GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/2008?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2008?format=api",
    "vulnerability_id": "VCID-ruh2-chz1-h3cv",
    "summary": "Using the Address Sanitizer tool, security researcher Atte\nKettunen from OUSPG found that the HTML5 Tree Builder does not properly\nstore state when interacting with template elements. Because some\nstack information is incorrectly stored, the template insertion mode stack can\nbe used when it is empty. This could possibly lead to code execution in some\ncircumstances.In general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.",
    "aliases": [
        {
            "alias": "CVE-2013-1720"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/945?format=api",
            "purl": "pkg:mozilla/Firefox@24.0.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@24.0.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/959?format=api",
            "purl": "pkg:mozilla/Seamonkey@2.21.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.21.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/957?format=api",
            "purl": "pkg:mozilla/Thunderbird@24.0.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.0.0"
        }
    ],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1720",
            "reference_id": "CVE-2013-1720",
            "reference_type": "",
            "scores": [],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1720"
        },
        {
            "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-77",
            "reference_id": "mfsa2013-77",
            "reference_type": "",
            "scores": [
                {
                    "value": "none",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-77"
        }
    ],
    "weaknesses": [],
    "exploits": [],
    "severity_range_score": null,
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ruh2-chz1-h3cv"
}