Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/16456?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16456?format=api", "vulnerability_id": "VCID-dd4f-ze16-nudp", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nThe Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-0191 and CVE-2016-0193.", "aliases": [ { "alias": "CVE-2016-0186" }, { "alias": "GHSA-fjj8-gv4j-953p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61792?format=api", "purl": "pkg:nuget/Microsoft.ChakraCore@1.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18bt-p9bu-7kcg" }, { "vulnerability": "VCID-18cy-ef2d-sfgs" }, { "vulnerability": "VCID-193r-rk9b-73a7" }, { "vulnerability": "VCID-19s3-6hk5-zydp" }, { "vulnerability": "VCID-1d4d-6ycn-kfbg" }, { "vulnerability": "VCID-1fvy-afaq-7ffz" }, { "vulnerability": "VCID-1hm4-8j3z-gbe8" }, { "vulnerability": "VCID-1mqn-qxsq-gfb5" }, { "vulnerability": "VCID-1txb-sjay-ukfb" }, { "vulnerability": "VCID-1xh6-cjvx-4bej" }, { "vulnerability": "VCID-1xjh-99vu-vyf6" }, { "vulnerability": "VCID-27q5-85wq-ayhx" }, { "vulnerability": "VCID-2jw8-vq79-3yc4" }, { "vulnerability": "VCID-2ry8-tv1k-pyb3" }, { "vulnerability": "VCID-2x6n-tg25-wkc4" }, { "vulnerability": "VCID-3r3s-nrc8-sbe6" }, { "vulnerability": "VCID-431z-8875-d7fr" }, { "vulnerability": "VCID-46f5-3qcs-ckcw" }, { "vulnerability": "VCID-4jw5-n3pz-zuhf" }, { "vulnerability": "VCID-4kr2-wf77-nug4" }, { "vulnerability": "VCID-4n9b-ptn2-3ugd" }, { "vulnerability": "VCID-4rr8-ter6-7yaw" }, { "vulnerability": "VCID-523x-9n5w-rqc2" }, { "vulnerability": "VCID-532u-w1p6-rycx" }, { "vulnerability": "VCID-54xz-xw4u-xqh9" }, { "vulnerability": "VCID-558y-9j3b-fyd3" }, { "vulnerability": "VCID-5s8e-w8mp-xydh" }, { "vulnerability": "VCID-63zg-je8v-2yh6" }, { "vulnerability": "VCID-66rk-gaz2-x7et" }, { "vulnerability": "VCID-6yew-52pk-nfe9" }, { "vulnerability": "VCID-6zfw-kag6-sfhq" }, { "vulnerability": "VCID-7sqx-g2jn-9yds" }, { "vulnerability": "VCID-7trr-1jwb-zufw" }, { "vulnerability": "VCID-7z5t-cth2-ybe1" }, { "vulnerability": "VCID-8jd7-9g2p-xqec" }, { "vulnerability": "VCID-8jqz-9eaj-mfaj" }, { "vulnerability": "VCID-8swk-fket-wkes" }, { "vulnerability": "VCID-99dg-rm43-9qef" }, { "vulnerability": "VCID-9u2d-1vj5-sfbf" }, { "vulnerability": "VCID-9v8t-kbf9-yye5" }, { "vulnerability": "VCID-ahe3-4w9p-xfba" }, { "vulnerability": "VCID-b6wu-ubuv-jqeg" }, { "vulnerability": "VCID-bmba-t3ga-fuh6" }, { "vulnerability": "VCID-brne-zr1j-zqdz" }, { "vulnerability": "VCID-btua-a1pr-mbbe" }, { "vulnerability": "VCID-busw-m81p-67ch" }, { "vulnerability": "VCID-cmad-nxc3-3ugn" }, { "vulnerability": "VCID-dc3y-6mb9-6fe1" }, { "vulnerability": "VCID-dcer-1uh1-a7h9" }, { "vulnerability": "VCID-e1b9-bq4b-9fh7" }, { "vulnerability": "VCID-eygy-bzey-7yaq" }, { "vulnerability": "VCID-f8m6-a9a9-juhw" }, { "vulnerability": "VCID-fedc-anrx-ufg2" }, { "vulnerability": "VCID-fj84-9g1p-vfa5" }, { "vulnerability": "VCID-fxfn-jq82-n3fy" }, { "vulnerability": "VCID-fzjt-qse7-kbd5" }, { "vulnerability": "VCID-ggf4-u8qd-eff7" }, { "vulnerability": "VCID-gvr1-zbs9-sffy" }, { "vulnerability": "VCID-gyyj-1jxm-vfbu" }, { "vulnerability": "VCID-hagb-nxwq-tbg3" }, { "vulnerability": "VCID-hbcj-83rp-jbd4" }, { "vulnerability": "VCID-hcfa-1wq4-wyga" }, { "vulnerability": "VCID-hdpy-kfn8-sbba" }, { "vulnerability": "VCID-je2z-mcvk-gqhp" }, { "vulnerability": "VCID-jerx-5eyv-ebeq" }, { "vulnerability": "VCID-jmx4-vvk4-ykdk" }, { "vulnerability": "VCID-kbee-zr5j-hkat" }, { "vulnerability": "VCID-keaw-uz84-9qer" }, { "vulnerability": "VCID-kua2-9yb8-gkgq" }, { "vulnerability": "VCID-mczu-b3e6-5bgb" }, { "vulnerability": "VCID-me7g-49jk-63c2" }, { "vulnerability": "VCID-mksq-kg9m-uqdz" }, { "vulnerability": "VCID-mm2r-t2rz-7ygp" }, { "vulnerability": "VCID-mmba-qzvj-37df" }, { "vulnerability": "VCID-mnd4-84rp-mbb4" }, { "vulnerability": "VCID-mpe4-db65-4qab" }, { "vulnerability": "VCID-mqsb-hzpy-5ygv" }, { "vulnerability": "VCID-ncbk-mcwh-3fa3" }, { "vulnerability": "VCID-nd4s-mcgx-s3bs" }, { "vulnerability": "VCID-nh3m-s7fe-bqek" }, { "vulnerability": "VCID-njsb-3b47-77hk" }, { "vulnerability": "VCID-nn2u-snsx-83hq" }, { "vulnerability": "VCID-nypa-dv6a-aydu" }, { "vulnerability": "VCID-nyyv-c55j-pyea" }, { "vulnerability": "VCID