Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/41742?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41742?format=api", "vulnerability_id": "VCID-8guh-62t7-myct", "summary": "Improper Check for Dropped Privileges\nIn Apache Ozone, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.", "aliases": [ { "alias": "CVE-2021-36372" }, { "alias": "GHSA-86fh-j58m-7pf5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59592?format=api", "purl": "pkg:maven/org.apache.ozone/ozone@1.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-tn1x-ecrj-1yea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ozone/ozone@1.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/59632?format=api", "purl": "pkg:maven/org.apache.ozone/ozone-main@1.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-tn1x-ecrj-1yea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ozone/ozone-main@1.2.0" } ], "affected_packages": [], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36372", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57319", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57372", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57356", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57381", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57371", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57369", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36372" }, { "reference_url": "https://github.com/apache/ozone", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/ozone" }, { "reference_url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C5029c1ac-4685-8492-e3cb-ab48c5c370cf%40apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C5029c1ac-4685-8492-e3cb-ab48c5c370cf%40apache.org%3E" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/11/19/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/11/19/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36372", "reference_id": "CVE-2021-36372", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36372" }, { "reference_url": "https://github.com/advisories/GHSA-86fh-j58m-7pf5", "reference_id": "GHSA-86fh-j58m-7pf5", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-86fh-j58m-7pf5" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 273, "name": "Improper Check for Dropped Privileges", "description": "The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8guh-62t7-myct" }