VulnerableCode.io REST API

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/2575?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2575?format=api",
    "vulnerability_id": "VCID-75qe-svtv-kfed",
    "summary": "Mozilla researcher moz_bug_r_a4 demonstrated that javascript run via\nEvalInSandbox can escape the sandbox and gain elevated privilege by\ncalling valueOf() on objects created outside the sandbox and inserted\ninto it. Malicious scripts could use these privileges to compromise\nyour computer or data.In Mozilla clients the primary use for EvalInSandbox is to run the\nProxy Autoconfig script should one be specified by your network\nadministrator. This is a rare option for home users, it is primarily\nused by institutional networks which have a need for remote configuration.The popular Greasemonkey extension uses EvalInSandbox to run userscripts\nwhich manipulate the web pages you visit on your behalf. Using this\nvulnerability a malicious userscript could gain enough privilege to\ninstall malware, but even when Greasemonkey is working as designed\na malicious userscript can make life miserable. Only install userscripts\nfrom sources you can trust.",
    "aliases": [
        {
            "alias": "CVE-2006-2787"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1100?format=api",
            "purl": "pkg:mozilla/SeaMonkey@1.0.2",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.2"
        }
    ],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2787",
            "reference_id": "CVE-2006-2787",
            "reference_type": "",
            "scores": [],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2787"
        },
        {
            "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-31",
            "reference_id": "mfsa2006-31",
            "reference_type": "",
            "scores": [
                {
                    "value": "none",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-31"
        }
    ],
    "weaknesses": [],
    "exploits": [],
    "severity_range_score": null,
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-75qe-svtv-kfed"
}

Vulnerability Instance