Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/1440?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1440?format=api", "vulnerability_id": "VCID-fzjv-n7aa-17dw", "summary": "WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions.", "aliases": [ { "alias": "CVE-2018-12369" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1764?format=api", "purl": "pkg:alpm/archlinux/firefox@61.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@61.0-1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1763?format=api", "purl": "pkg:alpm/archlinux/firefox@60.0.2-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17vz-f9w4-tubh" }, { "vulnerability": "VCID-1squ-bxex-97hw" }, { "vulnerability": "VCID-3vcp-ch93-abhw" }, { "vulnerability": "VCID-5y9d-4g5v-qkg1" }, { "vulnerability": "VCID-7vk1-hcey-u3bn" }, { "vulnerability": "VCID-8txc-n8bs-4bf8" }, { "vulnerability": "VCID-dgz5-q1qt-e3h3" }, { "vulnerability": "VCID-dpqh-hkxp-1bd4" }, { "vulnerability": "VCID-dw59-nj2n-2fc8" }, { "vulnerability": "VCID-fzjv-n7aa-17dw" }, { "vulnerability": "VCID-j3e5-ppm4-gkh2" }, { "vulnerability": "VCID-kn5u-yu27-wygd" }, { "vulnerability": "VCID-q952-qxd9-h3gk" }, { "vulnerability": "VCID-vnjj-m8kx-qbdn" }, { "vulnerability": "VCID-x7h1-tdws-2qf2" }, { "vulnerability": "VCID-xnhs-mh64-8bdz" }, { "vulnerability": "VCID-zh9h-eksn-u7f4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0.2-1" } ], "references": [ { "reference_url": "https://security.archlinux.org/ASA-201806-14", "reference_id": "ASA-201806-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201806-14" }, { "reference_url": "https://security.archlinux.org/AVG-727", "reference_id": "AVG-727", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-727" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-15", "reference_id": "mfsa2018-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-16", "reference_id": "mfsa2018-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-16" } ], "weaknesses": [], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fzjv-n7aa-17dw" }