{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80988?format=json","vulnerability_id":"VCID-5w1k-ccx8-pqfe","summary":"JDK: Information disclosure via calls to System.arraycopy() with invalid length","aliases":[{"alias":"CVE-2019-17639"}],"fixed_packages":[],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/102661?format=json","purl":"pkg:rpm/redhat/java-1.7.1-ibm@1:1.7.1.4.70-1jpp.1?arch=el6_10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nr6-3bq8-nbfn"},{"vulnerability":"VCID-2ggq-ccut-5ycs"},{"vulnerability":"VCID-4trq-2j9e-bbfd"},{"vulnerability":"VCID-5w1k-ccx8-pqfe"},{"vulnerability":"VCID-k3xn-hbrs-nkab"},{"vulnerability":"VCID-tpng-ppye-m7hv"},{"vulnerability":"VCID-wfjr-ddp6-mkd5"},{"vulnerability":"VCID-y8wp-rpgd-kfht"},{"vulnerability":"VCID-yqsu-y2mw-pqgt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/java-1.7.1-ibm@1:1.7.1.4.70-1jpp.1%3Farch=el6_10"},{"url":"http://public2.vulnerablecode.io/api/packages/102663?format=json","purl":"pkg:rpm/redhat/java-1.7.1-ibm@1:1.7.1.4.70-1jpp.1?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nr6-3bq8-nbfn"},{"vulnerability":"VCID-2ggq-ccut-5ycs"},{"vulnerability":"VCID-4trq-2j9e-bbfd"},{"vulnerability":"VCID-5w1k-ccx8-pqfe"},{"vulnerability":"VCID-k3xn-hbrs-nkab"},{"vulnerability":"VCID-tpng-ppye-m7hv"},{"vulnerability":"VCID-wfjr-ddp6-mkd5"},{"vulnerability":"VCID-y8wp-rpgd-kfht"},{"vulnerability":"VCID-yqsu-y2mw-pqgt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/java-1.7.1-ibm@1:1.7.1.4.70-1jpp.1%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/102662?format=json","purl":"pkg:rpm/redhat/java-1.8.0-ibm@1:1.8.0.6.15-1?arch=el8_2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nr6-3bq8-nbfn"},{"vulnerability":"VCID-2ggq-ccut-5ycs"},{"vulnerability":"VCID-4trq-2j9e-bbfd"},{"vulnerability":"VCID-5w1k-ccx8-pqfe"},{"vulnerability":"VCID-k3xn-hbrs-nkab"},{"vulnerability":"VCID-tekc-e66p-tyba"},{"vulnerability":"VCID-tpng-ppye-m7hv"},{"vulnerability":"VCID-wfjr-ddp6-mkd5"},{"vulnerability":"VCID-y8wp-rpgd-kfht"},{"vulnerability":"VCID-yqsu-y2mw-pqgt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/java-1.8.0-ibm@1:1.8.0.6.15-1%3Farch=el8_2"},{"url":"http://public2.vulnerablecode.io/api/packages/101556?format=json","purl":"pkg:rpm/redhat/java-1.8.0-ibm@1:1.8.0.6.20-1jpp.1?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nr6-3bq8-nbfn"},{"vulnerability":"VCID-2ggq-ccut-5ycs"},{"vulnerability":"VCID-3v2y-qzfu-nydb"},{"vulnerability":"VCID-4trq-2j9e-bbfd"},{"vulnerability":"VCID-5w1k-ccx8-pqfe"},{"vulnerability":"VCID-7913-mqsn-3bd8"},{"vulnerability":"VCID-k3xn-hbrs-nkab"},{"vulnerability":"VCID-tekc-e66p-tyba"},{"vulnerability":"VCID-tpng-ppye-m7hv"},{"vulnerability":"VCID-upb2-1jmf-3udy"},{"vulnerability":"VCID-wfjr-ddp6-mkd5"},{"vulnerability":"VCID-y8wp-rpgd-kfht"},{"vulnerability":"VCID-yqsu-y2mw-pqgt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/java-1.8.0-ibm@1:1.8.0.6.20-1jpp.1%3Farch=el7"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17639.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17639.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17639","reference_id":"","reference_type":"","scores":[{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70256","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70268","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70285","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70261","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70307","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70322","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70345","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.7033","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70317","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.7036","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.7037","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70351","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70403","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70411","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.7041","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70382","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70423","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70454","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70449","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.705","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17639"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1866497","reference_id":"1866497","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1866497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3386","reference_id":"RHSA-2020:3386","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3386"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3387","reference_id":"RHSA-2020:3387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3388","reference_id":"RHSA-2020:3388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3388"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5585","reference_id":"RHSA-2020:5585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5585"}],"weaknesses":[{"cwe_id":200,"name":"Exposure of Sensitive Information to an Unauthorized Actor","description":"The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information."}],"exploits":[],"severity_range_score":"5.3 - 5.3","exploitability":"0.5","weighted_severity":"4.8","risk_score":2.4,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5w1k-ccx8-pqfe"}