Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/52097?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/52097?format=api", "purl": "pkg:composer/typo3/cms@7.0.0", "type": "composer", "namespace": "typo3", "name": "cms", "version": "7.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "7.0.2", "latest_non_vulnerable_version": "12.2.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37870?format=api", "vulnerability_id": "VCID-1u4r-r97q-3yfk", "summary": "Information Disclosure possibility exploitable by Editors.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-005/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52314?format=api", "purl": "pkg:composer/typo3/cms@7.3.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.0" } ], "aliases": [ "GMS-2015-83" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1u4r-r97q-3yfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55270?format=api", "vulnerability_id": "VCID-28fn-ncj5-2ufk", "summary": "TYPO3 Cross-Site Scripting in Online Media Asset Rendering\nFailing to properly encode user input, online media asset rendering (`*.youtube` and `*.vimeo` files) is vulnerable to cross-site scripting. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-1.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-1.yaml" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/20927adfb8aae0093508c904937e40114b92a90c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/20927adfb8aae0093508c904937e40114b92a90c" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/a32a9a746f807b14571139f0cb7caa00b8d037a5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/a32a9a746f807b14571139f0cb7caa00b8d037a5" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/c9174937802581bfecfaa788512a4f6e5cf8e9c7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/c9174937802581bfecfaa788512a4f6e5cf8e9c7" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-006" }, { "reference_url": "https://github.com/advisories/GHSA-8m6j-p5jv-v69w", "reference_id": "GHSA-8m6j-p5jv-v69w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8m6j-p5jv-v69w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57123?format=api", "purl": "pkg:composer/typo3/cms@7.6.32", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/57073?format=api", "purl": "pkg:composer/typo3/cms@8.7.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/57074?format=api", "purl": "pkg:composer/typo3/cms@9.5.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2" } ], "aliases": [ "GHSA-8m6j-p5jv-v69w" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-28fn-ncj5-2ufk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41293?format=api", "vulnerability_id": "VCID-2rhr-8vaz-hqfj", "summary": "Cross-site Scripting\nTYPO3 is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag & attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2021-013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2021-013" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32768", "reference_id": "CVE-2021-32768", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32768" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58647?format=api", "purl": "pkg:composer/typo3/cms@9.5.29", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/58648?format=api", "purl": "pkg:composer/typo3/cms@10.4.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/58649?format=api", "purl": "pkg:composer/typo3/cms@11.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.3.2" } ], "aliases": [ "CVE-2021-32768", "GHSA-c5c9-8c6m-727v" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2rhr-8vaz-hqfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40509?format=api", "vulnerability_id": "VCID-3ugj-6m1e-e3hr", "summary": "Cross-site Scripting\nCross-Site Scripting in Online Media Asset Rendering.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-006/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-006/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57123?format=api", "purl": "pkg:composer/typo3/cms@7.6.32", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/57073?format=api", "purl": "pkg:composer/typo3/cms@8.7.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/57074?format=api", "purl": "pkg:composer/typo3/cms@9.5.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2" } ], "aliases": [ "GMS-2018-97" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ugj-6m1e-e3hr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43514?format=api", "vulnerability_id": "VCID-5ru2-1n1f-afa4", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.", "references": [ { "reference_url": "http://flash.flowplayer.org/documentation/version-history.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://flash.flowplayer.org/documentation/version-history.html" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43344", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43344" }, { "reference_url": "http://openwall.com/lists/oss-security/2014/03/17/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2014/03/17/1" }, { "reference_url": "https://github.com/flowplayer/flash/issues/121", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/flowplayer/flash/issues/121" }, { "reference_url": "https://github.com/moodle/moodle/commit/98d135fea3006334093efa822205d4b2c3fd8ff9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/98d135fea3006334093efa822205d4b2c3fd8ff9" }, { "reference_url": "https://github.com/moodle/moodle/commit/9f2967e301d123d11625f3b6948e1ee538086791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/9f2967e301d123d11625f3b6948e1ee538086791" }, { "reference_url": "https://github.com/moodle/moodle/commit/c3cd5e1db9de4f1a634492d99990534e30518066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/c3cd5e1db9de4f1a634492d99990534e30518066" }, { "reference_url": "https://github.com/moodle/moodle/commit/d65634044ebaa738f55bdec521beb42844d6916a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/d65634044ebaa738f55bdec521beb42844d6916a" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=256420", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=256420" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2015-007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2015-007" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7341", "reference_id": "CVE-2013-7341", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7341" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2013-7341.yaml", "reference_id": "CVE-2013-7341.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2013-7341.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-j6c3-3c4w-qv8p", "reference_id": "GHSA-j6c3-3c4w-qv8p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j6c3-3c4w-qv8p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62760?format=api", "purl": "pkg:composer/typo3/cms@7.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.1" } ], "aliases": [ "CVE-2013-7341", "GHSA-j6c3-3c4w-qv8p" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ru2-1n1f-afa4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55208?format=api", "vulnerability_id": "VCID-66kh-c1dm-8fbf", "summary": "Authentication Bypass in TYPO3 CMS\nIt has been discovered that TYPO3’s Salted Password system extension (which is a mandatory system component) is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing algorithm can be overridden when using MD5 as the default hashing algorithm by just knowing a valid username. Per default the Portable PHP hashing algorithm (PHPass) is used which is not vulnerable.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-07-12-1.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-07-12-1.yaml" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-001" }, { "reference_url": "https://github.com/advisories/GHSA-6f9m-v7mp-7jjq", "reference_id": "GHSA-6f9m-v7mp-7jjq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6f9m-v7mp-7jjq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56093?format=api", "purl": "pkg:composer/typo3/cms@7.6.30", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/56094?format=api", "purl": "pkg:composer/typo3/cms@8.7.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/56095?format=api", "purl": "pkg:composer/typo3/cms@9.