Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/84536?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84536?format=api", "vulnerability_id": "VCID-zwej-9qeh-aqbk", "summary": "Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability\nUnrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1.\n\nPixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content.\n\nUsers are recommended to upgrade to version 1.2.5, which fixes the issue.", "aliases": [ { "alias": "CVE-2024-22393" }, { "alias": "GHSA-rmqp-mvv2-54c6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/107622?format=api", "purl": "pkg:golang/github.com/apache/incubator-answer@1.2.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:golang/github.com/apache/incubator-answer@1.2.5" } ], "affected_packages": [], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22393", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.26731", "scoring_system": "epss", "scoring_elements": "0.96452", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.26731", "scoring_system": "epss", "scoring_elements": "0.9646", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.26731", "scoring_system": "epss", "scoring_elements": "0.96454", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.26731", "scoring_system": "epss", "scoring_elements": "0.96448", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22393" }, { "reference_url": "https://github.com/apache/incubator-answer", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/incubator-answer" }, { "reference_url": "https://lists.apache.org/thread/f58l6dr4r74hl6o71gn47kmn44vw12cv", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T16:20:21Z/" } ], "url": "https://lists.apache.org/thread/f58l6dr4r74hl6o71gn47kmn44vw12cv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22393", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22393" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T16:20:21Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/22/1" } ], "weaknesses": [ { "cwe_id": 434, "name": "Unrestricted Upload of File with Dangerous Type", "description": "The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment." } ], "exploits": [], "severity_range_score": "6.5 - 9.1", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zwej-9qeh-aqbk" }