Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/28906?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/28906?format=api", "purl": "pkg:composer/typo3/cms-core@9.5.45", "type": "composer", "namespace": "typo3", "name": "cms-core", "version": "9.5.45", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "10.4.57", "latest_non_vulnerable_version": "14.3.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32222?format=api", "vulnerability_id": "VCID-g6wm-gjsy-7fdt", "summary": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25120", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40538", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.4073", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40706", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25120" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/2de87ff113ba24333ab7cbb8078588743f8958d6", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/2de87ff113ba24333ab7cbb8078588743f8958d6" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/33f4d279b82bca0a509227a17065244c6156e68f", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/33f4d279b82bca0a509227a17065244c6156e68f" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/ae0dfc4c058a90c10eedb3f49cfaf33164d21cdd", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/ae0dfc4c058a90c10eedb3f49cfaf33164d21cdd" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25120", "reference_id": "CVE-2024-25120", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25120" }, { "reference_url": "https://github.com/advisories/GHSA-wf85-8hx9-gj7c", "reference_id": "GHSA-wf85-8hx9-gj7c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wf85-8hx9-gj7c" }, { "reference_url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c", "reference_id": "GHSA-wf85-8hx9-gj7c", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-14T15:55:10Z/" } ], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2024-005", "reference_id": "typo3-core-sa-2024-005", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-14T15:55:10Z/" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2024-005" }, { "reference_url": "https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references", "reference_id": "Typolink.html#resource-references", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-14T15:55:10Z/" } ], "url": "https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28907?format=api", "purl": "pkg:composer/typo3/cms-core@9.5.46", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.46" }, { "url": "http://public2.vulnerablecode.io/api/packages/28909?format=api", "purl": "pkg:composer/typo3/cms-core@10.4.43", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.43" }, { "url": "http://public2.vulnerablecode.io/api/packages/28905?format=api", "purl": "pkg:composer/typo3/cms-core@11.5.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4hp8-5qeb-wyam" }, { "vulnerability": "VCID-9f74-pxxq-3qea" }, { "vulnerability": "VCID-9fu7-2brx-j3az" }, { "vulnerability": "VCID-9mh5-8n3y-93c8" }, { "vulnerability": "VCID-arjb-mbgt-97dh" }, { "vulnerability": "VCID-qnk5-9jfz-5bhh" }, { "vulnerability": "VCID-rxu6-ccns-m3fk" }, { "vulnerability": "VCID-u1bz-wj83-nbbt" }, { "vulnerability": "VCID-x2ne-qxnz-rkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.35" }, { "url": "http://public2.vulnerablecode.io/api/packages/28901?format=api", "purl": "pkg:composer/typo3/cms-core@12.4.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4hp8-5qeb-wyam" }, { "vulnerability": "VCID-9f74-pxxq-3qea" }, { "vulnerability": "VCID-9fu7-2brx-j3az" }, { "vulnerability": "VCID-9mh5-8n3y-93c8" }, { "vulnerability": "VCID-ant9-spg8-1ug5" }, { "vulnerability": "VCID-arjb-mbgt-97dh" }, { "vulnerability": "VCID-qnk5-9jfz-5bhh" }, { "vulnerability": "VCID-rxu6-ccns-m3fk" }, { "vulnerability": "VCID-u1bz-wj83-nbbt" }, { "vulnerability": "VCID-x2ne-qxnz-rkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/28911?format=api", "purl": "pkg:composer/typo3/cms-core@13.