GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/2491?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2491?format=api",
    "vulnerability_id": "VCID-gf5k-p1zj-kkam",
    "summary": "Marius Schilder of Google Security reported that\nwhen a XMLHttpRequest is made to a same-origin resource\nwhich 302 redirects to a resource in a different domain, the response\nfrom the cross-domain resource is readable by the site issuing the\nXHR.  Cookies marked HttpOnly were not readable, but\nother potentially sensitive data could be revealed in the XHR response\nincluding URL parameters and content in the response body.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.",
    "aliases": [
        {
            "alias": "CVE-2008-5506"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1091?format=api",
            "purl": "pkg:mozilla/Firefox@3.0.5",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.5"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1090?format=api",
            "purl": "pkg:mozilla/SeaMonkey@1.1.14",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.1.14"
        }
    ],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5506",
            "reference_id": "CVE-2008-5506",
            "reference_type": "",
            "scores": [],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5506"
        },
        {
            "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-64",
            "reference_id": "mfsa2008-64",
            "reference_type": "",
            "scores": [
                {
                    "value": "none",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-64"
        }
    ],
    "weaknesses": [],
    "exploits": [],
    "severity_range_score": null,
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gf5k-p1zj-kkam"
}