GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/2553?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2553?format=api",
    "vulnerability_id": "VCID-q3kb-75tq-a7dt",
    "summary": "Priit Laes reported a crash due to a heap buffer overflow triggered\nby a JavaScript regular expression containing\na minimal quantifier. We presume this could be exploited to run\narbitrary code.CanadianGuy, Girts Folkmanis and Catalin Patulea report that a regular\nexpression that ends with a backslash inside an unterminated\ncharacter set (e.g. \"[\\\\\") will cause the regular expression engine\nto read beyond the end of the buffer, possibly leading to a crash.Thunderbird shares the browser engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from enabling\nJavaScript in mail.",
    "aliases": [
        {
            "alias": "CVE-2006-4565"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1098?format=api",
            "purl": "pkg:mozilla/SeaMonkey@1.0.5",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.5"
        }
    ],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4565",
            "reference_id": "CVE-2006-4565",
            "reference_type": "",
            "scores": [],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4565"
        },
        {
            "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-57",
            "reference_id": "mfsa2006-57",
            "reference_type": "",
            "scores": [
                {
                    "value": "critical",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-57"
        }
    ],
    "weaknesses": [],
    "exploits": [],
    "severity_range_score": "9.0 - 10.0",
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q3kb-75tq-a7dt"
}