Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/14137?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14137?format=api", "vulnerability_id": "VCID-g5zu-bvtd-vua4", "summary": "Cross-Site Request Forgery (CSRF)\nCross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.", "aliases": [ { "alias": "CVE-2007-4724" }, { "alias": "GHSA-g77g-vjjm-x83j" } ], "fixed_packages": [], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1533?format=api", "purl": "pkg:maven/org.apache.tomcat/tomcat@4.1.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18j8-kwdv-dyak" }, { "vulnerability": "VCID-2jnv-segx-zkfd" }, { "vulnerability": "VCID-86ur-vudp-4yc2" }, { "vulnerability": "VCID-bhq7-d545-27bj" }, { "vulnerability": "VCID-fvvt-kufu-k3a6" }, { "vulnerability": "VCID-g5zu-bvtd-vua4" }, { "vulnerability": "VCID-q7jp-hn4a-4kec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@4.1.31" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4724", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00682", "scoring_system": "epss", "scoring_elements": "0.71639", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00682", "scoring_system": "epss", "scoring_elements": "0.71635", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00682", "scoring_system": "epss", "scoring_elements": "0.71653", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00682", "scoring_system": "epss", "scoring_elements": "0.71648", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00682", "scoring_system": "epss", "scoring_elements": "0.71622", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00682", "scoring_system": "epss", "scoring_elements": "0.71567", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00682", "scoring_system": "epss", "scoring_elements": "0.71573", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00682", "scoring_system": "epss", "scoring_elements": "0.71591", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00682", "scoring_system": "epss", "scoring_elements": "0.71564", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00682", "scoring_system": "epss", "scoring_elements": "0.71604", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00682", "scoring_system": "epss", "scoring_elements": "0.71615", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00778", "scoring_system": "epss", "scoring_elements": "0.73814", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00778", "scoring_system": "epss", "scoring_elements": "0.7372", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00778", "scoring_system": "epss", "scoring_elements": "0.73746", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00778", "scoring_system": "epss", "scoring_elements": "0.73769", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00778", "scoring_system": "epss", "scoring_elements": "0.73733", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00778", "scoring_system": "epss", "scoring_elements": "0.73756", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00778", "scoring_system": "epss", "scoring_elements": "0.73717", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00778", "scoring_system": "epss", "scoring_elements": "0.73727", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00778", "scoring_system": "epss", "scoring_elements": "0.73728", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4724" }, { "reference_url": "https://web.archive.org/web/20070911063436/http://securityreason.com/securityalert/3094", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20070911063436/http://securityreason.com/securityalert/3094" }, { "reference_url": "https://web.archive.org/web/20081006123851/http://archives.neohapsis.com/archives/bugtraq/2007-09/0040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20081006123851/http://archives.neohapsis.com/archives/bugtraq/2007-09/0040.html" }, { "reference_url": "https://web.archive.org/web/20200526022330/http://www.securityfocus.com/archive/1/478491/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200526022330/http://www.securityfocus.com/archive/1/478491/100/0/threaded" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4724", "reference_id": "CVE-2007-4724", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4724" }, { "reference_url": "https://github.com/advisories/GHSA-g77g-vjjm-x83j", "reference_id": "GHSA-g77g-vjjm-x83j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g77g-vjjm-x83j" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 352, "name": "Cross-Site Request Forgery (CSRF)", "description": "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g5zu-bvtd-vua4" }