GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/57774?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57774?format=api",
    "vulnerability_id": "VCID-kw21-aerf-wkgn",
    "summary": "This vulnerability exists in Shilpi Client Dashboard due to lack of rate limiting and Captcha protection for OTP requests in certain API endpoint. An unauthenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints, which could lead to the OTP bombing on the targeted system.",
    "aliases": [
        {
            "alias": "CVE-2024-47654"
        }
    ],
    "fixed_packages": [],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47654",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "0.0062",
                    "scoring_system": "epss",
                    "scoring_elements": "0.70518",
                    "published_at": "2026-06-11T12:55:00Z"
                },
                {
                    "value": "0.0062",
                    "scoring_system": "epss",
                    "scoring_elements": "0.70608",
                    "published_at": "2026-06-12T12:55:00Z"
                }
            ],
            "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47654"
        },
        {
            "reference_url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0313",
            "reference_id": "s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0313",
            "reference_type": "",
            "scores": [
                {
                    "value": "7.1",
                    "scoring_system": "cvssv4",
                    "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
                },
                {
                    "value": "Track",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T14:09:00Z/"
                }
            ],
            "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0313"
        }
    ],
    "weaknesses": [
        {
            "cwe_id": 799,
            "name": "Improper Control of Interaction Frequency",
            "description": "The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests."
        }
    ],
    "exploits": [],
    "severity_range_score": "7.1 - 7.1",
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kw21-aerf-wkgn"
}