GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/2706?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2706?format=api",
    "vulnerability_id": "VCID-529a-q5b6-tyg4",
    "summary": "Mozilla developer Boris Zbarsky discovered an issue where\nnetwork-level redirects cause an <iframe> sandbox to forget \nits unique origin and behave as if the allow-same-origin keyword \nwere applied. This allows the sandboxed content to access other content from \nthe same origin without explicit approval. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.",
    "aliases": [
        {
            "alias": "CVE-2014-1552"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1142?format=api",
            "purl": "pkg:mozilla/Firefox@31.0.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@31.0.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1143?format=api",
            "purl": "pkg:mozilla/Thunderbird@31.0.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.0.0"
        }
    ],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1552",
            "reference_id": "CVE-2014-1552",
            "reference_type": "",
            "scores": [],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1552"
        },
        {
            "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-66",
            "reference_id": "mfsa2014-66",
            "reference_type": "",
            "scores": [
                {
                    "value": "none",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-66"
        }
    ],
    "weaknesses": [],
    "exploits": [],
    "severity_range_score": null,
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-529a-q5b6-tyg4"
}