Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/typo3/cms-core@9.5.47
Typecomposer
Namespacetypo3
Namecms-core
Version9.5.47
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version12.4.41
Latest_non_vulnerable_version14.0.2
Affected_by_vulnerabilities
0
url VCID-8d2m-1ffv-jqe1
vulnerability_id VCID-8d2m-1ffv-jqe1
summary 
TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module
### Problem
The form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to the form module.

### Solution
Update to TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 that fix the problem described.

### Credits
Thanks to TYPO3 core & security team member Benjamin Franzke who reported and fixed the issue.

### References
* [TYPO3-CORE-SA-2024-008](https://typo3.org/security/advisory/typo3-core-sa-2024-008)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34356
reference_id
reference_type
scores
0
value 0.00634
scoring_system epss
scoring_elements 0.70321
published_at 2026-04-02T12:55:00Z
1
value 0.00634
scoring_system epss
scoring_elements 0.70315
published_at 2026-04-07T12:55:00Z
2
value 0.00634
scoring_system epss
scoring_elements 0.70337
published_at 2026-04-04T12:55:00Z
3
value 0.00634
scoring_system epss
scoring_elements 0.70402
published_at 2026-04-21T12:55:00Z
4
value 0.00634
scoring_system epss
scoring_elements 0.70421
published_at 2026-04-18T12:55:00Z
5
value 0.00634
scoring_system epss
scoring_elements 0.70412
published_at 2026-04-16T12:55:00Z
6
value 0.00634
scoring_system epss
scoring_elements 0.70369
published_at 2026-04-13T12:55:00Z
7
value 0.00634
scoring_system epss
scoring_elements 0.70383
published_at 2026-04-12T12:55:00Z
8
value 0.00634
scoring_system epss
scoring_elements 0.70399
published_at 2026-04-11T12:55:00Z
9
value 0.00634
scoring_system epss
scoring_elements 0.70375
published_at 2026-04-09T12:55:00Z
10
value 0.00634
scoring_system epss
scoring_elements 0.7036
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34356
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/2832e2f51f929aeddb5de7d667538a33ceda8156
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-14T15:21:11Z/
url https://github.com/TYPO3/typo3/commit/2832e2f51f929aeddb5de7d667538a33ceda8156
3
reference_url https://github.com/TYPO3/typo3/commit/d0393a879a32fb4e3569acad6bdb5cda776be1e5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-14T15:21:11Z/
url https://github.com/TYPO3/typo3/commit/d0393a879a32fb4e3569acad6bdb5cda776be1e5
4
reference_url https://github.com/TYPO3/typo3/commit/e95a1224719efafb9cab2d85964f240fd0356e64
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-14T15:21:11Z/
url https://github.com/TYPO3/typo3/commit/e95a1224719efafb9cab2d85964f240fd0356e64
5
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-v6mw-h7w6-59w3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-14T15:21:11Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-v6mw-h7w6-59w3
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34356
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34356
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2024-008
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-14T15:21:11Z/
url https://typo3.org/security/advisory/typo3-core-sa-2024-008
8
reference_url https://github.com/advisories/GHSA-v6mw-h7w6-59w3
reference_id GHSA-v6mw-h7w6-59w3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v6mw-h7w6-59w3
fixed_packages
0
url pkg:composer/typo3/cms-core@9.5.48
purl pkg:composer/typo3/cms-core@9.5.48
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xy6y-312d-rygj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.48
1
url pkg:composer/typo3/cms-core@10.4.45
purl pkg:composer/typo3/cms-core@10.4.45
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.45
2
url pkg:composer/typo3/cms-core@11.5.37
purl pkg:composer/typo3/cms-core@11.5.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-65ue-7jd9-23gf
3
vulnerability VCID-gyyu-n3b1-zbcj
4
vulnerability VCID-nubu-f1sc-gbes
5
vulnerability VCID-xy6y-312d-rygj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.37
3
url pkg:composer/typo3/cms-core@12.4.15
purl pkg:composer/typo3/cms-core@12.4.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-65ue-7jd9-23gf
3
vulnerability VCID-gyyu-n3b1-zbcj
4
vulnerability VCID-jxw7-skw6-q7bg
5
vulnerability VCID-nubu-f1sc-gbes
6
vulnerability VCID-xy6y-312d-rygj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.15
4
url pkg:composer/typo3/cms-core@13.1.1
purl pkg:composer/typo3/cms-core@13.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-65ue-7jd9-23gf
3
vulnerability VCID-gyyu-n3b1-zbcj
4
vulnerability VCID-jxw7-skw6-q7bg
5
vulnerability VCID-nubu-f1sc-gbes
6
vulnerability VCID-xy6y-312d-rygj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.1.1
aliases CVE-2024-34356, GHSA-v6mw-h7w6-59w3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8d2m-1ffv-jqe1
1
url VCID-mud2-s4rc-fuf6
vulnerability_id VCID-mud2-s4rc-fuf6
summary 
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController
### Problem
The `ShowImageController` (_eID tx_cms_showpic_) lacks a cryptographic HMAC-signature on the `frame` HTTP query parameter (e.g. `/index.php?eID=tx_cms_showpic?file=3&...&frame=12345`).
This allows adversaries to instruct the system to produce an arbitrary number of thumbnail images on the server side.