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2" } ], "aliases": [ "GHSA-6f9m-v7mp-7jjq" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-66kh-c1dm-8fbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37782?format=api", "vulnerability_id": "VCID-6u6t-uy5y-5fd6", "summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')\nPossible cache poisining on the homepage when anchors are used.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52099?format=api", "purl": "pkg:composer/typo3/cms@7.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.0.2" } ], "aliases": [ "GMS-2014-49" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6u6t-uy5y-5fd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37876?format=api", "vulnerability_id": "VCID-7n9x-c9gs-9yb3", "summary": "Cross-site Scripting\nCross-Site Scripting in 3rd party library Flowplayer.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-007/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52314?format=api", "purl": "pkg:composer/typo3/cms@7.3.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.0" } ], "aliases": [ "GMS-2015-85" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7n9x-c9gs-9yb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40505?format=api", "vulnerability_id": "VCID-953t-q1cr-zyd6", "summary": "Cross-site Scripting\nCross-Site Scripting in Backend Modal Component.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-007/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57123?format=api", "purl": "pkg:composer/typo3/cms@7.6.32", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/57073?format=api", "purl": "pkg:composer/typo3/cms@8.7.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/57074?format=api", "purl": "pkg:composer/typo3/cms@9.5.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2" } ], "aliases": [ "GMS-2018-98" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-953t-q1cr-zyd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55110?format=api", "vulnerability_id": "VCID-9899-uxyb-73gg", "summary": "TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts\nIt has been discovered, that editors with access to file meta data table could change, create or delete metadata of files which are not within their file mounts.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-1.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-1.yaml" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/0decbf83c531cab77497429eb2edecf9a1038b25", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/0decbf83c531cab77497429eb2edecf9a1038b25" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/bff9fa5945801d1d2c641ddc8eb86c6647549d80", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/bff9fa5945801d1d2c641ddc8eb86c6647549d80" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2015-002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2015-002" }, { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-002" }, { "reference_url": "https://github.com/advisories/GHSA-4r76-xr68-w7m7", "reference_id": "GHSA-4r76-xr68-w7m7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4r76-xr68-w7m7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62760?format=api", "purl": "pkg:composer/typo3/cms@7.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.1" } ], "aliases": [ "GHSA-4r76-xr68-w7m7" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9899-uxyb-73gg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40086?format=api", "vulnerability_id": "VCID-abjx-8v46-d7d8", "summary": "Improper Authentication\nAuthentication Bypass in TYPO3 CMS.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-001/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56093?format=api", "purl": "pkg:composer/typo3/cms@7.6.30", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/56094?format=api", "purl": "pkg:composer/typo3/cms@8.7.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/56095?format=api", "purl": "pkg:composer/typo3/cms@9.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2" } ], "aliases": [ "GMS-2018-93" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-abjx-8v46-d7d8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37985?format=api", "vulnerability_id": "VCID-ansr-8m5j-pya6", "summary": "Cross-site Scripting\nMultiple Cross-Site Scripting vulnerabilities in TYPO3 backend.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52451?format=api", "purl": "pkg:composer/typo3/cms@7.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1" } ], "aliases": [ "GMS-2015-87" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ansr-8m5j-pya6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37919?format=api", "vulnerability_id": "VCID-c57c-akce-xufq", "summary": "Cross-Site Scripting Vulnerability\nIt has been discovered, that it is possible to forge a link to a backend module, which contains a JavaScript payload. This JavaScript is executed, if an authenticated editor with access to the module follows the link that, is tricked to click on a certain HTML target. Because TYPO3 include a secret token unknown to an attacker in every URL, an exploit would not be feasible for these versions.", "references": [ { "reference_url": "https://review.typo3.org/#/c/43122/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.typo3.org/#/c/43122/" }, { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52367?format=api", "purl": "pkg:composer/typo3/cms@7.4.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.4.0" } ], "aliases": [ "CVE-2015-5956" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c57c-akce-xufq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55101?format=api", "vulnerability_id": "VCID-cgqm-1wwf-kbg6", "summary": "TYPO3 frontend login vulnerable to Session Fixation\nIt has been discovered that TYPO3 is susceptible to session fixation. If a user authenticates while anonymous session data is present, the session id is not changed. This makes it possible for attackers to generate a valid session id, trick users into using this session id (e.g. by leveraging a different Cross-Site Scripting vulnerability) and then maybe getting access to an authenticated session.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-2.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-2.yaml" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/4c9aba94a930d56ab374693c9c5cc0458587278a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/4c9aba94a930d56ab374693c9c5cc0458587278a" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/4f6e84bba3c13ea8b2652af1a4c47758aa0705f4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/4f6e84bba3c13ea8b2652af1a4c47758aa0705f4" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2015-003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2015-003" }, { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-003" }, { "reference_url": "https://github.com/advisories/GHSA-r9vc-jfmh-6j48", "reference_id": "GHSA-r9vc-jfmh-6j48", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r9vc-jfmh-6j48" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62760?format=api", "purl": "pkg:composer/typo3/cms@7.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.1" } ], "aliases": [ "GHSA-r9vc-jfmh-6j48" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cgqm-1wwf-kbg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40497?format=api", "vulnerability_id": "VCID-dsqm-9q3e-dudw", "summary": "Uncontrolled Resource Consumption\nDenial of Service in Online Media Asset Handling.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-011/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-011/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57123?format=api", "purl": "pkg:composer/typo3/cms@7.6.32", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/57073?format=api", "purl": "pkg:composer/typo3/cms@8.7.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/57074?format=api", "purl": "pkg:composer/typo3/cms@9.5.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2" } ], "aliases": [ "GMS-2018-102" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dsqm-9q3e-dudw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37871?format=api", "vulnerability_id": "VCID-dwjk-7sqh-hqa8", "summary": "Frontend login Session Fixation.