Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/typo3/cms-core@9.5.36
Typecomposer
Namespacetypo3
Namecms-core
Version9.5.36
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version12.4.41
Latest_non_vulnerable_version14.0.2
Affected_by_vulnerabilities
0
url VCID-5paq-5frf-43ed
vulnerability_id VCID-5paq-5frf-43ed
summary 
TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.0)

### Problem
It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability.

### Solution
Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above.

### Credits
Thanks to Vautia who reported this issue and to TYPO3 core & security team member Oliver Hader who fixed the issue.

### References
* [TYPO3-CORE-SA-2022-009](https://typo3.org/security/advisory/typo3-core-sa-2022-009)
* [Vulnerability Report on huntr.dev](https://huntr.dev/bounties/51e9b709-193c-41fd-bd4a-833aaca0bd4e/) (embargoed +30 days)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36107
reference_id
reference_type
scores
0
value 0.00687
scoring_system epss
scoring_elements 0.71682
published_at 2026-04-02T12:55:00Z
1
value 0.00687
scoring_system epss
scoring_elements 0.7173
published_at 2026-04-12T12:55:00Z
2
value 0.00687
scoring_system epss
scoring_elements 0.71747
published_at 2026-04-11T12:55:00Z
3
value 0.00687
scoring_system epss
scoring_elements 0.71723
published_at 2026-04-09T12:55:00Z
4
value 0.00687
scoring_system epss
scoring_elements 0.71712
published_at 2026-04-08T12:55:00Z
5
value 0.00687
scoring_system epss
scoring_elements 0.71673
published_at 2026-04-07T12:55:00Z
6
value 0.00687
scoring_system epss
scoring_elements 0.717
published_at 2026-04-04T12:55:00Z
7
value 0.00687
scoring_system epss
scoring_elements 0.71744
published_at 2026-04-21T12:55:00Z
8
value 0.00687
scoring_system epss
scoring_elements 0.71762
published_at 2026-04-18T12:55:00Z
9
value 0.00687
scoring_system epss
scoring_elements 0.71756
published_at 2026-04-16T12:55:00Z
10
value 0.00687
scoring_system epss
scoring_elements 0.71713
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36107
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36107.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36107.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36107.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36107.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/546208428c861a09d62b86cde141eb19a81fae66
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/546208428c861a09d62b86cde141eb19a81fae66
5
reference_url https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39
6
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36107
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36107
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-009
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-009
9
reference_url https://github.com/advisories/GHSA-9c6w-55cp-5w25
reference_id GHSA-9c6w-55cp-5w25
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9c6w-55cp-5w25
fixed_packages
0
url pkg:composer/typo3/cms-core@9.5.37
purl pkg:composer/typo3/cms-core@9.5.37
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.37
1
url pkg:composer/typo3/cms-core@10.4.32
purl pkg:composer/typo3/cms-core@10.4.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-65ue-7jd9-23gf
3
vulnerability VCID-8d2m-1ffv-jqe1
4
vulnerability VCID-8sdd-b1bn-cuhx
5
vulnerability VCID-axvk-13qf-tka7
6
vulnerability VCID-g4uc-qeb6-myed
7
vulnerability VCID-gv1b-xtv4-4yg3
8
vulnerability VCID-gyyu-n3b1-zbcj
9
vulnerability VCID-h6y3-7gsq-skh2
10
vulnerability VCID-mud2-s4rc-fuf6
11
vulnerability VCID-n7ng-zkkb-2qaz
12
vulnerability VCID-nubu-f1sc-gbes
13
vulnerability VCID-t1n7-eswt-73gw
14
vulnerability VCID-taj6-zj2n-5kg8
15
vulnerability VCID-ve7g-8st5-wffb
16
vulnerability VCID-vyvy-y3cw-hbgr
17
vulnerability VCID-w13x-3rp9-wyej
18
vulnerability VCID-xy6y-312d-rygj
19
vulnerability VCID-zdq2-dhb2-6kaq
20
vulnerability VCID-zn99-ywte-33g6
21
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.32
2
url pkg:composer/typo3/cms-core@11.5.16
purl pkg:composer/typo3/cms-core@11.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-65ue-7jd9-23gf
3
vulnerability VCID-8d2m-1ffv-jqe1
4
vulnerability VCID-8sdd-b1bn-cuhx
5
vulnerability VCID-axvk-13qf-tka7
6
vulnerability VCID-g4uc-qeb6-myed
7
vulnerability VCID-gv1b-xtv4-4yg3
8
vulnerability VCID-gyyu-n3b1-zbcj
9
vulnerability VCID-h6y3-7gsq-skh2
10
vulnerability VCID-mud2-s4rc-fuf6
11
vulnerability VCID-n7ng-zkkb-2qaz
12
vulnerability VCID-nubu-f1sc-gbes
13
vulnerability VCID-t1n7-eswt-73gw
14
vulnerability VCID-taj6-zj2n-5kg8
15
vulnerability VCID-ve7g-8st5-wffb
16
vulnerability VCID-vyvy-y3cw-hbgr
17
vulnerability VCID-w13x-3rp9-wyej
18
vulnerability VCID-xy6y-312d-rygj
19
vulnerability VCID-zdq2-dhb2-6kaq
20
vulnerability VCID-zn99-ywte-33g6
21
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.16
aliases CVE-2022-36107, GHSA-9c6w-55cp-5w25
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5paq-5frf-43ed
1
url VCID-b6er-h7dm-3bev
vulnerability_id VCID-b6er-h7dm-3bev
summary 
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.7)

