Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/typo3/neos@1.2.6

Type composer

Namespace typo3

Name neos

Version 1.2.6

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.2.13

Latest_non_vulnerable_version 4.3.3

Affected_by_vulnerabilities

url VCID-eyk1-hqju-cfc2

vulnerability_id VCID-eyk1-hqju-cfc2

summary

XSS Vulnerabilities
Neos is vulnerable to several XSS attacks. Through these vulnerabilities, an attacker could tamper with page rendering, redirect victims to a fake login page, or capture user credentials (such as cookies). With the potential backdoor upload an attacker could gain access to the server itself, to an extent mainly limited by the server setup.

references

reference_url	https://www.neos.io/news/neos-sa-2015-002.html
reference_id
reference_type
scores
url	https://www.neos.io/news/neos-sa-2015-002.html

fixed_packages

url	pkg:composer/typo3/neos@1.2.13
purl	pkg:composer/typo3/neos@1.2.13
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@1.2.13

url	pkg:composer/typo3/neos@2.0.0-RC1
purl	pkg:composer/typo3/neos@2.0.0-RC1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@2.0.0-RC1

url	pkg:composer/typo3/neos@2.0.4
purl	pkg:composer/typo3/neos@2.0.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@2.0.4

url	pkg:composer/typo3/neos@2.3.3
purl	pkg:composer/typo3/neos@2.3.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@2.3.3

aliases GMS-2015-46

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eyk1-hqju-cfc2

url VCID-kftp-w8kn-9ybx

vulnerability_id VCID-kftp-w8kn-9ybx

summary

Cross-site Scripting
XSS vulnerabilities in Neos.

references

reference_url	https://www.neos.io/news/neos-sa-2015-002.html
reference_id
reference_type
scores
url	https://www.neos.io/news/neos-sa-2015-002.html

fixed_packages

url	pkg:composer/typo3/neos@1.2.13
purl	pkg:composer/typo3/neos@1.2.13
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@1.2.13

url	pkg:composer/typo3/neos@2.0.0-RC1
purl	pkg:composer/typo3/neos@2.0.0-RC1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@2.0.0-RC1

url	pkg:composer/typo3/neos@2.0.4
purl	pkg:composer/typo3/neos@2.0.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@2.0.4

url	pkg:composer/typo3/neos@2.3.3
purl	pkg:composer/typo3/neos@2.3.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@2.3.3

aliases GMS-2015-94

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kftp-w8kn-9ybx

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@1.2.6

Package Instance