Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/typo3/neos@1.2.0-beta1
Typecomposer
Namespacetypo3
Nameneos
Version1.2.0-beta1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.2.13
Latest_non_vulnerable_version4.3.3
Affected_by_vulnerabilities
0
url VCID-bh6n-n4s6-13gt
vulnerability_id VCID-bh6n-n4s6-13gt
summary It has been discovered that TYPO3 Neos is vulnerable to Privilege Escalation. Logged in editors could access, create and modify content nodes that exist in the workspace of other editors.
references
0
reference_url https://www.neos.io/blog/neos-sa-2015-001.html
reference_id
reference_type
scores
url https://www.neos.io/blog/neos-sa-2015-001.html
fixed_packages
0
url pkg:composer/typo3/neos@1.2.3
purl pkg:composer/typo3/neos@1.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eyk1-hqju-cfc2
1
vulnerability VCID-kftp-w8kn-9ybx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@1.2.3
aliases neos-sa-2015-001
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bh6n-n4s6-13gt
1
url VCID-eyk1-hqju-cfc2
vulnerability_id VCID-eyk1-hqju-cfc2
summary 
XSS Vulnerabilities
Neos is vulnerable to several XSS attacks. Through these vulnerabilities, an attacker could tamper with page rendering, redirect victims to a fake login page, or capture user credentials (such as cookies). With the potential backdoor upload an attacker could gain access to the server itself, to an extent mainly limited by the server setup.
references
0
reference_url https://www.neos.io/news/neos-sa-2015-002.html
reference_id
reference_type
scores
url https://www.neos.io/news/neos-sa-2015-002.html
fixed_packages
0
url pkg:composer/typo3/neos@1.2.13
purl pkg:composer/typo3/neos@1.2.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@1.2.13
1
url pkg:composer/typo3/neos@2.0.0-RC1
purl pkg:composer/typo3/neos@2.0.0-RC1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@2.0.0-RC1
2
url pkg:composer/typo3/neos@2.0.4
purl pkg:composer/typo3/neos@2.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@2.0.4
3
url pkg:composer/typo3/neos@2.3.3
purl pkg:composer/typo3/neos@2.3.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@2.3.3
aliases GMS-2015-46
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eyk1-hqju-cfc2
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@1.2.0-beta1