### Problem
Due to a parsing issue in upstream package [`masterminds/html5`](https://packagist.org/packages/masterminds/html5), malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows to by-pass the cross-site scripting mechanism of [`typo3/html-sanitizer`](https://github.com/TYPO3/html-sanitizer).

### Solution
Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above.

### Credits
Thanks to David Klein who reported this issue, and to TYPO3 security team member Oliver Hader who fixed the issue.

### References
* [TYPO3-CORE-SA-2022-011](https://typo3.org/security/advisory/typo3-core-sa-2022-011)
* [GHSA-47m6-46mj-p235](https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-47m6-46mj-p235)
references
0
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
1
reference_url https://github.com/TYPO3/typo3/commit/d4f260570abd934fcf3819370a135bef33d729b7
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/d4f260570abd934fcf3819370a135bef33d729b7
2
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-gqqf-g5r7-84vf
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-gqqf-g5r7-84vf
3
reference_url https://github.com/advisories/GHSA-gqqf-g5r7-84vf
reference_id GHSA-gqqf-g5r7-84vf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gqqf-g5r7-84vf
fixed_packages
0
url pkg:composer/typo3/cms-core@9.5.37
purl pkg:composer/typo3/cms-core@9.5.37
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.37
1
url pkg:composer/typo3/cms-core@10.4.32
purl pkg:composer/typo3/cms-core@10.4.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-65ue-7jd9-23gf
3
vulnerability VCID-8d2m-1ffv-jqe1
4
vulnerability VCID-8sdd-b1bn-cuhx
5
vulnerability VCID-axvk-13qf-tka7
6
vulnerability VCID-g4uc-qeb6-myed
7
vulnerability VCID-gv1b-xtv4-4yg3
8
vulnerability VCID-gyyu-n3b1-zbcj
9
vulnerability VCID-h6y3-7gsq-skh2
10
vulnerability VCID-mud2-s4rc-fuf6
11
vulnerability VCID-n7ng-zkkb-2qaz
12
vulnerability VCID-nubu-f1sc-gbes
13
vulnerability VCID-t1n7-eswt-73gw
14
vulnerability VCID-taj6-zj2n-5kg8
15
vulnerability VCID-ve7g-8st5-wffb
16
vulnerability VCID-vyvy-y3cw-hbgr
17
vulnerability VCID-w13x-3rp9-wyej
18
vulnerability VCID-xy6y-312d-rygj
19
vulnerability VCID-zdq2-dhb2-6kaq
20
vulnerability VCID-zn99-ywte-33g6
21
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.32
2
url pkg:composer/typo3/cms-core@11.5.16
purl pkg:composer/typo3/cms-core@11.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-65ue-7jd9-23gf
3
vulnerability VCID-8d2m-1ffv-jqe1
4
vulnerability VCID-8sdd-b1bn-cuhx
5
vulnerability VCID-axvk-13qf-tka7
6
vulnerability VCID-g4uc-qeb6-myed
7
vulnerability VCID-gv1b-xtv4-4yg3
8
vulnerability VCID-gyyu-n3b1-zbcj
9
vulnerability VCID-h6y3-7gsq-skh2
10
vulnerability VCID-mud2-s4rc-fuf6
11
vulnerability VCID-n7ng-zkkb-2qaz
12
vulnerability VCID-nubu-f1sc-gbes
13
vulnerability VCID-t1n7-eswt-73gw
14
vulnerability VCID-taj6-zj2n-5kg8
15
vulnerability VCID-ve7g-8st5-wffb
16
vulnerability VCID-vyvy-y3cw-hbgr
17
vulnerability VCID-w13x-3rp9-wyej
18
vulnerability VCID-xy6y-312d-rygj
19
vulnerability VCID-zdq2-dhb2-6kaq
20
vulnerability VCID-zn99-ywte-33g6
21
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.16
aliases GHSA-gqqf-g5r7-84vf, GMS-2022-4096
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b6er-h7dm-3bev
2
url VCID-mnz3-rj21-67ad
vulnerability_id VCID-mnz3-rj21-67ad
summary 
TYPO3 CMS vulnerable to User Enumeration via Response Timing
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C` (4.9)

### Problem
It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts.

Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take.

### Solution
Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above.

### Credits
Thanks to Vautia who reported this issue and to TYPO3 core & security team members Oliver Hader who fixed the issue.