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4hp8-5qeb-wyam" }, { "vulnerability": "VCID-9f74-pxxq-3qea" }, { "vulnerability": "VCID-9fu7-2brx-j3az" }, { "vulnerability": "VCID-9mh5-8n3y-93c8" }, { "vulnerability": "VCID-ant9-spg8-1ug5" }, { "vulnerability": "VCID-arjb-mbgt-97dh" }, { "vulnerability": "VCID-fn5d-fhbq-yyhv" }, { "vulnerability": "VCID-qnk5-9jfz-5bhh" }, { "vulnerability": "VCID-rxu6-ccns-m3fk" }, { "vulnerability": "VCID-u1bz-wj83-nbbt" }, { "vulnerability": "VCID-x2ne-qxnz-rkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.0.1" } ], "aliases": [ "CVE-2024-25120", "GHSA-wf85-8hx9-gj7c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g6wm-gjsy-7fdt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32182?format=api", "vulnerability_id": "VCID-sq7n-ehxa-rbb9", "summary": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25118", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66765", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66871", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66857", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25118" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/1186b2fec8a665a8f228ed66e6d60abf8407c17b", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/1186b2fec8a665a8f228ed66e6d60abf8407c17b" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/c7a135c25a14b852eebe4335f21ba3c606188f3a", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/c7a135c25a14b852eebe4335f21ba3c606188f3a" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/cafc5af7fdce7734e6c8f9ecf2efd17b246fc049", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/cafc5af7fdce7734e6c8f9ecf2efd17b246fc049" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25118", "reference_id": "CVE-2024-25118", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25118" }, { "reference_url": "https://github.com/advisories/GHSA-38r2-5695-334w", "reference_id": "GHSA-38r2-5695-334w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-38r2-5695-334w" }, { "reference_url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-38r2-5695-334w", "reference_id": "GHSA-38r2-5695-334w", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T17:58:02Z/" } ], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-38r2-5695-334w" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2024-003", "reference_id": "typo3-core-sa-2024-003", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T17:58:02Z/" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2024-003" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28907?format=api", "purl": "pkg:composer/typo3/cms-core@9.5.46", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.46" }, { "url": "http://public2.vulnerablecode.io/api/packages/28909?format=api", "purl": "pkg:composer/typo3/cms-core@10.4.43", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.43" }, { "url": "http://public2.vulnerablecode.io/api/packages/28905?format=api", "purl": "pkg:composer/typo3/cms-core@11.5.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4hp8-5qeb-wyam" }, { "vulnerability": "VCID-9f74-pxxq-3qea" }, { "vulnerability": "VCID-9fu7-2brx-j3az" }, { "vulnerability": "VCID-9mh5-8n3y-93c8" }, { "vulnerability": "VCID-arjb-mbgt-97dh" }, { "vulnerability": "VCID-qnk5-9jfz-5bhh" }, { "vulnerability": "VCID-rxu6-ccns-m3fk" }, { "vulnerability": "VCID-u1bz-wj83-nbbt" }, { "vulnerability": "VCID-x2ne-qxnz-rkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.35" }, { "url": "http://public2.vulnerablecode.io/api/packages/28901?format=api", "purl": "pkg:composer/typo3/cms-core@12.4.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4hp8-5qeb-wyam" }, { "vulnerability": "VCID-9f74-pxxq-3qea" }, { "vulnerability": "VCID-9fu7-2brx-j3az" }, { "vulnerability": "VCID-9mh5-8n3y-93c8" }, { "vulnerability": "VCID-ant9-spg8-1ug5" }, { "vulnerability": "VCID-arjb-mbgt-97dh" }, { "vulnerability": "VCID-qnk5-9jfz-5bhh" }, { "vulnerability": "VCID-rxu6-ccns-m3fk" }, { "vulnerability": "VCID-u1bz-wj83-nbbt" }, { "vulnerability": "VCID-x2ne-qxnz-rkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/28911?format=api", "purl": "pkg:composer/typo3/cms-core@13.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4hp8-5qeb-wyam" }, { "vulnerability": "VCID-9f74-pxxq-3qea" }, { "vulnerability": "VCID-9fu7-2brx-j3az" }, { "vulnerability": "VCID-9mh5-8n3y-93c8" }, { "vulnerability": "VCID-ant9-spg8-1ug5" }, { "vulnerability": "VCID-arjb-mbgt-97dh" }, { "vulnerability": "VCID-fn5d-fhbq-yyhv" }, { "vulnerability": "VCID-qnk5-9jfz-5bhh" }, { "vulnerability": "VCID-rxu6-ccns-m3fk" }, { "vulnerability": "VCID-u1bz-wj83-nbbt" }, { "vulnerability": "VCID-x2ne-qxnz-rkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.0.1" } ], "aliases": [ "CVE-2024-25118", "GHSA-38r2-5695-334w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sq7n-ehxa-rbb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211701?format=api", "vulnerability_id": "VCID-stvv-ndwu-nqer", "summary": "Path Traversal in TYPO3 File Abstraction Layer Storages", "references": [ { "reference_url": "http://packetstormsecurity.com/files/176274/TYPO3-11.5.24-Path-Traversal.