Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/1491?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1491?format=api", "vulnerability_id": "VCID-btsh-x8sa-57fd", "summary": "Mozilla developers and community members Alex Gaynor, André Bargull, Boris Zbarsky, Christian Holler, Jan de Mooij, Jason Kratzer, Philipp, Ronald Crane, Natalia Csoregi, and Paul Theriault reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "aliases": [ { "alias": "CVE-2018-12406" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1733?format=api", "purl": "pkg:alpm/archlinux/firefox@64.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@64.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/94520?format=api", "purl": "pkg:deb/debian/firefox@64.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@64.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/94464?format=api", "purl": "pkg:deb/debian/firefox@151.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1732?format=api", "purl": "pkg:alpm/archlinux/firefox@63.0.3-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ctk-v1dr-27he" }, { "vulnerability": "VCID-4rty-xgn3-fuby" }, { "vulnerability": "VCID-9s3m-fes9-xqh2" }, { "vulnerability": "VCID-axs7-cedu-23hw" }, { "vulnerability": "VCID-bdbe-964v-pfht" }, { "vulnerability": "VCID-btsh-x8sa-57fd" }, { "vulnerability": "VCID-h916-7jyk-9qfn" }, { "vulnerability": "VCID-p9vs-74e9-gqcf" }, { "vulnerability": "VCID-xxkg-b8ep-6yga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@63.0.3-1" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12406.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12406.json" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1692732", "reference_id": "1692732", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1692732" }, { "reference_url": "https://security.archlinux.org/ASA-201812-9", "reference_id": "ASA-201812-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201812-9" }, { "reference_url": "https://security.archlinux.org/AVG-833", "reference_id": "AVG-833", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-833" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-29", "reference_id": "mfsa2018-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-29" } ], "weaknesses": [ { "cwe_id": 119, "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer", "description": "The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer." }, { "cwe_id": 185, "name": "Incorrect Regular Expression", "description": "The product specifies a regular expression in a way that causes data to be improperly matched or compared." }, { "cwe_id": 787, "name": "Out-of-bounds Write", "description": "The product writes data past the end, or before the beginning, of the intended buffer." }, { "cwe_id": 125, "name": "Out-of-bounds Read", "description": "The product reads data past the end, or before the beginning, of the intended buffer." } ], "exploits": [], "severity_range_score": "8.8 - 10.0", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-btsh-x8sa-57fd" }