GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/2947?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2947?format=api",
    "vulnerability_id": "VCID-mm4x-8rtx-9yd2",
    "summary": "Mozilla developer Jan de Mooij reported an issue that\naffects web content that relies on the Caja Compiler for\nprotection, or other similar sandboxing libraries. He found that some JavaScript\nobjects marked as non-extensible within Caja and Secure EcmaScript could be made\nextensible again, bypassing the Caja sandboxing security measures, when the\nJavaScript code should not be allowed to run.\nFirefox users are not directly impacted by this issue. This\nissue affects code running in Caja within loaded web content that should run\nwithin its protections.",
    "aliases": [
        {
            "alias": "CVE-2015-0820"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1219?format=api",
            "purl": "pkg:mozilla/Firefox@36.0.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@36.0.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1220?format=api",
            "purl": "pkg:mozilla/SeaMonkey@2.33.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.33.0"
        }
    ],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0820",
            "reference_id": "CVE-2015-0820",
            "reference_type": "",
            "scores": [],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0820"
        },
        {
            "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-27",
            "reference_id": "mfsa2015-27",
            "reference_type": "",
            "scores": [
                {
                    "value": "none",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-27"
        }
    ],
    "weaknesses": [],
    "exploits": [],
    "severity_range_score": null,
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mm4x-8rtx-9yd2"
}