Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/52911?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52911?format=api", "vulnerability_id": "VCID-cjdq-8bzy-8uft", "summary": "Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion)\nThe Management Console in WSO2 API Manager allows XML External Entity injection (XXE) attacks.", "aliases": [ { "alias": "CVE-2020-24589" } ], "fixed_packages": [], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61435?format=api", "purl": "pkg:maven/org.wso2.am.microgw/org.wso2.micro.gateway.core@2.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ubv-cmf7-3ffv" }, { "vulnerability": "VCID-afh6-1arv-wkbk" }, { "vulnerability": "VCID-cjdq-8bzy-8uft" }, { "vulnerability": "VCID-cs6r-dpvb-r7bw" }, { "vulnerability": "VCID-dwym-rb1b-8fd5" }, { "vulnerability": "VCID-mpxj-zk4u-mkdq" }, { "vulnerability": "VCID-snaq-p5fe-qfeu" }, { "vulnerability": "VCID-sp1k-1yzm-d7au" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.wso2.am.microgw/org.wso2.micro.gateway.core@2.2.0" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24589", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90156", "scoring_system": "epss", "scoring_elements": "0.99605", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.90156", "scoring_system": "epss", "scoring_elements": "0.99606", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24589" }, { "reference_url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24589", "reference_id": "CVE-2020-24589", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24589" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 776, "name": "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", "description": "The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": null, "exploitability": "2.0", "weighted_severity": "0.8", "risk_score": 1.6, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cjdq-8bzy-8uft" }