Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1126?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1126?format=api", "purl": "pkg:mozilla/SeaMonkey@2.0.0", "type": "mozilla", "namespace": "", "name": "SeaMonkey", "version": "2.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.0.1", "latest_non_vulnerable_version": "2.38.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2634?format=api", "vulnerability_id": "VCID-bwba-bq5v-y3cf", "summary": "Security research firm iDefense reported that\nresearcher regenrecht discovered a heap-based buffer\noverflow in Mozilla's GIF image parser. This vulnerability could\npotentially be used by an attacker to crash a victim's browser and run\narbitrary code on their computer.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373", "reference_id": "CVE-2009-3373", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-56", "reference_id": "mfsa2009-56", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-56" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1126?format=api", "purl": "pkg:mozilla/SeaMonkey@2.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.0" } ], "aliases": [ "CVE-2009-3373" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bwba-bq5v-y3cf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2628?format=api", "vulnerability_id": "VCID-cdn3-4erv-3kbs", "summary": "Security researcher Marco C. reported a flaw in\nthe parsing of regular expressions used in Proxy Auto-configuration\n(PAC) files. In certain cases this flaw could be used by an attacker\nto crash a victim's browser and run arbitrary code on their computer.\nSince this vulnerability requires the victim to have PAC configured in\ntheir environment with specific regular expressions which can trigger\nthe crash, the severity of the issue was determined to be\nmoderate.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372", "reference_id": "CVE-2009-3372", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-55", "reference_id": "mfsa2009-55", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-55" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1126?format=api", "purl": "pkg:mozilla/SeaMonkey@2.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.0" } ], "aliases": [ "CVE-2009-3372" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cdn3-4erv-3kbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2607?format=api", "vulnerability_id": "VCID-rub4-fa7f-tfe8", "summary": "Mozilla security researchers Jesse Ruderman\nand Sid Stamm reported that when downloading a file\ncontaining a right-to-left override character (RTL) in the filename,\nthe name displayed in the dialog title bar conflicts with the name of\nthe file shown in the dialog body. An attacker could use this\nvulnerability to obfuscate the name and file extension of a file to be\ndownloaded and opened, potentially causing a user to run an executable\nfile when they expected to open a non-executable file.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376", "reference_id": "CVE-2009-3376", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-62", "reference_id": "mfsa2009-62", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-62" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1126?format=api", "purl": "pkg:mozilla/SeaMonkey@2.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.0" } ], "aliases": [ "CVE-2009-3376" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rub4-fa7f-tfe8" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.0" }