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-003/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52314?format=api", "purl": "pkg:composer/typo3/cms@7.3.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.0" } ], "aliases": [ "GMS-2015-81" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dwjk-7sqh-hqa8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55098?format=api", "vulnerability_id": "VCID-dyhd-5p1e-fya6", "summary": "TYPO3 Brute Force Protection Bypass in backend login\nThe backend login has a basic brute force protection implementation which pauses for 5 seconds if wrong credentials are given. This pause however could be bypassed by forging a special request, making brute force attacks on backend editor credentials more feasible.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-5.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-5.yaml" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/0b67290bbd941c07b0101bbfd6c7aadcbb93c75c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/0b67290bbd941c07b0101bbfd6c7aadcbb93c75c" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/0f3fb37674688aba5a44ca6f5df7f8a327a5b5f6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/0f3fb37674688aba5a44ca6f5df7f8a327a5b5f6" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2015-006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2015-006" }, { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-006" }, { "reference_url": "https://github.com/advisories/GHSA-jqr8-q455-xx45", "reference_id": "GHSA-jqr8-q455-xx45", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jqr8-q455-xx45" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62760?format=api", "purl": "pkg:composer/typo3/cms@7.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.1" } ], "aliases": [ "GHSA-jqr8-q455-xx45" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dyhd-5p1e-fya6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37909?format=api", "vulnerability_id": "VCID-e1gr-txgg-fqa6", "summary": "Information Exposure\nFrontend: Unauthenticated Path Disclosure.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-008/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-008/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52314?format=api", "purl": "pkg:composer/typo3/cms@7.3.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.0" } ], "aliases": [ "GMS-2015-86" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e1gr-txgg-fqa6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55168?format=api", "vulnerability_id": "VCID-e1ms-4r4s-g7e7", "summary": "TYPO3 Multiple Cross-Site Scripting vulnerabilities in frontend\nFailing to properly encode editor input, several frontend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-12-15-3.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-12-15-3.yaml" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2015-013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2015-013" }, { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013" }, { "reference_url": "https://github.com/advisories/GHSA-6fc6-cj2j-h22x", "reference_id": "GHSA-6fc6-cj2j-h22x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6fc6-cj2j-h22x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52451?format=api", "purl": "pkg:composer/typo3/cms@7.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1" } ], "aliases": [ "GHSA-6fc6-cj2j-h22x" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e1ms-4r4s-g7e7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55120?format=api", "vulnerability_id": "VCID-e2bk-pfbe-puek", "summary": "Duplicate Advisory: TYPO3 Cross-Site Scripting vulnerability in typolinks\n## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-j5v7-9xr5-m7gx. This link is maintained to preserve external references.\n\n## Original Description\n\nAll link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert javascript commands by using the url scheme `javascript:`.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-12-15-2.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-12-15-2.yaml" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/25a1473907f0f4b2bb0147c661981940c57a4555", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/25a1473907f0f4b2bb0147c661981940c57a4555" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/de1755a6dcff9b037c6d5a1fa340ba100aff054a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/de1755a6dcff9b037c6d5a1fa340ba100aff054a" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2015-012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2015-012" }, { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012" }, { "reference_url": "https://github.com/advisories/GHSA-75mx-chcf-2q32", "reference_id": "GHSA-75mx-chcf-2q32", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-75mx-chcf-2q32" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52451?format=api", "purl": "pkg:composer/typo3/cms@7.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1" } ], "aliases": [ "GHSA-75mx-chcf-2q32" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e2bk-pfbe-puek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37968?format=api", "vulnerability_id": "VCID-e82x-2cdb-7fgn", "summary": "Cross-site Scripting\nCross-Site Scripting vulnerability in typolinks.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52451?format=api", "purl": "pkg:composer/typo3/cms@7.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1" } ], "aliases": [ "GMS-2015-88" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e82x-2cdb-7fgn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37875?format=api", "vulnerability_id": "VCID-ec17-eauu-67d3", "summary": "Improper Restriction of Excessive Authentication Attempts\nBrute Force Protection Bypass in backend login.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-006/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-006/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52314?format=api", "purl": "pkg:composer/typo3/cms@7.3.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.0" } ], "aliases": [ "GMS-2015-84" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ec17-eauu-67d3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54233?format=api", "vulnerability_id": "VCID-ev4k-5k1d-2bhu", "summary": "URL Redirection to Untrusted Site (Open Redirect)\nLogin Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2021-001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2021-001" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21338", "reference_id": "CVE-2021-21338", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21338" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80033?format=api", "purl": "pkg:composer/typo3/cms@10.4.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/80034?format=api", "purl": "pkg:composer/typo3/cms@11.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/80032?format=api", "purl": "pkg:composer/typo3/cms@9.5.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/58449?format=api", "purl": "pkg:composer/typo3/cms@7.6.51", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uq77-aax5-k7d8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.51" }, { "url": "http://public2.vulnerablecode.io/api/packages/58450?format=api", "purl": "pkg:composer/typo3/cms@8.7.40", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-uq77-aax5-k7d8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.40" } ], "aliases": [ "CVE-2021-21338", "GHSA-4jhw-2p6j-5wmp" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ev4k-5k1d-2bhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40504?format=api", "vulnerability_id": "VCID-fdnw-2tz5-4fdr", "summary": "Uncontrolled Resource Consumption\nDenial of Service in Frontend Record Registration.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-012/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-012/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57123?format=api", "purl": "pkg:composer/typo3/cms@7.6.32", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/57073?format=api", "purl": "pkg:composer/typo3/cms@8.7.