GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/3077?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3077?format=api",
    "vulnerability_id": "VCID-t79e-kk94-wbb3",
    "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team and Mozilla security developer Gary Kwong\nused the Address Sanitizer tool to discover a double-free error when sending a\nzero-length XmlHttpRequest (XHR). This was due to errors in memory allocation\nwhen using different memory allocator libraries than jemalloc used\nby Mozilla builds. When those other memory allocators are used for build\ncompilation, this could cause a potentially exploitable crash during some XHR\nactions.\nThis vulnerability does not happen in Firefox as built by\nMozilla, but can occur when Firefox is built using a memory allocator that\nfollows older pre-standard behaviors.",
    "aliases": [
        {
            "alias": "CVE-2015-0828"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1219?format=api",
            "purl": "pkg:mozilla/Firefox@36.0.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@36.0.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1220?format=api",
            "purl": "pkg:mozilla/SeaMonkey@2.33.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.33.0"
        }
    ],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0828",
            "reference_id": "CVE-2015-0828",
            "reference_type": "",
            "scores": [],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0828"
        },
        {
            "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-18",
            "reference_id": "mfsa2015-18",
            "reference_type": "",
            "scores": [
                {
                    "value": "high",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-18"
        }
    ],
    "weaknesses": [],
    "exploits": [],
    "severity_range_score": "7.0 - 8.9",
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t79e-kk94-wbb3"
}