GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/2070?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2070?format=api",
    "vulnerability_id": "VCID-tzau-6ftq-qfh8",
    "summary": "Security researcher Masato Kinugawa discovered that if a web\npage is missing character set encoding information it can inherit character\nencodings across navigations into another domain from an earlier site. Only\nsame-origin inheritance is allowed according to the HTML5 specification. This\nissue allows an attacker to add content that will be interpreted one way on the\nvictim site, but which may then behave differently, evading cross-site scripting\n(XSS) filtering, when forced into an unexpected character set. Web site authors\nshould always explicitly declare a character encoding to avoid similar issues.\nIn general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.",
    "aliases": [
        {
            "alias": "CVE-2013-5612"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/918?format=api",
            "purl": "pkg:mozilla/Firefox@26.0.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@26.0.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/921?format=api",
            "purl": "pkg:mozilla/Seamonkey@2.23.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.23.0"
        }
    ],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5612",
            "reference_id": "CVE-2013-5612",
            "reference_type": "",
            "scores": [],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5612"
        },
        {
            "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-106",
            "reference_id": "mfsa2013-106",
            "reference_type": "",
            "scores": [
                {
                    "value": "none",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-106"
        }
    ],
    "weaknesses": [],
    "exploits": [],
    "severity_range_score": null,
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tzau-6ftq-qfh8"
}