Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/19426?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19426?format=api", "vulnerability_id": "VCID-m8tp-xd4z-d3g7", "summary": "Duplicate Advisory: Denial of Service in JSON-Java\n## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-4jq9-2xhw-jpx7. This link is maintained to preserve external references.\n\n## Original Description\nDenial of Service in JSON-Java versions prior to 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.", "aliases": [ { "alias": "GHSA-rm7j-f5g5-27vv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60522?format=api", "purl": "pkg:maven/org.json/json@20231013", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20231013" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/346432?format=api", "purl": "pkg:maven/org.json/json@20070829", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20070829" }, { "url": "http://public2.vulnerablecode.io/api/packages/346433?format=api", "purl": "pkg:maven/org.json/json@20080701", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20080701" }, { "url": "http://public2.vulnerablecode.io/api/packages/346434?format=api", "purl": "pkg:maven/org.json/json@20090211", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20090211" }, { "url": "http://public2.vulnerablecode.io/api/packages/346435?format=api", "purl": "pkg:maven/org.json/json@20131018", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20131018" }, { "url": "http://public2.vulnerablecode.io/api/packages/346436?format=api", "purl": "pkg:maven/org.json/json@20140107", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20140107" }, { "url": "http://public2.vulnerablecode.io/api/packages/346437?format=api", "purl": "pkg:maven/org.json/json@20141113", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20141113" }, { "url": "http://public2.vulnerablecode.io/api/packages/346438?format=api", "purl": "pkg:maven/org.json/json@20150729", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20150729" }, { "url": "http://public2.vulnerablecode.io/api/packages/346439?format=api", "purl": "pkg:maven/org.json/json@20151123", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20151123" }, { "url": "http://public2.vulnerablecode.io/api/packages/346440?format=api", "purl": "pkg:maven/org.json/json@20160212", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20160212" }, { "url": "http://public2.vulnerablecode.io/api/packages/346441?format=api", "purl": "pkg:maven/org.json/json@20160807", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20160807" }, { "url": "http://public2.vulnerablecode.io/api/packages/346442?format=api", "purl": "pkg:maven/org.json/json@20160810", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20160810" }, { "url": "http://public2.vulnerablecode.io/api/packages/346443?format=api", "purl": "pkg:maven/org.json/json@20170516", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20170516" }, { "url": "http://public2.vulnerablecode.io/api/packages/346444?format=api", "purl": "pkg:maven/org.json/json@20171018", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-kskh-z2dm-nkg5" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20171018" }, { "url": "http://public2.vulnerablecode.io/api/packages/57934?format=api", "purl": "pkg:maven/org.json/json@20180130", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20180130" }, { "url": "http://public2.vulnerablecode.io/api/packages/346445?format=api", "purl": "pkg:maven/org.json/json@20180813", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20180813" }, { "url": "http://public2.vulnerablecode.io/api/packages/346446?format=api", "purl": "pkg:maven/org.json/json@20190722", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" }, { "vulnerability": "VCID-z7rn-5t92-jyem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20190722" }, { "url": "http://public2.vulnerablecode.io/api/packages/57928?format=api", "purl": "pkg:maven/org.json/json@20200518", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20200518" }, { "url": "http://public2.vulnerablecode.io/api/packages/346447?format=api", "purl": "pkg:maven/org.json/json@20201115", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20201115" }, { "url": "http://public2.vulnerablecode.io/api/packages/346448?format=api", "purl": "pkg:maven/org.json/json@20210307", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20210307" }, { "url": "http://public2.vulnerablecode.io/api/packages/346449?format=api", "purl": "pkg:maven/org.json/json@20211205", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-41pg-3cdb-jqee" }, { "vulnerability": "VCID-5xm4-tyx3-wudu" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20211205" }, { "url": "http://public2.vulnerablecode.io/api/packages/346450?format=api", "purl": "pkg:maven/org.json/json@20220320", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20220320" }, { "url": "http://public2.vulnerablecode.io/api/packages/346493?format=api", "purl": "pkg:maven/org.json/json@20220924", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32wz-1tnx-5qep" }, { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20220924" }, { "url": "http://public2.vulnerablecode.io/api/packages/80509?format=api", "purl": "pkg:maven/org.json/json@20230227", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20230227" }, { "url": "http://public2.vulnerablecode.io/api/packages/581582?format=api", "purl": "pkg:maven/org.json/json@20230618", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m8tp-xd4z-d3g7" }, { "vulnerability": "VCID-tp9p-km7u-wbd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20230618" } ], "references": [ { "reference_url": "https://github.com/stleary/JSON-java", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/stleary/JSON-java" }, { "reference_url": "https://github.com/stleary/JSON-java/commit/60662e2f8384d3449822a3a1179bfe8de67b55bb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/stleary/JSON-java/commit/60662e2f8384d3449822a3a1179bfe8de67b55bb" }, { "reference_url": "https://github.com/stleary/JSON-java/issues/758", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/stleary/JSON-java/issues/758" }, { "reference_url": "https://github.com/stleary/JSON-java/issues/771", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/stleary/JSON-java/issues/771" }, { "reference_url": "https://github.com/stleary/JSON-java/pull/759", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/stleary/JSON-java/pull/759" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240621-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240621-0007" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/13/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/13/4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5072", "reference_id": "CVE-2023-5072", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5072" }, { "reference_url": "https://github.com/google/security-research/security/advisories/GHSA-4jq9-2xhw-jpx7", "reference_id": "GHSA-4jq9-2xhw-jpx7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/google/security-research/security/advisories/GHSA-4jq9-2xhw-jpx7" }, { "reference_url": "https://github.com/advisories/GHSA-rm7j-f5g5-27vv", "reference_id": "GHSA-rm7j-f5g5-27vv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rm7j-f5g5-27vv" } ], "weaknesses": [ { "cwe_id": 770, "name": "Allocation of Resources Without Limits or Throttling", "description": "The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m8tp-xd4z-d3g7" }