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/07/23/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2024/07/23/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297217", "reference_id": "2297217", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297217" }, { "reference_url": "https://github.com/advisories/GHSA-rm86-h44c-2r2m", "reference_id": "GHSA-rm86-h44c-2r2m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rm86-h44c-2r2m" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5082", "reference_id": "RHSA-2024:5082", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5082" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5083", "reference_id": "RHSA-2024:5083", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5083" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5097", "reference_id": "RHSA-2024:5097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5097" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5113", "reference_id": "RHSA-2024:5113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5113" }, { "reference_url": "https://usn.ubuntu.com/6911-1/", "reference_id": "USN-6911-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6911-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2024-40767", "GHSA-rm86-h44c-2r2m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e6ne-73mv-73bc" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openstack-nova@1:20.4.1-1.20221005193235%3Farch=el8ost" }