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/176274/TYPO3-11.5.24-Path-Traversal.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30451", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.61333", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.61445", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.61437", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30451" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/205115cca3d67594a12d0195c937da0e51eb494a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/205115cca3d67594a12d0195c937da0e51eb494a" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/78fb9287a2f0487c39288070cb0493a5265f1789", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/78fb9287a2f0487c39288070cb0493a5265f1789" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/accf537c7379b4359bc0f957c4d0c07baddd710a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/accf537c7379b4359bc0f957c4d0c07baddd710a" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2024-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2024-001" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30451", "reference_id": "CVE-2023-30451", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30451" }, { "reference_url": "https://github.com/advisories/GHSA-w6x2-jg8h-p6mp", "reference_id": "GHSA-w6x2-jg8h-p6mp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w6x2-jg8h-p6mp" }, { "reference_url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-w6x2-jg8h-p6mp", "reference_id": "GHSA-w6x2-jg8h-p6mp", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-w6x2-jg8h-p6mp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28907?format=api", "purl": "pkg:composer/typo3/cms-core@9.5.46", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.46" }, { "url": "http://public2.vulnerablecode.io/api/packages/28909?format=api", "purl": "pkg:composer/typo3/cms-core@10.4.43", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.43" }, { "url": "http://public2.vulnerablecode.io/api/packages/28905?format=api", "purl": "pkg:composer/typo3/cms-core@11.5.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4hp8-5qeb-wyam" }, { "vulnerability": "VCID-9f74-pxxq-3qea" }, { "vulnerability": "VCID-9fu7-2brx-j3az" }, { "vulnerability": "VCID-9mh5-8n3y-93c8" }, { "vulnerability": "VCID-arjb-mbgt-97dh" }, { "vulnerability": "VCID-qnk5-9jfz-5bhh" }, { "vulnerability": "VCID-rxu6-ccns-m3fk" }, { "vulnerability": "VCID-u1bz-wj83-nbbt" }, { "vulnerability": "VCID-x2ne-qxnz-rkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.35" }, { "url": "http://public2.vulnerablecode.io/api/packages/28901?format=api", "purl": "pkg:composer/typo3/cms-core@12.4.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4hp8-5qeb-wyam" }, { "vulnerability": "VCID-9f74-pxxq-3qea" }, { "vulnerability": "VCID-9fu7-2brx-j3az" }, { "vulnerability": "VCID-9mh5-8n3y-93c8" }, { "vulnerability": "VCID-ant9-spg8-1ug5" }, { "vulnerability": "VCID-arjb-mbgt-97dh" }, { "vulnerability": "VCID-qnk5-9jfz-5bhh" }, { "vulnerability": "VCID-rxu6-ccns-m3fk" }, { "vulnerability": "VCID-u1bz-wj83-nbbt" }, { "vulnerability": "VCID-x2ne-qxnz-rkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/28911?format=api", "purl": "pkg:composer/typo3/cms-core@13.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4hp8-5qeb-wyam" }, { "vulnerability": "VCID-9f74-pxxq-3qea" }, { "vulnerability": "VCID-9fu7-2brx-j3az" }, { "vulnerability": "VCID-9mh5-8n3y-93c8" }, { "vulnerability": "VCID-ant9-spg8-1ug5" }, { "vulnerability": "VCID-arjb-mbgt-97dh" }, { "vulnerability": "VCID-fn5d-fhbq-yyhv" }, { "vulnerability": "VCID-qnk5-9jfz-5bhh" }, { "vulnerability": "VCID-rxu6-ccns-m3fk" }, { "vulnerability": "VCID-u1bz-wj83-nbbt" }, { "vulnerability": "VCID-x2ne-qxnz-rkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.0.1" } ], "aliases": [ "CVE-2023-30451", "GHSA-w6x2-jg8h-p6mp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-stvv-ndwu-nqer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32481?format=api", "vulnerability_id": "VCID-vc1g-tqkt-w7gt", "summary": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage (\"zero-storage\") is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root directory. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 version 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, or 13.0.1 which fix the problem described. When persisting entities of the File Abstraction Layer directly via DataHandler, `sys_file` entities are now denied by default, and `sys_file_reference` & `sys_file_metadata` entities are not permitted to reference files in the fallback storage anymore. When importing data from secure origins, this must be explicitly enabled in the corresponding DataHandler instance by using `$dataHandler->isImporting = true;`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25121", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53693", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53836", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53819", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25121" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/38f0bf9a61e10365be26eb75bc23a81184dbed07", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/38f0bf9a61e10365be26eb75bc23a81184dbed07" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/71e652bf84b16fd3592205f61f36750ab03db74c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/71e652bf84b16fd3592205f61f36750ab03db74c" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/b47b6ddf5a5f3f852c6e43f837360780c12e3c47", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/b47b6ddf5a5f3f852c6e43f837360780c12e3c47" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25121", "reference_id": "CVE-2024-25121", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25121" }, { "reference_url": "https://github.com/advisories/GHSA-rj3x-wvc6-5j66", "reference_id": "GHSA-rj3x-wvc6-5j66", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rj3x-wvc6-5j66" }, { "reference_url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66", "reference_id": "GHSA-rj3x-wvc6-5j66", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:07:53Z/" } ], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2024-006", "reference_id": "typo3-core-sa-2024-006", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:07:53Z/" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2024-006" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28907?format=api", "purl": "pkg:composer/typo3/cms-core@9.5.46", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.46" }, { "url": "http://public2.vulnerablecode.io/api/packages/28909?format=api", "purl": "pkg:composer/typo3/cms-core@10.4.43", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.43" }, { "url": "http://public2.vulnerablecode.io/api/packages/28905?format=api", "purl": "pkg:composer/typo3/cms-core@11.5.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4hp8-5qeb-wyam" }, { "vulnerability": "VCID-9f74-pxxq-3qea" }, { "vulnerability": "VCID-9fu7-2brx-j3az" }, { "vulnerability": "VCID-9mh5-8n3y-93c8" }, { "vulnerability": "VCID-arjb-mbgt-97dh" }, { "vulnerability": "VCID-qnk5-9jfz-5bhh" }, { "vulnerability": "VCID-rxu6-ccns-m3fk" }, { "vulnerability": "VCID-u1bz-wj83-nbbt" }, { "vulnerability": "VCID-x2ne-qxnz-rkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.35" }, { "url": "http://public2.vulnerablecode.io/api/packages/28901?format=api", "purl": "pkg:composer/typo3/cms-core@12.4.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4hp8-5qeb-wyam" }, { "vulnerability": "VCID-9f74-pxxq-3qea" }, { "vulnerability": "VCID-9fu7-2brx-j3az" }, { "vulnerability": "VCID-9mh5-8n3y-93c8" }, { "vulnerability": "VCID-ant9-spg8-1ug5" }, { "vulnerability": "VCID-arjb-mbgt-97dh" }, { "vulnerability": "VCID-qnk5-9jfz-5bhh" }, { "vulnerability": "VCID-rxu6-ccns-m3fk" }, { "vulnerability": "VCID-u1bz-wj83-nbbt" }, { "vulnerability": "VCID-x2ne-qxnz-rkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/28911?format=api", "purl": "pkg:composer/typo3/cms-core@13.