### Solution
Update to TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 that fix the problem described.

#### ℹī¸ **Strong security defaults - Manual actions required**

The `frame` HTTP query parameter is now ignored, since it could not be used by core APIs.

The new feature flag `security.frontend.allowInsecureFrameOptionInShowImageController` – which is disabled per default – can be used to reactivate the previous behavior.

### Credits
Thanks to TYPO3 security team member Torben Hansen who reported this issue and to TYPO3 core & security team members Benjamin Mack and Benjamin Franzke who fixed the issue.

### References
* [TYPO3-CORE-SA-2024-010](https://typo3.org/security/advisory/typo3-core-sa-2024-010)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34358
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.15666
published_at 2026-04-02T12:55:00Z
1
value 0.0005
scoring_system epss
scoring_elements 0.15532
published_at 2026-04-21T12:55:00Z
2
value 0.0005
scoring_system epss
scoring_elements 0.15479
published_at 2026-04-18T12:55:00Z
3
value 0.0005
scoring_system epss
scoring_elements 0.15471
published_at 2026-04-16T12:55:00Z
4
value 0.0005
scoring_system epss
scoring_elements 0.15545
published_at 2026-04-13T12:55:00Z
5
value 0.0005
scoring_system epss
scoring_elements 0.15608
published_at 2026-04-12T12:55:00Z
6
value 0.0005
scoring_system epss
scoring_elements 0.15643
published_at 2026-04-11T12:55:00Z
7
value 0.0005
scoring_system epss
scoring_elements 0.15676
published_at 2026-04-09T12:55:00Z
8
value 0.0005
scoring_system epss
scoring_elements 0.15619
published_at 2026-04-08T12:55:00Z
9
value 0.0005
scoring_system epss
scoring_elements 0.15533
published_at 2026-04-07T12:55:00Z
10
value 0.0005
scoring_system epss
scoring_elements 0.1573
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34358
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/05c95fed869a1a6dcca06c7077b83b6ea866ff14
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:43:40Z/
url https://github.com/TYPO3/typo3/commit/05c95fed869a1a6dcca06c7077b83b6ea866ff14
3
reference_url https://github.com/TYPO3/typo3/commit/1e70ebf736935413b0531004839362b4fb0755a5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:43:40Z/
url https://github.com/TYPO3/typo3/commit/1e70ebf736935413b0531004839362b4fb0755a5
4
reference_url https://github.com/TYPO3/typo3/commit/df7909b6a1cf0f12a42994d0cc3376b607746142
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:43:40Z/
url https://github.com/TYPO3/typo3/commit/df7909b6a1cf0f12a42994d0cc3376b607746142
5
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-36g8-62qv-5957
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:43:40Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-36g8-62qv-5957
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34358
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34358
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2024-010
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:43:40Z/
url https://typo3.org/security/advisory/typo3-core-sa-2024-010
8
reference_url https://github.com/advisories/GHSA-36g8-62qv-5957
reference_id GHSA-36g8-62qv-5957
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-36g8-62qv-5957
fixed_packages
0
url pkg:composer/typo3/cms-core@9.5.48
purl pkg:composer/typo3/cms-core@9.5.48
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xy6y-312d-rygj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.48
1
url pkg:composer/typo3/cms-core@10.4.45
purl pkg:composer/typo3/cms-core@10.4.45
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.45
2
url pkg:composer/typo3/cms-core@11.5.37
purl pkg:composer/typo3/cms-core@11.5.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-65ue-7jd9-23gf
3
vulnerability VCID-gyyu-n3b1-zbcj
4
vulnerability VCID-nubu-f1sc-gbes
5
vulnerability VCID-xy6y-312d-rygj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.37
3
url pkg:composer/typo3/cms-core@12.4.15
purl pkg:composer/typo3/cms-core@12.4.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-65ue-7jd9-23gf
3
vulnerability VCID-gyyu-n3b1-zbcj
4
vulnerability VCID-jxw7-skw6-q7bg
5
vulnerability VCID-nubu-f1sc-gbes
6
vulnerability VCID-xy6y-312d-rygj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.15
4
url pkg:composer/typo3/cms-core@13.1.1
purl pkg:composer/typo3/cms-core@13.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-65ue-7jd9-23gf
3
vulnerability VCID-gyyu-n3b1-zbcj
4
vulnerability VCID-jxw7-skw6-q7bg
5
vulnerability VCID-nubu-f1sc-gbes
6
vulnerability VCID-xy6y-312d-rygj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.1.1
aliases CVE-2024-34358, GHSA-36g8-62qv-5957
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mud2-s4rc-fuf6
2
url VCID-zwgt-rm1f-6bf2
vulnerability_id VCID-zwgt-rm1f-6bf2
summary 
TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController
### Problem
Failing to properly encode user-controlled values in file entities, the `ShowImageController` (_eID tx_cms_showpic_) is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to file entities.

