GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/1645?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1645?format=api",
    "vulnerability_id": "VCID-rzzn-69ne-nkh8",
    "summary": "Mozilla developers and community members Arthur Iakab, Christoph Diehl, Christian Holler, Kalel, Emilio Cobos Álvarez, Cristina Coroiu, Noemi Erli, Natalia Csoregi, Julian Seward, Gary Kwong, Tyson Smith, Yaron Tausky, and Ronald Crane reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.",
    "aliases": [
        {
            "alias": "CVE-2018-18502"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1725?format=api",
            "purl": "pkg:alpm/archlinux/firefox@65.0-1",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@65.0-1"
        }
    ],
    "affected_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1724?format=api",
            "purl": "pkg:alpm/archlinux/firefox@64.0.2-1",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-fgb7-rh62-xkg4"
                },
                {
                    "vulnerability": "VCID-fvh9-g91r-ekfw"
                },
                {
                    "vulnerability": "VCID-jwtr-nz8r-uffb"
                },
                {
                    "vulnerability": "VCID-rzzn-69ne-nkh8"
                },
                {
                    "vulnerability": "VCID-s5tu-sfkg-uyg6"
                },
                {
                    "vulnerability": "VCID-t3qx-y3m5-mbes"
                },
                {
                    "vulnerability": "VCID-u2cf-d5ph-m7as"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@64.0.2-1"
        }
    ],
    "references": [
        {
            "reference_url": "https://security.archlinux.org/ASA-201902-2",
            "reference_id": "ASA-201902-2",
            "reference_type": "",
            "scores": [],
            "url": "https://security.archlinux.org/ASA-201902-2"
        },
        {
            "reference_url": "https://security.archlinux.org/AVG-862",
            "reference_id": "AVG-862",
            "reference_type": "",
            "scores": [
                {
                    "value": "Critical",
                    "scoring_system": "archlinux",
                    "scoring_elements": ""
                }
            ],
            "url": "https://security.archlinux.org/AVG-862"
        },
        {
            "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-01",
            "reference_id": "mfsa2019-01",
            "reference_type": "",
            "scores": [
                {
                    "value": "critical",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-01"
        }
    ],
    "weaknesses": [],
    "exploits": [],
    "severity_range_score": "9.0 - 10.0",
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rzzn-69ne-nkh8"
}