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4hp8-5qeb-wyam" }, { "vulnerability": "VCID-9f74-pxxq-3qea" }, { "vulnerability": "VCID-9fu7-2brx-j3az" }, { "vulnerability": "VCID-9mh5-8n3y-93c8" }, { "vulnerability": "VCID-ant9-spg8-1ug5" }, { "vulnerability": "VCID-arjb-mbgt-97dh" }, { "vulnerability": "VCID-fn5d-fhbq-yyhv" }, { "vulnerability": "VCID-qnk5-9jfz-5bhh" }, { "vulnerability": "VCID-rxu6-ccns-m3fk" }, { "vulnerability": "VCID-u1bz-wj83-nbbt" }, { "vulnerability": "VCID-x2ne-qxnz-rkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.0.1" } ], "aliases": [ "CVE-2024-25121", "GHSA-rj3x-wvc6-5j66" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vc1g-tqkt-w7gt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62027?format=api", "vulnerability_id": "VCID-ve54-aaqx-xkck", "summary": "TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22188", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00687", "scoring_system": "epss", "scoring_elements": "0.72301", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00687", "scoring_system": "epss", "scoring_elements": "0.72288", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00687", "scoring_system": "epss", "scoring_elements": "0.72205", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22188" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/47e897f8c7668ef299ecc9ce93f52cafbb3497ed", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/47e897f8c7668ef299ecc9ce93f52cafbb3497ed" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/6cc11761b8e2434fa4ccc9f096c65ca82569cfdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/6cc11761b8e2434fa4ccc9f096c65ca82569cfdf" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/84e07e35b880a544b517868432c56987d05d46d4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/84e07e35b880a544b517868432c56987d05d46d4" }, { "reference_url": "https://typo3.org/security/advisory/typo3-psa-2020-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-psa-2020-002" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22188", "reference_id": "CVE-2024-22188", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22188" }, { "reference_url": "https://github.com/advisories/GHSA-5w2h-59j3-8x5w", "reference_id": "GHSA-5w2h-59j3-8x5w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5w2h-59j3-8x5w" }, { "reference_url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w", "reference_id": "GHSA-5w2h-59j3-8x5w", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-05T16:17:44Z/" } ], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2024-002", "reference_id": "typo3-core-sa-2024-002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-05T16:17:44Z/" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2024-002" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28907?format=api", "purl": "pkg:composer/typo3/cms-core@9.5.46", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.46" }, { "url": "http://public2.vulnerablecode.io/api/packages/28909?format=api", "purl": "pkg:composer/typo3/cms-core@10.4.43", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.43" }, { "url": "http://public2.vulnerablecode.io/api/packages/28905?format=api", "purl": "pkg:composer/typo3/cms-core@11.5.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4hp8-5qeb-wyam" }, { "vulnerability": "VCID-9f74-pxxq-3qea" }, { "vulnerability": "VCID-9fu7-2brx-j3az" }, { "vulnerability": "VCID-9mh5-8n3y-93c8" }, { "vulnerability": "VCID-arjb-mbgt-97dh" }, { "vulnerability": "VCID-qnk5-9jfz-5bhh" }, { "vulnerability": "VCID-rxu6-ccns-m3fk" }, { "vulnerability": "VCID-u1bz-wj83-nbbt" }, { "vulnerability": "VCID-x2ne-qxnz-rkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.35" }, { "url": "http://public2.vulnerablecode.io/api/packages/28901?format=api", "purl": "pkg:composer/typo3/cms-core@12.4.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4hp8-5qeb-wyam" }, { "vulnerability": "VCID-9f74-pxxq-3qea" }, { "vulnerability": "VCID-9fu7-2brx-j3az" }, { "vulnerability": "VCID-9mh5-8n3y-93c8" }, { "vulnerability": "VCID-ant9-spg8-1ug5" }, { "vulnerability": "VCID-arjb-mbgt-97dh" }, { "vulnerability": "VCID-qnk5-9jfz-5bhh" }, { "vulnerability": "VCID-rxu6-ccns-m3fk" }, { "vulnerability": "VCID-u1bz-wj83-nbbt" }, { "vulnerability": "VCID-x2ne-qxnz-rkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/28911?format=api", "purl": "pkg:composer/typo3/cms-core@13.