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21" } ], "aliases": [ "GMS-2018-103" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fdnw-2tz5-4fdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54220?format=api", "vulnerability_id": "VCID-fqkx-v8t5-q3h6", "summary": "Cleartext Storage of Sensitive Information\nUser session identifiers are stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - for example SQL injection in any other component of the system.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2021-006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2021-006" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21339", "reference_id": "CVE-2021-21339", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21339" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80033?format=api", "purl": "pkg:composer/typo3/cms@10.4.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/80034?format=api", "purl": "pkg:composer/typo3/cms@11.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/80032?format=api", "purl": "pkg:composer/typo3/cms@9.5.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/58449?format=api", "purl": "pkg:composer/typo3/cms@7.6.51", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uq77-aax5-k7d8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.51" }, { "url": "http://public2.vulnerablecode.io/api/packages/58450?format=api", "purl": "pkg:composer/typo3/cms@8.7.40", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-uq77-aax5-k7d8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.40" } ], "aliases": [ "CVE-2021-21339", "GHSA-qx3w-4864-94ch" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fqkx-v8t5-q3h6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55267?format=api", "vulnerability_id": "VCID-gpv4-4tpd-tbaa", "summary": "TYPO3 Cross-Site Scripting in Frontend User Login\nFailing to properly encode user input, login status display is vulnerable to cross-site scripting in the website frontend. A valid user account is needed in order to exploit this vulnerability - either a backend user or a frontend user having the possibility to modify their user profile.\n\nTemplate patterns that are affected are\n\n- ###FEUSER_[fieldName]### using system extension felogin\n- <!--###USERNAME###--> for regular frontend rendering (pattern can be defined individually using TypoScript setting config.USERNAME_substToken)", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-3.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-3.yaml" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/1c85fe70269e2ff8ecf0b6d5f16550c6cd0ddc78", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/1c85fe70269e2ff8ecf0b6d5f16550c6cd0ddc78" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/373bec5d7d415f0764ebbadc7970610dc26da068", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/373bec5d7d415f0764ebbadc7970610dc26da068" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/e4143195e1451630f058a58ab62d92135948a927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/e4143195e1451630f058a58ab62d92135948a927" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-008" }, { "reference_url": "https://github.com/advisories/GHSA-2rcw-9hrm-8q7q", "reference_id": "GHSA-2rcw-9hrm-8q7q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2rcw-9hrm-8q7q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57123?format=api", "purl": "pkg:composer/typo3/cms@7.6.32", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/57073?format=api", "purl": "pkg:composer/typo3/cms@8.7.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/57074?format=api", "purl": "pkg:composer/typo3/cms@9.5.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2" } ], "aliases": [ "GHSA-2rcw-9hrm-8q7q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gpv4-4tpd-tbaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40507?format=api", "vulnerability_id": "VCID-hp99-ncuh-6ugv", "summary": "Cross-site Scripting\nCross-Site Scripting in Frontend User Login.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-008/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-008/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57123?format=api", "purl": "pkg:composer/typo3/cms@7.6.32", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/57073?format=api", "purl": "pkg:composer/typo3/cms@8.7.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/57074?format=api", "purl": "pkg:composer/typo3/cms@9.5.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2" } ], "aliases": [ "GMS-2018-99" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hp99-ncuh-6ugv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55299?format=api", "vulnerability_id": "VCID-hyx9-8ae6-sba8", "summary": "TYPO3 Denial of Service in Frontend Record Registration\nTYPO3’s built-in record registration functionality (aka `basic shopping cart`) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual session-data records in the database.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-7.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-7.yaml" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/05011d1248c54d00960e344fd920a6246da92415", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/05011d1248c54d00960e344fd920a6246da92415" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/fc2b4b9fb978088267f83e73cd401d4371dd40e3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/fc2b4b9fb978088267f83e73cd401d4371dd40e3" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-012" }, { "reference_url": "https://github.com/advisories/GHSA-g585-crjf-vhwq", "reference_id": "GHSA-g585-crjf-vhwq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g585-crjf-vhwq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57123?format=api", "purl": "pkg:composer/typo3/cms@7.6.32", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/57073?format=api", "purl": "pkg:composer/typo3/cms@8.7.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21" } ], "aliases": [ "GHSA-g585-crjf-vhwq" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hyx9-8ae6-sba8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37908?format=api", "vulnerability_id": "VCID-j6x1-dfre-2bdq", "summary": "Unauthenticated Path Disclosure\nIt has been discovered, that calling a PHP script which is delivered with TYPO3 for testing purposes, discloses the absolute server path to the TYPO3 installation.", "references": [ { "reference_url": "https://review.typo3.org/#/c/43120/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.typo3.org/#/c/43120/" }, { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-008/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-008/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52367?format=api", "purl": "pkg:composer/typo3/cms@7.4.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.4.0" } ], "aliases": [ "GMS-2015-25" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j6x1-dfre-2bdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54221?format=api", "vulnerability_id": "VCID-jp1p-rfxa-hyd9", "summary": "Cross-site Scripting\nContent elements of type `_menu_` are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability.", "references": [ { "reference_url": "https://packagist.org/packages/typo3/cms-backend", "reference_id": "", "reference_type": "", "scores": [], "url": "https://packagist.org/packages/typo3/cms-backend" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2021-008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2021-008" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21370", "reference_id": "CVE-2021-21370", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21370" }, { "reference_url": "https://github.com/advisories/GHSA-x7hc-x7fm-f7qh", "reference_id": "GHSA-x7hc-x7fm-f7qh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x7hc-x7fm-f7qh" }, { "reference_url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh", "reference_id": "GHSA-x7hc-x7fm-f7qh", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80033?format=api", "purl": "pkg:composer/typo3/cms@10.4.