GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/2142?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2142?format=api",
    "vulnerability_id": "VCID-qerq-fger-47fb",
    "summary": "Security researcher wushi of team509 reported that\nwhen a XUL tree had an HTML <div> element nested inside a\n<treechildren> element then code attempting to display content\nin the XUL tree would incorrectly treat the <div> element as a\nparent node to tree content underneath it resulting in incorrect\nindexes being calculated for the child content.  These incorrect\nindexes were used in subsequent array operations which resulted in\nwriting data past the end of an allocated buffer.  An attacker could\nuse this issue to crash a victim's browser and run arbitrary code on\ntheir machine.",
    "aliases": [
        {
            "alias": "CVE-2010-3772"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/994?format=api",
            "purl": "pkg:mozilla/Firefox@3.5.16",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.16"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/993?format=api",
            "purl": "pkg:mozilla/Firefox@3.6.13",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.13"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/995?format=api",
            "purl": "pkg:mozilla/SeaMonkey@2.0.11",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.11"
        }
    ],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3772",
            "reference_id": "CVE-2010-3772",
            "reference_type": "",
            "scores": [],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3772"
        },
        {
            "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-77",
            "reference_id": "mfsa2010-77",
            "reference_type": "",
            "scores": [
                {
                    "value": "critical",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-77"
        }
    ],
    "weaknesses": [],
    "exploits": [],
    "severity_range_score": "9.0 - 10.0",
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qerq-fger-47fb"
}