Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/17867?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17867?format=api", "vulnerability_id": "VCID-kskh-z2dm-nkg5", "summary": "Uncontrolled Resource Consumption\nDecoding of invalid/partial JSON data such as `[` causes the JVM to crash with an `java.lang.StackOverflowError` exception.", "aliases": [ { "alias": "GMS-2023-1111" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57934?format=api", "purl": "pkg:maven/org.json/json@20180130", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20180130" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/346432?format=api", "purl": "pkg:maven/org.json/json@20070829", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20070829" }, { "url": "http://public2.vulnerablecode.io/api/packages/346433?format=api", "purl": "pkg:maven/org.json/json@20080701", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20080701" }, { "url": "http://public2.vulnerablecode.io/api/packages/346434?format=api", "purl": "pkg:maven/org.json/json@20090211", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20090211" }, { "url": "http://public2.vulnerablecode.io/api/packages/346435?format=api", "purl": "pkg:maven/org.json/json@20131018", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20131018" }, { "url": "http://public2.vulnerablecode.io/api/packages/346436?format=api", "purl": "pkg:maven/org.json/json@20140107", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20140107" }, { "url": "http://public2.vulnerablecode.io/api/packages/346437?format=api", "purl": "pkg:maven/org.json/json@20141113", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20141113" }, { "url": "http://public2.vulnerablecode.io/api/packages/346438?format=api", "purl": "pkg:maven/org.json/json@20150729", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20150729" }, { "url": "http://public2.vulnerablecode.io/api/packages/346439?format=api", "purl": "pkg:maven/org.json/json@20151123", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20151123" }, { "url": "http://public2.vulnerablecode.io/api/packages/346440?format=api", "purl": "pkg:maven/org.json/json@20160212", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20160212" }, { "url": "http://public2.vulnerablecode.io/api/packages/346441?format=api", "purl": "pkg:maven/org.json/json@20160807", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20160807" }, { "url": "http://public2.vulnerablecode.io/api/packages/346442?format=api", "purl": "pkg:maven/org.json/json@20160810", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20160810" }, { "url": "http://public2.vulnerablecode.io/api/packages/346443?format=api", "purl": "pkg:maven/org.json/json@20170516", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20170516" }, { "url": "http://public2.vulnerablecode.io/api/packages/346444?format=api", "purl": "pkg:maven/org.json/json@20171018", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20171018" } ], "references": [ { "reference_url": "https://github.com/stleary/JSON-java/issues/372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/stleary/JSON-java/issues/372" }, { "reference_url": "https://github.com/stleary/JSON-java/pull/373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/stleary/JSON-java/pull/373" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kskh-z2dm-nkg5" }