Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/1876?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1876?format=api", "vulnerability_id": "VCID-rxw6-exsx-jqcr", "summary": "Security researcher Looben Yang discovered a use-after-free\nvulnerability when working with nested sync event loops in Service Workers. He discovered\na mechanism where scripts can close their own worker, which will then trigger a\nsynchronization XMLHttpRequest on this now closed and released worker. This results in a\npotentially exploitable crash when triggered.", "aliases": [ { "alias": "CVE-2016-5259" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/898?format=api", "purl": "pkg:mozilla/Firefox@48.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@48.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/899?format=api", "purl": "pkg:mozilla/Firefox%20ESR@45.3.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@45.3.0" } ], "affected_packages": [], "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5259", "reference_id": "CVE-2016-5259", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5259" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-73", "reference_id": "mfsa2016-73", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-73" } ], "weaknesses": [], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rxw6-exsx-jqcr" }