Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/2001?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2001?format=api", "vulnerability_id": "VCID-csp5-2v9h-yqav", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to discover a\nuser-after-free when interacting with HTML document templates. This leads to a\npotentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but is\npotentially a risk in browser or browser-like contexts.", "aliases": [ { "alias": "CVE-2013-5603" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/934?format=api", "purl": "pkg:mozilla/Firefox@25.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@25.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/935?format=api", "purl": "pkg:mozilla/Firefox%20ESR@24.1.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@24.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/939?format=api", "purl": "pkg:mozilla/Seamonkey@2.22.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.22.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/937?format=api", "purl": "pkg:mozilla/Thunderbird@24.1.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.1.0" } ], "affected_packages": [], "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5603", "reference_id": "CVE-2013-5603", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5603" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-102", "reference_id": "mfsa2013-102", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-102" } ], "weaknesses": [], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-csp5-2v9h-yqav" }