GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/2258?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2258?format=api",
    "vulnerability_id": "VCID-up5d-dcg6-3fab",
    "summary": "Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting (XSS) attacks.\nUpdate October 9, 2012: This advisory was updated to reflect the fact that bug 756719 was also fixed in ESR 10.0.8.",
    "aliases": [
        {
            "alias": "CVE-2012-1956"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1025?format=api",
            "purl": "pkg:mozilla/Firefox@15.0.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@15.0.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1055?format=api",
            "purl": "pkg:mozilla/Firefox%20ESR@10.0.8",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@10.0.8"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1029?format=api",
            "purl": "pkg:mozilla/SeaMonkey@2.12.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.12.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1027?format=api",
            "purl": "pkg:mozilla/Thunderbird@15.0.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@15.0.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1057?format=api",
            "purl": "pkg:mozilla/Thunderbird%20ESR@10.0.8",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird%2520ESR@10.0.8"
        }
    ],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1956",
            "reference_id": "CVE-2012-1956",
            "reference_type": "",
            "scores": [],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1956"
        },
        {
            "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-59",
            "reference_id": "mfsa2012-59",
            "reference_type": "",
            "scores": [
                {
                    "value": "high",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-59"
        }
    ],
    "weaknesses": [],
    "exploits": [],
    "severity_range_score": "7.0 - 8.9",
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-up5d-dcg6-3fab"
}