Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/typo3/neos@1.2.0
Typecomposer
Namespacetypo3
Nameneos
Version1.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.2.13
Latest_non_vulnerable_version4.3.3
Affected_by_vulnerabilities
0
url VCID-3gkh-89k9-4ybn
vulnerability_id VCID-3gkh-89k9-4ybn
summary 
Cross-Site Scripting (XSS) vulnerabilities in Neos
It has been discovered that Neos is vulnerable to several XSS attacks. Through these vulnerabilities, an attacker could tamper with page rendering, redirect victims to a fake login page, or capture user credentials (such as cookies). With the potential backdoor upload an attacker could gain access to the server itself, to an extent mainly limited by the server setup.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/neos/2015-11-23.yaml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/neos/2015-11-23.yaml
1
reference_url https://github.com/mneuhaus/TYPO3.Neos
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mneuhaus/TYPO3.Neos
2
reference_url https://www.neos.io/blog/neos-sa-2015-002.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.neos.io/blog/neos-sa-2015-002.html
3
reference_url https://github.com/advisories/GHSA-4542-p56h-8xww
reference_id GHSA-4542-p56h-8xww
reference_type
scores
url https://github.com/advisories/GHSA-4542-p56h-8xww
fixed_packages
0
url pkg:composer/typo3/neos@1.2.13
purl pkg:composer/typo3/neos@1.2.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@1.2.13
1
url pkg:composer/typo3/neos@2.0.4
purl pkg:composer/typo3/neos@2.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@2.0.4
aliases GHSA-4542-p56h-8xww
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3gkh-89k9-4ybn
1
url VCID-56z1-xe5m-yugk
vulnerability_id VCID-56z1-xe5m-yugk
summary 
Improper Privilege Management
Privilege Escalation in TYPO3 Neos.
references
0
reference_url https://www.neos.io/news/neos-sa-2015-001.html
reference_id
reference_type
scores
url https://www.neos.io/news/neos-sa-2015-001.html
fixed_packages
0
url pkg:composer/typo3/neos@1.2.3
purl pkg:composer/typo3/neos@1.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eyk1-hqju-cfc2
1
vulnerability VCID-kftp-w8kn-9ybx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@1.2.3
aliases GMS-2015-93
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-56z1-xe5m-yugk
2
url VCID-9hvu-jc3r-jyd5
vulnerability_id VCID-9hvu-jc3r-jyd5
summary 
Privilege Escalation in TYPO3 Neos
It has been discovered that TYPO3 Neos is vulnerable to Privilege Escalation. Logged in editors could access, create and modify content nodes that exist in the workspace of other editors.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/neos/2015-03-28.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/neos/2015-03-28.yaml
1
reference_url https://www.neos.io/blog/neos-sa-2015-001.html
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.neos.io/blog/neos-sa-2015-001.html
2
reference_url https://github.com/advisories/GHSA-wr3c-6c22-m9v6
reference_id GHSA-wr3c-6c22-m9v6
reference_type
scores
url https://github.com/advisories/GHSA-wr3c-6c22-m9v6
fixed_packages
0
url pkg:composer/typo3/neos@1.2.3
purl pkg:composer/typo3/neos@1.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eyk1-hqju-cfc2
1
vulnerability VCID-kftp-w8kn-9ybx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@1.2.3
aliases GHSA-wr3c-6c22-m9v6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9hvu-jc3r-jyd5
3
url VCID-bh6n-n4s6-13gt
vulnerability_id VCID-bh6n-n4s6-13gt
summary It has been discovered that TYPO3 Neos is vulnerable to Privilege Escalation. Logged in editors could access, create and modify content nodes that exist in the workspace of other editors.
references
0
reference_url https://www.neos.io/blog/neos-sa-2015-001.html
reference_id
reference_type
scores
url https://www.neos.io/blog/neos-sa-2015-001.html
fixed_packages
0
url pkg:composer/typo3/neos@1.2.3
purl pkg:composer/typo3/neos@1.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eyk1-hqju-cfc2
1
vulnerability VCID-kftp-w8kn-9ybx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@1.2.3
aliases neos-sa-2015-001
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bh6n-n4s6-13gt
4
url VCID-eyk1-hqju-cfc2
vulnerability_id VCID-eyk1-hqju-cfc2
summary 
XSS Vulnerabilities
Neos is vulnerable to several XSS attacks. Through these vulnerabilities, an attacker could tamper with page rendering, redirect victims to a fake login page, or capture user credentials (such as cookies). With the potential backdoor upload an attacker could gain access to the server itself, to an extent mainly limited by the server setup.
references
0
reference_url https://www.neos.io/news/neos-sa-2015-002.html
reference_id
reference_type
scores
url https://www.neos.io/news/neos-sa-2015-002.html
fixed_packages
0
url pkg:composer/typo3/neos@1.2.13
purl pkg:composer/typo3/neos@1.2.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@1.2.13
1
url pkg:composer/typo3/neos@2.0.0-RC1
purl pkg:composer/typo3/neos@2.0.0-RC1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@2.0.0-RC1
2
url pkg:composer/typo3/neos@2.0.4
purl pkg:composer/typo3/neos@2.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@2.0.4
3
url pkg:composer/typo3/neos@2.3.3
purl pkg:composer/typo3/neos@2.3.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@2.3.3
aliases GMS-2015-46
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eyk1-hqju-cfc2
5
url VCID-kftp-w8kn-9ybx
vulnerability_id VCID-kftp-w8kn-9ybx
summary 
Cross-site Scripting
XSS vulnerabilities in Neos.
references
0
reference_url https://www.neos.io/news/neos-sa-2015-002.html
reference_id
reference_type
scores
url https://www.neos.io/news/neos-sa-2015-002.html
fixed_packages
0
url pkg:composer/typo3/neos@1.2.13
purl pkg:composer/typo3/neos@1.2.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@1.2.13
1
url pkg:composer/typo3/neos@2.0.0-RC1
purl pkg:composer/typo3/neos@2.0.0-RC1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@2.0.0-RC1
2
url pkg:composer/typo3/neos@2.0.4
purl pkg:composer/typo3/neos@2.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@2.0.4
3
url pkg:composer/typo3/neos@2.3.3
purl pkg:composer/typo3/neos@2.3.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@2.3.3
aliases GMS-2015-94
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kftp-w8kn-9ybx
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@1.2.0