GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/2738?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2738?format=api",
    "vulnerability_id": "VCID-ur3c-fxk2-2fh1",
    "summary": "Mozilla developer Bobby Holley discovered two issues\ninvolving security wrappers.The first of these issues occurs when XrayWrappers filter object properties.\nWhen validation of the object initially occurs, one set of object properties\nwill appear to be available. Later, when the XrayWrappers are removed, a more\nexpansive set of properties is available. These are then stored without further\nvalidation, making these properties available and bypassing security protections\nthat would normally protect them from access.\nThe second issue occurs when chrome objects are protected by Chrome Object\nWrappers (COW) and are passed as native interfaces. If this is done with some\nmethods, normally protected objects may be accessible to native methods exposed\nto web content.\nBoth of these issues could allow web content to access DOM objects that are\nintended to be chrome-only.",
    "aliases": [
        {
            "alias": "CVE-2014-8632"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1156?format=api",
            "purl": "pkg:mozilla/Firefox@34.0.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@34.0.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1169?format=api",
            "purl": "pkg:mozilla/Seamonkey@2.31.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.31.0"
        }
    ],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8632",
            "reference_id": "CVE-2014-8632",
            "reference_type": "",
            "scores": [],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8632"
        },
        {
            "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-91",
            "reference_id": "mfsa2014-91",
            "reference_type": "",
            "scores": [
                {
                    "value": "none",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-91"
        }
    ],
    "weaknesses": [],
    "exploits": [],
    "severity_range_score": null,
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ur3c-fxk2-2fh1"
}