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/80034?format=api", "purl": "pkg:composer/typo3/cms@11.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/80032?format=api", "purl": "pkg:composer/typo3/cms@9.5.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/58449?format=api", "purl": "pkg:composer/typo3/cms@7.6.51", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uq77-aax5-k7d8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.51" }, { "url": "http://public2.vulnerablecode.io/api/packages/58450?format=api", "purl": "pkg:composer/typo3/cms@8.7.40", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-uq77-aax5-k7d8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.40" } ], "aliases": [ "CVE-2021-21370", "GHSA-x7hc-x7fm-f7qh" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jp1p-rfxa-hyd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40511?format=api", "vulnerability_id": "VCID-jq5y-7h9g-mufa", "summary": "Information Disclosure in Install Tool.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-010/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-010/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57123?format=api", "purl": "pkg:composer/typo3/cms@7.6.32", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/57073?format=api", "purl": "pkg:composer/typo3/cms@8.7.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/57074?format=api", "purl": "pkg:composer/typo3/cms@9.5.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2" } ], "aliases": [ "GMS-2018-101" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jq5y-7h9g-mufa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55273?format=api", "vulnerability_id": "VCID-jwb1-3sbg-kfa5", "summary": "TYPO3 Denial of Service in Online Media Asset Handling\nOnline Media Asset Handling (*`.youtube` and *`.vimeo` files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a dysfunctional backend component. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-6.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-6.yaml" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/054799caf53b28ff92e00aff957fab88c45a7509", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/054799caf53b28ff92e00aff957fab88c45a7509" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/16567366e2a25c0cbed7208c3be9eda962e28c9b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/16567366e2a25c0cbed7208c3be9eda962e28c9b" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/7a5155e0137d01db7e5723849f0493ad5b0c98ac", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/7a5155e0137d01db7e5723849f0493ad5b0c98ac" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-011" }, { "reference_url": "https://github.com/advisories/GHSA-f3wf-q4fj-3gxf", "reference_id": "GHSA-f3wf-q4fj-3gxf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f3wf-q4fj-3gxf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57123?format=api", "purl": "pkg:composer/typo3/cms@7.6.32", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/57073?format=api", "purl": "pkg:composer/typo3/cms@8.7.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/57074?format=api", "purl": "pkg:composer/typo3/cms@9.5.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2" } ], "aliases": [ "GHSA-f3wf-q4fj-3gxf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jwb1-3sbg-kfa5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37783?format=api", "vulnerability_id": "VCID-jx9x-wxwq-5khx", "summary": "URL Redirection to Untrusted Site ('Open Redirect')\nPossible link spoofing on the homepage when anchors are used.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52099?format=api", "purl": "pkg:composer/typo3/cms@7.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.0.2" } ], "aliases": [ "GMS-2014-48" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jx9x-wxwq-5khx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37983?format=api", "vulnerability_id": "VCID-n18b-qe5x-z7cj", "summary": "Cross-Site Scripting vulnerability in typolinks\nAll link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert javascript commands by using the url scheme \"javascript:\".", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52451?format=api", "purl": "pkg:composer/typo3/cms@7.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1" } ], "aliases": [ "TYPO3-CORE-SA-2015-012" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n18b-qe5x-z7cj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40087?format=api", "vulnerability_id": "VCID-njsj-bwjq-fyap", "summary": "Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-002/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56093?format=api", "purl": "pkg:composer/typo3/cms@7.6.30", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/56094?format=api", "purl": "pkg:composer/typo3/cms@8.7.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/56095?format=api", "purl": "pkg:composer/typo3/cms@9.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2" } ], "aliases": [ "GMS-2018-94" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-njsj-bwjq-fyap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52180?format=api", "vulnerability_id": "VCID-nqqc-nkwq-rqhx", "summary": "Cross-site Scripting\n`svg.swf` in TYPO3 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a `contrib/websvg/svg.swf` pathname.", "references": [ { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8091", "reference_id": "CVE-2020-8091", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8091" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76526?format=api", "purl": "pkg:composer/typo3/cms@7.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.2.0" } ], "aliases": [ "CVE-2020-8091" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nqqc-nkwq-rqhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55302?format=api", "vulnerability_id": "VCID-p576-w7dd-p3h7", "summary": "TYPO3 Security Misconfiguration in Install Tool Cookie\nIt has been discovered that cookies created in the Install Tool are not hardened to be submitted only via HTTP. In combination with other vulnerabilities such as cross-site scripting it can lead to hijacking an active and valid session in the Install Tool.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-4.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-4.yaml" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/13328b0f74ac589a20b021db814dfa672581c26a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/13328b0f74ac589a20b021db814dfa672581c26a" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/918e50e4d20d88c7e40ad3bb134267d07706b0b1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/918e50e4d20d88c7e40ad3bb134267d07706b0b1" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/a5359491e3fb3164a6ba96a66c8e67fbb9971a4c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/a5359491e3fb3164a6ba96a66c8e67fbb9971a4c" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-009" }, { "reference_url": "https://github.com/advisories/GHSA-f777-f784-36gm", "reference_id": "GHSA-f777-f784-36gm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f777-f784-36gm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57123?format=api", "purl": "pkg:composer/typo3/cms@7.6.32", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/57073?format=api", "purl": "pkg:composer/typo3/cms@8.7.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/57074?format=api", "purl": "pkg:composer/typo3/cms@9.5.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2" } ], "aliases": [ "GHSA-f777-f784-36gm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p576-w7dd-p3h7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37874?format=api", "vulnerability_id": "VCID-q5f3-nhjn-hyb4", "summary": "Cross-site Scripting\nCross-Site Scripting exploitable by Editors.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-004/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52314?format=api", "purl": "pkg:composer/typo3/cms@7.3.