VulnerableCode.io REST API

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/40204?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40204?format=api",
    "vulnerability_id": "VCID-42k5-zsk1-5fcb",
    "summary": "ember-source Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute.",
    "aliases": [
        {
            "alias": "CVE-2014-0046"
        },
        {
            "alias": "GHSA-4q53-fqhc-cr46"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/56400?format=api",
            "purl": "pkg:gem/ember-source@1.2.2",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.2.2"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/56401?format=api",
            "purl": "pkg:gem/ember-source@1.3.2",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.3.2"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/56402?format=api",
            "purl": "pkg:gem/ember-source@1.4.0.beta.6",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.4.0.beta.6"
        }
    ],
    "affected_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/55053?format=api",
            "purl": "pkg:gem/ember-source@1.2.0",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-42k5-zsk1-5fcb"
                },
                {
                    "vulnerability": "VCID-78w7-adb5-qfga"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.2.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/55054?format=api",
            "purl": "pkg:gem/ember-source@1.3.0",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-42k5-zsk1-5fcb"
                },
                {
                    "vulnerability": "VCID-78w7-adb5-qfga"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.3.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/55044?format=api",
            "purl": "pkg:gem/ember-source@1.4.0.beta.1",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-42k5-zsk1-5fcb"
                },
                {
                    "vulnerability": "VCID-78w7-adb5-qfga"
                },
                {
                    "vulnerability": "VCID-d7x3-kr4s-hqa9"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.4.0.beta.1"
        }
    ],
    "references": [
        {
            "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91242",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91242"
        },
        {
            "reference_url": "https://github.com/emberjs/ember.js",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "https://github.com/emberjs/ember.js"
        },
        {
            "reference_url": "https://github.com/emberjs/ember.js/commit/45ee8df2a0efc0afe233d6b9b17045782a2e6b2d",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "https://github.com/emberjs/ember.js/commit/45ee8df2a0efc0afe233d6b9b17045782a2e6b2d"
        },
        {
            "reference_url": "https://github.com/emberjs/ember.js/commit/94b28b8773acf894c4d7d7fccf4411a706292436",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "https://github.com/emberjs/ember.js/commit/94b28b8773acf894c4d7d7fccf4411a706292436"
        },
        {
            "reference_url": "https://github.com/emberjs/ember.js/commit/ab3199e68e1d0fc3c8f7f453cd38c51fe02af90b",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "https://github.com/emberjs/ember.js/commit/ab3199e68e1d0fc3c8f7f453cd38c51fe02af90b"
        },
        {
            "reference_url": "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ"
        },
        {
            "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0046",
            "reference_id": "CVE-2014-0046",
            "reference_type": "",
            "scores": [],
            "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0046"
        },
        {
            "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ember-source/CVE-2014-0046.yml",
            "reference_id": "CVE-2014-0046.YML",
            "reference_type": "",
            "scores": [],
            "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ember-source/CVE-2014-0046.yml"
        },
        {
            "reference_url": "https://github.com/advisories/GHSA-4q53-fqhc-cr46",
            "reference_id": "GHSA-4q53-fqhc-cr46",
            "reference_type": "",
            "scores": [],
            "url": "https://github.com/advisories/GHSA-4q53-fqhc-cr46"
        }
    ],
    "weaknesses": [
        {
            "cwe_id": 79,
            "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
            "description": "The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."
        },
        {
            "cwe_id": 937,
            "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities",
            "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."
        },
        {
            "cwe_id": 1035,
            "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities",
            "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."
        }
    ],
    "exploits": [],
    "severity_range_score": null,
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-42k5-zsk1-5fcb"
}

Vulnerability Instance