VulnerableCode.io REST API

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/3129?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3129?format=api",
    "vulnerability_id": "VCID-ppd4-9vpc-rkg4",
    "summary": "shutdown reported that if you could convince a user to\nopen a blocked popup you could perform a cross-site scripting attack against\nany site that contains a frame whose source is a data: URL. To accomplish this\nthe attacker's site would have to frame the target site plus another frame\nwhose source is the exact same data: url as the victim site, and then\nattempt to open a popup with a javascript: url from the data: frame. It is\nunclear whether any high-value target sites that match this description\nactually exist.Similarly, Michal Zalewski reported that although pages\nloaded from the web normally cannot open windows containing local files,\nif you could convince a user to open a blocked popup then this restriction\ncould be bypassed. In order to take advantage of this flaw the attacker\nwould have to know the full path to a locally-saved file containing\nmalicious script. He also reported that a flaw in the seeding of the\npseudo-random number generator resulted in downloaded files being\nsaved to temporary files with a reasonably predictable name. The two combined\ncould be used to steal information saved on the local disk.",
    "aliases": [
        {
            "alias": "CVE-2007-0780"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1265?format=api",
            "purl": "pkg:mozilla/SeaMonkey@1.0.8",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.8"
        }
    ],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0780",
            "reference_id": "CVE-2007-0780",
            "reference_type": "",
            "scores": [],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0780"
        },
        {
            "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2007-05",
            "reference_id": "mfsa2007-05",
            "reference_type": "",
            "scores": [
                {
                    "value": "none",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2007-05"
        }
    ],
    "weaknesses": [],
    "exploits": [],
    "severity_range_score": null,
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ppd4-9vpc-rkg4"
}

Vulnerability Instance