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.0" } ], "aliases": [ "GMS-2015-82" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q5f3-nhjn-hyb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55232?format=api", "vulnerability_id": "VCID-qcnh-z4zh-myaw", "summary": "Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS\nPhar files (formerly known as \"PHP archives\") can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - \"bundle.phar\" would be valid as well as \"bundle.txt\" would be. This way, Phar files can be obfuscated as image or text file which would not be denied from being uploaded and persisted to a TYPO3 installation. Due to a missing sanitization of user input, those Phar files can be invoked by manipulated URLs in TYPO3 backend forms. A valid backend user account is needed to exploit this vulnerability. In theory the attack vector would be possible in the TYPO3 frontend as well, however no functional exploit has been identified so far.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-07-12-2.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-07-12-2.yaml" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-002" }, { "reference_url": "https://github.com/advisories/GHSA-ppgf-8745-8pgx", "reference_id": "GHSA-ppgf-8745-8pgx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ppgf-8745-8pgx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56093?format=api", "purl": "pkg:composer/typo3/cms@7.6.30", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/56094?format=api", "purl": "pkg:composer/typo3/cms@8.7.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/56095?format=api", "purl": "pkg:composer/typo3/cms@9.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2" } ], "aliases": [ "GHSA-ppgf-8745-8pgx" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qcnh-z4zh-myaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55165?format=api", "vulnerability_id": "VCID-qek9-g3h8-nfdz", "summary": "Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend\nFailing to properly encode user input, several backend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-12-15-1.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-12-15-1.yaml" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2015-011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2015-011" }, { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011" }, { "reference_url": "https://github.com/advisories/GHSA-5cxf-xx9j-54jc", "reference_id": "GHSA-5cxf-xx9j-54jc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5cxf-xx9j-54jc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52451?format=api", "purl": "pkg:composer/typo3/cms@7.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1" } ], "aliases": [ "GHSA-5cxf-xx9j-54jc" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qek9-g3h8-nfdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55117?format=api", "vulnerability_id": "VCID-r6hu-hvdh-abb1", "summary": "TYPO3 possible cache poisoning on the homepage when anchors are used\nA request URL with arbitrary arguments, but still pointing to the home page of a TYPO3 installation can be cached if the configuration option config.prefixLocalAnchors is used with the values \"all\" or \"cached\". The impact of this vulnerability is that unfamiliar looking links to the home page can end up in the cache, which leads to a reload of the page in the browser when section links are followed by web page visitors, instead of just directly jumping to the requested section of the page. TYPO3 versions 4.6.x and higher are only affected if the homepage is not a shortcut to a different page.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2014-12-09-2.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2014-12-09-2.yaml" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2014-003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2014-003" }, { "reference_url": "https://github.com/advisories/GHSA-p84g-j2gh-83g3", "reference_id": "GHSA-p84g-j2gh-83g3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p84g-j2gh-83g3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52099?format=api", "purl": "pkg:composer/typo3/cms@7.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.0.2" } ], "aliases": [ "GHSA-p84g-j2gh-83g3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r6hu-hvdh-abb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37872?format=api", "vulnerability_id": "VCID-rae3-cugy-hbh5", "summary": "Improper Access Control\nAccess bypass when editing file metadata.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-002/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52314?format=api", "purl": "pkg:composer/typo3/cms@7.3.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.0" } ], "aliases": [ "GMS-2015-80" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rae3-cugy-hbh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55294?format=api", "vulnerability_id": "VCID-teby-zvvw-zkhv", "summary": "TYPO3 Cross-Site Scripting in Backend Modal Component\nFailing to properly encode user input, notifications shown in modal windows in the TYPO3 backend are vulnerable to cross-site scripting. A valid backend user account is needed in order to exploit this vulnerability.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-2.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-2.yaml" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/02cd5c97228cba477d16c68e28309ce25c433ce9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/02cd5c97228cba477d16c68e28309ce25c433ce9" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/89a38ad0ef9411745954f53f29bea5b8ce81cd32", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/89a38ad0ef9411745954f53f29bea5b8ce81cd32" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/c35646c3f7795a4a7b0046a88f146b490fa4883c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/c35646c3f7795a4a7b0046a88f146b490fa4883c" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-007" }, { "reference_url": "https://github.com/advisories/GHSA-7q33-hxwj-7p8v", "reference_id": "GHSA-7q33-hxwj-7p8v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7q33-hxwj-7p8v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57123?format=api", "purl": "pkg:composer/typo3/cms@7.6.32", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/57073?format=api", "purl": "pkg:composer/typo3/cms@8.7.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/57074?format=api", "purl": "pkg:composer/typo3/cms@9.5.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2" } ], "aliases": [ "GHSA-7q33-hxwj-7p8v" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-teby-zvvw-zkhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37986?format=api", "vulnerability_id": "VCID-u6h1-ccgw-jqds", "summary": "Cross-site Scripting\nMultiple Cross-Site Scripting vulnerabilities in frontend.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52451?format=api", "purl": "pkg:composer/typo3/cms@7.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1" } ], "aliases": [ "GMS-2015-89" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u6h1-ccgw-jqds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37975?format=api", "vulnerability_id": "VCID-ub3e-hrb1-wqac", "summary": "Multiple Cross-Site Scripting vulnerabilities in frontend\nFailing to properly encode editor input, several frontend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52451?format=api", "purl": "pkg:composer/typo3/cms@7.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1" } ], "aliases": [ "TYPO3-CORE-SA-2015-013" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ub3e-hrb1-wqac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41233?format=api", "vulnerability_id": "VCID-uq77-aax5-k7d8", "summary": "Inclusion of Sensitive Information in Log Files\nTYPO3 is an open source PHP based web content management system. User credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 contain a patch for this vulnerability.", "references": [ { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32767", "reference_id": "CVE-2021-32767", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32767" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58456?format=api", "purl": "pkg:composer/typo3/cms@9.5.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rhr-8vaz-hqfj" }, { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.28" }, { "url": "http://public2.vulnerablecode.io/api/packages/58457?format=api", "purl": "pkg:composer/typo3/cms@10.4.