### References
* [TYPO3-CORE-SA-2022-007](https://typo3.org/security/advisory/typo3-core-sa-2022-007)
* [Vulnerability Report on huntr.dev](https://huntr.dev/bounties/7d519735-2877-4fad-bd77-accde3e290a7/) (embargoed +30 days)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36105
reference_id
reference_type
scores
0
value 0.00283
scoring_system epss
scoring_elements 0.51649
published_at 2026-04-02T12:55:00Z
1
value 0.00283
scoring_system epss
scoring_elements 0.51712
published_at 2026-04-12T12:55:00Z
2
value 0.00283
scoring_system epss
scoring_elements 0.51734
published_at 2026-04-11T12:55:00Z
3
value 0.00283
scoring_system epss
scoring_elements 0.51685
published_at 2026-04-09T12:55:00Z
4
value 0.00283
scoring_system epss
scoring_elements 0.51689
published_at 2026-04-08T12:55:00Z
5
value 0.00283
scoring_system epss
scoring_elements 0.51634
published_at 2026-04-07T12:55:00Z
6
value 0.00283
scoring_system epss
scoring_elements 0.51674
published_at 2026-04-04T12:55:00Z
7
value 0.00283
scoring_system epss
scoring_elements 0.51723
published_at 2026-04-21T12:55:00Z
8
value 0.00283
scoring_system epss
scoring_elements 0.51744
published_at 2026-04-18T12:55:00Z
9
value 0.00283
scoring_system epss
scoring_elements 0.51737
published_at 2026-04-16T12:55:00Z
10
value 0.00283
scoring_system epss
scoring_elements 0.51696
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36105
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36105.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36105.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36105.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36105.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/f0fc9c4cd7c38207c30dd158de53ee5d9d6f41a2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/f0fc9c4cd7c38207c30dd158de53ee5d9d6f41a2
5
reference_url https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:34Z/
url https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6
6
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:34Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36105
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36105
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-007
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:34Z/
url https://typo3.org/security/advisory/typo3-core-sa-2022-007
9
reference_url https://github.com/advisories/GHSA-m392-235j-9r7r
reference_id GHSA-m392-235j-9r7r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m392-235j-9r7r
fixed_packages
0
url pkg:composer/typo3/cms-core@9.5.37
purl pkg:composer/typo3/cms-core@9.5.37
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.37
1
url pkg:composer/typo3/cms-core@10.4.32
purl pkg:composer/typo3/cms-core@10.4.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-65ue-7jd9-23gf
3
vulnerability VCID-8d2m-1ffv-jqe1
4
vulnerability VCID-8sdd-b1bn-cuhx
5
vulnerability VCID-axvk-13qf-tka7
6
vulnerability VCID-g4uc-qeb6-myed
7
vulnerability VCID-gv1b-xtv4-4yg3
8
vulnerability VCID-gyyu-n3b1-zbcj
9
vulnerability VCID-h6y3-7gsq-skh2
10
vulnerability VCID-mud2-s4rc-fuf6
11
vulnerability VCID-n7ng-zkkb-2qaz
12
vulnerability VCID-nubu-f1sc-gbes
13
vulnerability VCID-t1n7-eswt-73gw
14
vulnerability VCID-taj6-zj2n-5kg8
15
vulnerability VCID-ve7g-8st5-wffb
16
vulnerability VCID-vyvy-y3cw-hbgr
17
vulnerability VCID-w13x-3rp9-wyej
18
vulnerability VCID-xy6y-312d-rygj
19
vulnerability VCID-zdq2-dhb2-6kaq
20
vulnerability VCID-zn99-ywte-33g6
21
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.32
2
url pkg:composer/typo3/cms-core@11.5.16
purl pkg:composer/typo3/cms-core@11.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-65ue-7jd9-23gf
3
vulnerability VCID-8d2m-1ffv-jqe1
4
vulnerability VCID-8sdd-b1bn-cuhx
5
vulnerability VCID-axvk-13qf-tka7
6
vulnerability VCID-g4uc-qeb6-myed
7
vulnerability VCID-gv1b-xtv4-4yg3
8
vulnerability VCID-gyyu-n3b1-zbcj
9
vulnerability VCID-h6y3-7gsq-skh2
10
vulnerability VCID-mud2-s4rc-fuf6
11
vulnerability VCID-n7ng-zkkb-2qaz
12
vulnerability VCID-nubu-f1sc-gbes
13
vulnerability VCID-t1n7-eswt-73gw
14
vulnerability VCID-taj6-zj2n-5kg8
15
vulnerability VCID-ve7g-8st5-wffb
16
vulnerability VCID-vyvy-y3cw-hbgr
17
vulnerability VCID-w13x-3rp9-wyej
18
vulnerability VCID-xy6y-312d-rygj
19
vulnerability VCID-zdq2-dhb2-6kaq
20
vulnerability VCID-zn99-ywte-33g6
21
vulnerability VCID-zwgt-rm1f-6bf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.16
aliases CVE-2022-36105, GHSA-m392-235j-9r7r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mnz3-rj21-67ad
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.36