### Solution
Update to TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 that fix the problem described.

### Credits
Thanks to TYPO3 security team member Torben Hansen who reported this issue and to TYPO3 core & security team member Oliver Hader who fixed the issue.

### References
* [TYPO3-CORE-SA-2024-009](https://typo3.org/security/advisory/typo3-core-sa-2024-009)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34357
reference_id
reference_type
scores
0
value 0.00634
scoring_system epss
scoring_elements 0.70321
published_at 2026-04-02T12:55:00Z
1
value 0.00634
scoring_system epss
scoring_elements 0.70315
published_at 2026-04-07T12:55:00Z
2
value 0.00634
scoring_system epss
scoring_elements 0.70337
published_at 2026-04-04T12:55:00Z
3
value 0.00634
scoring_system epss
scoring_elements 0.70402
published_at 2026-04-21T12:55:00Z
4
value 0.00634
scoring_system epss
scoring_elements 0.70421
published_at 2026-04-18T12:55:00Z
5
value 0.00634
scoring_system epss
scoring_elements 0.70412
published_at 2026-04-16T12:55:00Z
6
value 0.00634
scoring_system epss
scoring_elements 0.70369
published_at 2026-04-13T12:55:00Z
7
value 0.00634
scoring_system epss
scoring_elements 0.70383
published_at 2026-04-12T12:55:00Z
8
value 0.00634
scoring_system epss
scoring_elements 0.70399
published_at 2026-04-11T12:55:00Z
9
value 0.00634
scoring_system epss
scoring_elements 0.70375
published_at 2026-04-09T12:55:00Z
10
value 0.00634
scoring_system epss
scoring_elements 0.7036
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34357
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/376474904f6b9a54dc1b785a2e45277cbd13b0d7
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:47:12Z/
url https://github.com/TYPO3/typo3/commit/376474904f6b9a54dc1b785a2e45277cbd13b0d7
3
reference_url https://github.com/TYPO3/typo3/commit/b31d05d1da3eeaeead2d19eb43b1c3f9c88e15ee
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:47:12Z/
url https://github.com/TYPO3/typo3/commit/b31d05d1da3eeaeead2d19eb43b1c3f9c88e15ee
4
reference_url https://github.com/TYPO3/typo3/commit/d774642381354d3bf5095a5a26e18acd2767f0b1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:47:12Z/
url https://github.com/TYPO3/typo3/commit/d774642381354d3bf5095a5a26e18acd2767f0b1
5
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-hw6c-6gwq-3m3m
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:47:12Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-hw6c-6gwq-3m3m
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34357
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34357
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2024-009
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:47:12Z/
url https://typo3.org/security/advisory/typo3-core-sa-2024-009
8
reference_url https://github.com/advisories/GHSA-hw6c-6gwq-3m3m
reference_id GHSA-hw6c-6gwq-3m3m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hw6c-6gwq-3m3m
fixed_packages
0
url pkg:composer/typo3/cms-core@9.5.48
purl pkg:composer/typo3/cms-core@9.5.48
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xy6y-312d-rygj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.48
1
url pkg:composer/typo3/cms-core@10.4.45
purl pkg:composer/typo3/cms-core@10.4.45
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.45
2
url pkg:composer/typo3/cms-core@11.5.37
purl pkg:composer/typo3/cms-core@11.5.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-65ue-7jd9-23gf
3
vulnerability VCID-gyyu-n3b1-zbcj
4
vulnerability VCID-nubu-f1sc-gbes
5
vulnerability VCID-xy6y-312d-rygj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.37
3
url pkg:composer/typo3/cms-core@12.4.15
purl pkg:composer/typo3/cms-core@12.4.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-65ue-7jd9-23gf
3
vulnerability VCID-gyyu-n3b1-zbcj
4
vulnerability VCID-jxw7-skw6-q7bg
5
vulnerability VCID-nubu-f1sc-gbes
6
vulnerability VCID-xy6y-312d-rygj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.15
4
url pkg:composer/typo3/cms-core@13.1.1
purl pkg:composer/typo3/cms-core@13.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9g-c5rn-ukgb
1
vulnerability VCID-4t9s-p25a-cfas
2
vulnerability VCID-65ue-7jd9-23gf
3
vulnerability VCID-gyyu-n3b1-zbcj
4
vulnerability VCID-jxw7-skw6-q7bg
5
vulnerability VCID-nubu-f1sc-gbes
6
vulnerability VCID-xy6y-312d-rygj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.1.1
aliases CVE-2024-34357, GHSA-hw6c-6gwq-3m3m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zwgt-rm1f-6bf2
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.47