-pusx-pa1h-yyfu" }, { "vulnerability": "VCID-pxev-85t8-fug6" }, { "vulnerability": "VCID-pyt1-g2tu-eqb4" }, { "vulnerability": "VCID-qgsm-c5dq-bfb8" }, { "vulnerability": "VCID-qndq-e3vk-ybeu" }, { "vulnerability": "VCID-qwbu-jvxv-bbej" }, { "vulnerability": "VCID-qxax-card-uyfy" }, { "vulnerability": "VCID-r16a-n5nn-nybp" }, { "vulnerability": "VCID-rffd-vnyj-puc3" }, { "vulnerability": "VCID-rkns-keya-cyfj" }, { "vulnerability": "VCID-rnva-ys32-7kbu" }, { "vulnerability": "VCID-rxgn-xep7-fya7" }, { "vulnerability": "VCID-ry6a-46j6-ybgk" }, { "vulnerability": "VCID-saxs-fd9n-cyem" }, { "vulnerability": "VCID-shdw-sqhu-v3aa" }, { "vulnerability": "VCID-sqfw-zhmk-mkbe" }, { "vulnerability": "VCID-st54-u8tz-33gs" }, { "vulnerability": "VCID-t8bg-6rsw-ebf8" }, { "vulnerability": "VCID-tnh1-zjdq-6qhd" }, { "vulnerability": "VCID-tnhg-2f5h-cfaa" }, { "vulnerability": "VCID-tpdy-ttbh-5kh6" }, { "vulnerability": "VCID-udcs-da57-q7hs" }, { "vulnerability": "VCID-uwda-x8ud-b7ht" }, { "vulnerability": "VCID-v4er-vyja-qffa" }, { "vulnerability": "VCID-v7k3-6juv-47gr" }, { "vulnerability": "VCID-vk99-umu1-2bag" }, { "vulnerability": "VCID-vser-kewx-akh4" }, { "vulnerability": "VCID-vx2e-zgfx-dkau" }, { "vulnerability": "VCID-vxjj-cqyk-w3hd" }, { "vulnerability": "VCID-w2kf-rnn3-huc8" }, { "vulnerability": "VCID-wevg-rszb-9ufb" }, { "vulnerability": "VCID-wjjc-1wyd-87fp" }, { "vulnerability": "VCID-x6wa-636e-zugv" }, { "vulnerability": "VCID-xcd3-cznv-xuc8" }, { "vulnerability": "VCID-xk96-csb5-syac" }, { "vulnerability": "VCID-xkm6-uy8d-x3cq" }, { "vulnerability": "VCID-y3z3-emkf-bug3" }, { "vulnerability": "VCID-yabf-1cc1-v7dk" }, { "vulnerability": "VCID-yc6q-h53h-9khy" }, { "vulnerability": "VCID-z2u9-jd5w-rkb5" }, { "vulnerability": "VCID-z6hg-axpc-1qht" }, { "vulnerability": "VCID-z6nc-29bh-77h9" }, { "vulnerability": "VCID-z8aj-6xyd-fkfq" }, { "vulnerability": "VCID-zptc-hpne-x7at" }, { "vulnerability": "VCID-zqb9-5v29-xbc6" }, { "vulnerability": "VCID-ztbp-3phk-zkeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.ChakraCore@1.2.0" } ], "affected_packages": [], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0186", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.21761", "scoring_system": "epss", "scoring_elements": "0.95843", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0186" }, { "reference_url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-052", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-052" }, { "reference_url": "https://github.com/chakra-core/ChakraCore", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/chakra-core/ChakraCore" }, { "reference_url": "https://github.com/chakra-core/ChakraCore/commit/d21529b131d831fc4470139bfc90d80ae7481fa2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/chakra-core/ChakraCore/commit/d21529b131d831fc4470139bfc90d80ae7481fa2" }, { "reference_url": "https://web.archive.org/web/20201024061334/http://www.securitytracker.com/id/1035821", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201024061334/http://www.securitytracker.com/id/1035821" }, { "reference_url": "https://web.archive.org/web/20210123133438/http://www.securityfocus.com/bid/90008", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123133438/http://www.securityfocus.com/bid/90008" }, { "reference_url": "http://www.zerodayinitiative.com/advisories/ZDI-16-338", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-338" }, { "reference_url": "http://www.zerodayinitiative.com/advisories/ZDI-16-355", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-355" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0186", "reference_id": "CVE-2016-0186", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0186" }, { "reference_url": "https://github.com/advisories/GHSA-fjj8-gv4j-953p", "reference_id": "GHSA-fjj8-gv4j-953p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fjj8-gv4j-953p" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 119, "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer", "description": "The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer." }, { "cwe_id": 78, "name": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "description": "The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dd4f-ze16-nudp" }