Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/93944?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93944?format=api", "vulnerability_id": "VCID-j4ay-sffd-zbat", "summary": "Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. To succeed, certain conditions need to be fulfilled: The jail (with the exploit code inside) needs to be started as root, and it also needs to be terminated as root from the host (either by stopping it ungracefully (e.g., SIGKILL), or by using the --shutdown control command). This is similar to CVE-2019-5736.", "aliases": [ { "alias": "CVE-2019-12499" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/922329?format=api", "purl": "pkg:deb/debian/firejail@0.9.58.2-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firejail@0.9.58.2-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1038144?format=api", "purl": "pkg:deb/debian/firejail@0.9.58.2-2%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-56sf-yfk6-1key" }, { "vulnerability": "VCID-9auq-b7rs-5fe2" }, { "vulnerability": "VCID-eud3-k24q-6ber" }, { "vulnerability": "VCID-uzv4-9xtx-ryhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firejail@0.9.58.2-2%252Bdeb10u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/922321?format=api", "purl": "pkg:deb/debian/firejail@0.9.64.4-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firejail@0.9.64.4-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/922319?format=api", "purl": "pkg:deb/debian/firejail@0.9.72-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firejail@0.9.72-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/922323?format=api", "purl": "pkg:deb/debian/firejail@0.9.74-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firejail@0.9.74-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/922322?format=api", "purl": "pkg:deb/debian/firejail@0.9.80-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firejail@0.9.80-1%3Fdistro=trixie" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038142?format=api", "purl": "pkg:deb/debian/firejail@0.9.44.8-2~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-56sf-yfk6-1key" }, { "vulnerability": "VCID-9auq-b7rs-5fe2" }, { "vulnerability": "VCID-eud3-k24q-6ber" }, { "vulnerability": "VCID-j4ay-sffd-zbat" }, { "vulnerability": "VCID-uzv4-9xtx-ryhr" }, { "vulnerability": "VCID-wr4q-yy27-7qar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firejail@0.9.44.8-2~bpo8%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1038143?format=api", "purl": "pkg:deb/debian/firejail@0.9.44.8-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-56sf-yfk6-1key" }, { "vulnerability": "VCID-9auq-b7rs-5fe2" }, { "vulnerability": "VCID-eud3-k24q-6ber" }, { "vulnerability": "VCID-j4ay-sffd-zbat" }, { "vulnerability": "VCID-uzv4-9xtx-ryhr" }, { "vulnerability": "VCID-wr4q-yy27-7qar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firejail@0.9.44.8-2" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12499", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01291", "scoring_system": "epss", "scoring_elements": "0.79761", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01291", "scoring_system": "epss", "scoring_elements": "0.79785", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01291", "scoring_system": "epss", "scoring_elements": "0.79802", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01291", "scoring_system": "epss", "scoring_elements": "0.79797", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01291", "scoring_system": "epss", "scoring_elements": "0.79812", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01291", "scoring_system": "epss", "scoring_elements": "0.7985", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.80042", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.80026", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.80018", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.80046", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.79966", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.80075", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.8008", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.80096", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.80048", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.79973", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.79995", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.79985", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.80014", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01341", "scoring_system": "epss", "scoring_elements": "0.80022", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12499" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929733", "reference_id": "929733", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929733" } ], "weaknesses": [], "exploits": [], "severity_range_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j4ay-sffd-zbat" }