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rhr-8vaz-hqfj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/58458?format=api", "purl": "pkg:composer/typo3/cms@11.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rhr-8vaz-hqfj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.3.1" } ], "aliases": [ "CVE-2021-32767", "GHSA-34fr-fhqr-7235" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uq77-aax5-k7d8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55097?format=api", "vulnerability_id": "VCID-w65h-8a9d-ckgj", "summary": "TYPO3 Cross-Site Scripting Vulnerability Exploitable by Editors\nIt has been discovered that link tags generated by typolink functionality in the website's frontend are vulnerable to cross-site scripting - values being assigned to HTML attributes have not been parsed correctly. A valid backend user account is needed to exploit this vulnerability.\n\nAs second and separate vulnerability in the filelist module of the backend user interface has been referenced with this advisory as well. Error messages being shown after using a malicious name for renaming a file are not propery encoded, thus vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-3.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-3.yaml" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/7695d91fca1a96a3a3e7466097ae92c32b1130d8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/7695d91fca1a96a3a3e7466097ae92c32b1130d8" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/d7feb40c8d277c6b6ab3a548313be1e1a2084299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/d7feb40c8d277c6b6ab3a548313be1e1a2084299" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2015-004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2015-004" }, { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-004" }, { "reference_url": "https://github.com/advisories/GHSA-wp8j-c736-c5r3", "reference_id": "GHSA-wp8j-c736-c5r3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wp8j-c736-c5r3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62760?format=api", "purl": "pkg:composer/typo3/cms@7.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.1" } ], "aliases": [ "GHSA-wp8j-c736-c5r3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w65h-8a9d-ckgj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37977?format=api", "vulnerability_id": "VCID-wms8-dnuz-b3hc", "summary": "Multiple Cross-Site Scripting vulnerabilities in backend\nFailing to properly encode user input, several backend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52451?format=api", "purl": "pkg:composer/typo3/cms@7.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1" } ], "aliases": [ "TYPO3-CORE-SA-2015-011" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wms8-dnuz-b3hc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55286?format=api", "vulnerability_id": "VCID-xvyu-2hb8-8ufh", "summary": "TYPO3 Information Disclosure in Install Tool\nThe Install Tool exposes the current TYPO3 version number to non-authenticated users.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-5.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-5.yaml" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/232d0a64282382229c205904173a16a581555fe3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/232d0a64282382229c205904173a16a581555fe3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/b4dd20f31d483f6399e8bcbffcac3e16a2df0d92", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/b4dd20f31d483f6399e8bcbffcac3e16a2df0d92" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/fab0cbc970b709ed65fc4622a2cbd52a197480c4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/fab0cbc970b709ed65fc4622a2cbd52a197480c4" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-010" }, { "reference_url": "https://github.com/advisories/GHSA-6487-3qvg-8px9", "reference_id": "GHSA-6487-3qvg-8px9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6487-3qvg-8px9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57123?format=api", "purl": "pkg:composer/typo3/cms@7.6.32", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/57073?format=api", "purl": "pkg:composer/typo3/cms@8.7.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/57074?format=api", "purl": "pkg:composer/typo3/cms@9.5.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2" } ], "aliases": [ "GHSA-6487-3qvg-8px9" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xvyu-2hb8-8ufh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55102?format=api", "vulnerability_id": "VCID-ys6f-g39p-fkfc", "summary": "TYPO3 Information Disclosure Vulnerability Exploitable by Editors\nIt has been discovered, that editors with access to the file list module could list all files names and folder names in the root directory of a TYPO3 installation. Modification of files, listing further nested directories or retrieving file contents was not possible. A valid backend user account is needed to exploit this vulnerability.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-4.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-4.yaml" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/d9caccb26c954834e7d43fbbe84a3130cc95524a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/d9caccb26c954834e7d43fbbe84a3130cc95524a" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2015-005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2015-005" }, { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-005" }, { "reference_url": "https://github.com/advisories/GHSA-r287-hc8j-w56h", "reference_id": "GHSA-r287-hc8j-w56h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r287-hc8j-w56h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62760?format=api", "purl": "pkg:composer/typo3/cms@7.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.1" } ], "aliases": [ "GHSA-r287-hc8j-w56h" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ys6f-g39p-fkfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40503?format=api", "vulnerability_id": "VCID-yz6t-ge1y-qfgr", "summary": "Security Misconfiguration in Install Tool Cookie.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-009/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-009/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57123?format=api", "purl": "pkg:composer/typo3/cms@7.6.32", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/57073?format=api", "purl": "pkg:composer/typo3/cms@8.7.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/57074?format=api", "purl": "pkg:composer/typo3/cms@9.5.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2" } ], "aliases": [ "GMS-2018-100" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yz6t-ge1y-qfgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55085?format=api", "vulnerability_id": "VCID-zru2-9g25-77dc", "summary": "TYPO3 Frontend vulnerable to Unauthenticated Path Disclosure\nIt has been discovered, that calling a PHP script which is delivered with TYPO3 for testing purposes, discloses the absolute server path to the TYPO3 installation.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-09-08-1.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-09-08-1.yaml" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/ed1e46f89c8e5f699ced245e873d0eff21e5c75e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/ed1e46f89c8e5f699ced245e873d0eff21e5c75e" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2015-008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2015-008" }, { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-008" }, { "reference_url": "https://github.com/advisories/GHSA-pqfv-97hj-g97g", "reference_id": "GHSA-pqfv-97hj-g97g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pqfv-97hj-g97g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52367?format=api", "purl": "pkg:composer/typo3/cms@7.4.