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4hp8-5qeb-wyam" }, { "vulnerability": "VCID-9f74-pxxq-3qea" }, { "vulnerability": "VCID-9fu7-2brx-j3az" }, { "vulnerability": "VCID-9mh5-8n3y-93c8" }, { "vulnerability": "VCID-ant9-spg8-1ug5" }, { "vulnerability": "VCID-arjb-mbgt-97dh" }, { "vulnerability": "VCID-fn5d-fhbq-yyhv" }, { "vulnerability": "VCID-qnk5-9jfz-5bhh" }, { "vulnerability": "VCID-rxu6-ccns-m3fk" }, { "vulnerability": "VCID-u1bz-wj83-nbbt" }, { "vulnerability": "VCID-x2ne-qxnz-rkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.0.1" } ], "aliases": [ "CVE-2024-22188", "GHSA-5w2h-59j3-8x5w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ve54-aaqx-xkck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32516?format=api", "vulnerability_id": "VCID-xbzy-s3xw-y7ey", "summary": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of `$GLOBALS['SYS']['encryptionKey']` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25119", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52898", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.53042", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.53027", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25119" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/14d101359c71ee963cf51ad0c8ae777b7b9ec9a1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/14d101359c71ee963cf51ad0c8ae777b7b9ec9a1" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/df486372ea56fac241d3c96ad43a7729fee64557", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/df486372ea56fac241d3c96ad43a7729fee64557" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/fa12667c046342ebfd9b159c646aeafdbc52fcfd", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/fa12667c046342ebfd9b159c646aeafdbc52fcfd" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25119", "reference_id": "CVE-2024-25119", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25119" }, { "reference_url": "https://github.com/advisories/GHSA-h47m-3f78-qp9g", "reference_id": "GHSA-h47m-3f78-qp9g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h47m-3f78-qp9g" }, { "reference_url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-h47m-3f78-qp9g", "reference_id": "GHSA-h47m-3f78-qp9g", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-14T15:01:19Z/" } ], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-h47m-3f78-qp9g" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2024-004", "reference_id": "typo3-core-sa-2024-004", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-14T15:01:19Z/" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2024-004" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28907?format=api", "purl": "pkg:composer/typo3/cms-core@9.5.46", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.46" }, { "url": "http://public2.vulnerablecode.io/api/packages/28909?format=api", "purl": "pkg:composer/typo3/cms-core@10.4.43", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.43" }, { "url": "http://public2.vulnerablecode.io/api/packages/28905?format=api", "purl": "pkg:composer/typo3/cms-core@11.5.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4hp8-5qeb-wyam" }, { "vulnerability": "VCID-9f74-pxxq-3qea" }, { "vulnerability": "VCID-9fu7-2brx-j3az" }, { "vulnerability": "VCID-9mh5-8n3y-93c8" }, { "vulnerability": "VCID-arjb-mbgt-97dh" }, { "vulnerability": "VCID-qnk5-9jfz-5bhh" }, { "vulnerability": "VCID-rxu6-ccns-m3fk" }, { "vulnerability": "VCID-u1bz-wj83-nbbt" }, { "vulnerability": "VCID-x2ne-qxnz-rkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.35" }, { "url": "http://public2.vulnerablecode.io/api/packages/28901?format=api", "purl": "pkg:composer/typo3/cms-core@12.4.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4hp8-5qeb-wyam" }, { "vulnerability": "VCID-9f74-pxxq-3qea" }, { "vulnerability": "VCID-9fu7-2brx-j3az" }, { "vulnerability": "VCID-9mh5-8n3y-93c8" }, { "vulnerability": "VCID-ant9-spg8-1ug5" }, { "vulnerability": "VCID-arjb-mbgt-97dh" }, { "vulnerability": "VCID-qnk5-9jfz-5bhh" }, { "vulnerability": "VCID-rxu6-ccns-m3fk" }, { "vulnerability": "VCID-u1bz-wj83-nbbt" }, { "vulnerability": "VCID-x2ne-qxnz-rkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/28911?format=api", "purl": "pkg:composer/typo3/cms-core@13.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4hp8-5qeb-wyam" }, { "vulnerability": "VCID-9f74-pxxq-3qea" }, { "vulnerability": "VCID-9fu7-2brx-j3az" }, { "vulnerability": "VCID-9mh5-8n3y-93c8" }, { "vulnerability": "VCID-ant9-spg8-1ug5" }, { "vulnerability": "VCID-arjb-mbgt-97dh" }, { "vulnerability": "VCID-fn5d-fhbq-yyhv" }, { "vulnerability": "VCID-qnk5-9jfz-5bhh" }, { "vulnerability": "VCID-rxu6-ccns-m3fk" }, { "vulnerability": "VCID-u1bz-wj83-nbbt" }, { "vulnerability": "VCID-x2ne-qxnz-rkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.0.1" } ], "aliases": [ "CVE-2024-25119", "GHSA-h47m-3f78-qp9g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xbzy-s3xw-y7ey" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.45" }