Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/2640?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2640?format=api", "vulnerability_id": "VCID-eprr-1559-u3dn", "summary": "Mozilla add-on developer Pavel Cvrcek reported\nthat certain invalid unicode characters, when used as part of an IDN,\nare displayed as whitespace in the location bar. This whitespace\ncould be used to force part of the URL out of view in the location\nbar. An attacker could use this vulnerability to spoof the location\nbar and display a misleading URL for their malicious web page.", "aliases": [ { "alias": "CVE-2009-1834" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1122?format=api", "purl": "pkg:mozilla/Firefox@3.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.11" } ], "affected_packages": [], "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1834", "reference_id": "CVE-2009-1834", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1834" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-25", "reference_id": "mfsa2009-25", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-25" } ], "weaknesses": [], "exploits": [], "severity_range_score": "0.1 - 3", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eprr-1559-u3dn" }