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.4.0" } ], "aliases": [ "GHSA-pqfv-97hj-g97g" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zru2-9g25-77dc" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53815?format=api", "vulnerability_id": "VCID-tgyt-axv1-c7ag", "summary": "Cross-site Scripting\nTYPO3 is an open source PHP based web content management system. In TYPO3 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 that fix the problem described.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2020-010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2020-010" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26227", "reference_id": "CVE-2020-26227", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26227" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79197?format=api", "purl": "pkg:composer/typo3/cms@10.4.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/79196?format=api", "purl": "pkg:composer/typo3/cms@9.5.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/52097?format=api", "purl": "pkg:composer/typo3/cms@7.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1u4r-r97q-3yfk" }, { "vulnerability": "VCID-28fn-ncj5-2ufk" }, { "vulnerability": "VCID-2rhr-8vaz-hqfj" }, { "vulnerability": "VCID-3ugj-6m1e-e3hr" }, { "vulnerability": "VCID-5ru2-1n1f-afa4" }, { "vulnerability": "VCID-66kh-c1dm-8fbf" }, { "vulnerability": "VCID-6u6t-uy5y-5fd6" }, { "vulnerability": "VCID-7n9x-c9gs-9yb3" }, { "vulnerability": "VCID-953t-q1cr-zyd6" }, { "vulnerability": "VCID-9899-uxyb-73gg" }, { "vulnerability": "VCID-abjx-8v46-d7d8" }, { "vulnerability": "VCID-ansr-8m5j-pya6" }, { "vulnerability": "VCID-c57c-akce-xufq" }, { "vulnerability": "VCID-cgqm-1wwf-kbg6" }, { "vulnerability": "VCID-dsqm-9q3e-dudw" }, { "vulnerability": "VCID-dwjk-7sqh-hqa8" }, { "vulnerability": "VCID-dyhd-5p1e-fya6" }, { "vulnerability": "VCID-e1gr-txgg-fqa6" }, { "vulnerability": "VCID-e1ms-4r4s-g7e7" }, { "vulnerability": "VCID-e2bk-pfbe-puek" }, { "vulnerability": "VCID-e82x-2cdb-7fgn" }, { "vulnerability": "VCID-ec17-eauu-67d3" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fdnw-2tz5-4fdr" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-gpv4-4tpd-tbaa" }, { "vulnerability": "VCID-hp99-ncuh-6ugv" }, { "vulnerability": "VCID-hyx9-8ae6-sba8" }, { "vulnerability": "VCID-j6x1-dfre-2bdq" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-jq5y-7h9g-mufa" }, { "vulnerability": "VCID-jwb1-3sbg-kfa5" }, { "vulnerability": "VCID-jx9x-wxwq-5khx" }, { "vulnerability": "VCID-n18b-qe5x-z7cj" }, { "vulnerability": "VCID-njsj-bwjq-fyap" }, { "vulnerability": "VCID-nqqc-nkwq-rqhx" }, { "vulnerability": "VCID-p576-w7dd-p3h7" }, { "vulnerability": "VCID-q5f3-nhjn-hyb4" }, { "vulnerability": "VCID-qcnh-z4zh-myaw" }, { "vulnerability": "VCID-qek9-g3h8-nfdz" }, { "vulnerability": "VCID-r6hu-hvdh-abb1" }, { "vulnerability": "VCID-rae3-cugy-hbh5" }, { "vulnerability": "VCID-teby-zvvw-zkhv" }, { "vulnerability": "VCID-u6h1-ccgw-jqds" }, { "vulnerability": "VCID-ub3e-hrb1-wqac" }, { "vulnerability": "VCID-uq77-aax5-k7d8" }, { "vulnerability": "VCID-w65h-8a9d-ckgj" }, { "vulnerability": "VCID-wms8-dnuz-b3hc" }, { "vulnerability": "VCID-xvyu-2hb8-8ufh" }, { "vulnerability": "VCID-ys6f-g39p-fkfc" }, { "vulnerability": "VCID-yz6t-ge1y-qfgr" }, { "vulnerability": "VCID-zru2-9g25-77dc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/52638?format=api", "purl": "pkg:composer/typo3/cms@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11u3-8xzy-jfhh" }, { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-28fn-ncj5-2ufk" }, { "vulnerability": "VCID-2r7u-mc45-8yhe" }, { "vulnerability": "VCID-2rhr-8vaz-hqfj" }, { "vulnerability": "VCID-2vpx-fqb6-aqfa" }, { "vulnerability": "VCID-39jx-muqb-nkfq" }, { "vulnerability": "VCID-39vn-73mc-jqav" }, { "vulnerability": "VCID-3ugj-6m1e-e3hr" }, { "vulnerability": "VCID-4eym-e6vt-8fbs" }, { "vulnerability": "VCID-4wnp-gusy-43b8" }, { "vulnerability": "VCID-5dxs-cdht-27hw" }, { "vulnerability": "VCID-5u2f-5zzf-j3e4" }, { "vulnerability": "VCID-66kh-c1dm-8fbf" }, { "vulnerability": "VCID-66ru-n2df-b3ay" }, { "vulnerability": "VCID-6su8-bbrw-hbhp" }, { "vulnerability": "VCID-727q-h3ey-6yc9" }, { "vulnerability": "VCID-7ch1-q9f4-a7bt" }, { "vulnerability": "VCID-7m6u-k5tp-gkhy" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8p64-6zpt-t3av" }, { "vulnerability": "VCID-94r9-hh4g-jkej" }, { "vulnerability": "VCID-953t-q1cr-zyd6" }, { "vulnerability": "VCID-9726-hafj-wkay" }, { "vulnerability": "VCID-9saf-w56y-pugz" }, { "vulnerability": "VCID-9yu1-z7c2-t3fj" }, { "vulnerability": "VCID-abjx-8v46-d7d8" }, { "vulnerability": "VCID-am6s-67bm-77dr" }, { "vulnerability": "VCID-bn3p-39sv-6fdg" }, { "vulnerability": "VCID-bq2j-t19h-zyad" }, { "vulnerability": "VCID-bstt-ybrs-5ua3" }, { "vulnerability": "VCID-buj5-2t53-3kcr" }, { "vulnerability": "VCID-d6c2-upx1-e7cd" }, { "vulnerability": "VCID-dsqm-9q3e-dudw" }, { "vulnerability": "VCID-e564-zdku-9fc6" }, { "vulnerability": "VCID-emqq-kwjg-3kfk" }, { "vulnerability": "VCID-eutz-mj58-audb" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-f319-jpf5-hyex" }, { "vulnerability": "VCID-fdnw-2tz5-4fdr" }, { "vulnerability": "VCID-fgqa-5fx9-nkaz" }, { "vulnerability": "VCID-fh61-7rfy-s3hg" }, { "vulnerability": "VCID-fqkc-utex-3kav" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fut7-bb1f-37g7" }, { "vulnerability": "VCID-g7mm-vjbw-bbhd" }, { "vulnerability": "VCID-gk79-jtuz-myh6" }, { "vulnerability": "VCID-gpv4-4tpd-tbaa" }, { "vulnerability": "VCID-h217-xe8x-nua3" }, { "vulnerability": "VCID-h7cg-64er-uya9" }, { "vulnerability": "VCID-h7hf-sf2q-73ay" }, { "vulnerability": "VCID-hp99-ncuh-6ugv" }, { "vulnerability": "VCID-hyx9-8ae6-sba8" }, { "vulnerability": "VCID-hzma-cduk-3uhp" }, { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-j8sh-5evd-dkaz" }, { "vulnerability": "VCID-jeqr-9tfu-f7b2" }, { "vulnerability": "VCID-jf28-91be-6kbr" }, { "vulnerability": "VCID-jmea-qzsr-wkf4" }, { "vulnerability": "VCID-jn38-wfec-7bb2" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-jq5y-7h9g-mufa" }, { "vulnerability": "VCID-jqe4-8hzb-mfea" }, { "vulnerability": "VCID-jwb1-3sbg-kfa5" }, { "vulnerability": "VCID-k5t3-28es-h3ez" }, { "vulnerability": "VCID-khpm-e1xb-hydb" }, { "vulnerability": "VCID-ks1q-a8x2-uqht" }, { "vulnerability": "VCID-m3nc-xbb4-yubr" }, { "vulnerability": "VCID-mctp-nf36-7qdn" }, { "vulnerability": "VCID-njsj-bwjq-fyap" }, { "vulnerability": "VCID-nney-azbc-pucg" }, { "vulnerability": "VCID-nvbp-pbjw-3qgx" }, { "vulnerability": "VCID-p576-w7dd-p3h7" }, { "vulnerability": "VCID-pmvp-twk2-jqe4" }, { "vulnerability": "VCID-q2ym-y2rz-1bdn" }, { "vulnerability": "VCID-q52p-xfj8-gygd" }, { "vulnerability": "VCID-q7vt-19eb-sqeq" }, { "vulnerability": "VCID-qcnh-z4zh-myaw" }, { "vulnerability": "VCID-qdxh-arxx-wbcr" }, { "vulnerability": "VCID-qxab-9uwr-yqhv" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-ru6w-m6q6-27gn" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-sdsa-mh76-kqch" }, { "vulnerability": "VCID-sdz8-hju8-4bcb" }, { "vulnerability": "VCID-sy7r-d6pv-yba9" }, { "vulnerability": "VCID-teby-zvvw-zkhv" }, { "vulnerability": "VCID-u259-2sxq-tbct" }, { "vulnerability": "VCID-u4tq-8qnk-5fd7" }, { "vulnerability": "VCID-u5he-6tqb-gqaf" }, { "vulnerability": "VCID-u6as-cwxc-pkhk" }, { "vulnerability": "VCID-uq77-aax5-k7d8" }, { "vulnerability": "VCID-vw2r-g8yy-eyf4" }, { "vulnerability": "VCID-w483-prq4-rycx" }, { "vulnerability": "VCID-w58p-3wg1-7ycr" }, { "vulnerability": "VCID-wat8-4m83-hken" }, { "vulnerability": "VCID-wy45-2gmr-fkfg" }, { "vulnerability": "VCID-x175-xjek-97ds" }, { "vulnerability": "VCID-x5x1-w7yv-eye9" }, { "vulnerability": "VCID-xh68-defe-f7ce" }, { "vulnerability": "VCID-xpxg-qq49-b7fd" }, { "vulnerability": "VCID-xvyu-2hb8-8ufh" }, { "vulnerability": "VCID-y7ds-p5r2-yuhq" }, { "vulnerability": "VCID-ygw4-jdqu-4fbt" }, { "vulnerability": "VCID-yh6b-tc4u-v3bk" }, { "vulnerability": "VCID-yn6z-9v7k-x7br" }, { "vulnerability": "VCID-yz6t-ge1y-qfgr" }, { "vulnerability": "VCID-zgfw-pk39-gyg8" }, { "vulnerability": "VCID-zmwv-gwq3-fkej" }, { "vulnerability": "VCID-zrz3-3dnf-tbay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.0.0" } ], "aliases": [ "CVE-2020-26227", "GHSA-vqqx-jw6p-q3rf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tgyt-axv1-c7ag" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.0.0" }