Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/52528?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/52528?format=api", "purl": "pkg:composer/typo3/cms@7.6.0", "type": "composer", "namespace": "typo3", "name": "cms", "version": "7.6.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "7.6.1", "latest_non_vulnerable_version": "12.2.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38081?format=api", "vulnerability_id": "VCID-2r7u-mc45-8yhe", "summary": "Improper Authentication\nAuthentication Bypass in TYPO3 CMS.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-011/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-011/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52639?format=api", "purl": "pkg:composer/typo3/cms@7.6.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52640?format=api", "purl": "pkg:composer/typo3/cms@8.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h7cg-64er-uya9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.0.1" } ], "aliases": [ "GMS-2016-145" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2r7u-mc45-8yhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38164?format=api", "vulnerability_id": "VCID-2vpx-fqb6-aqfa", "summary": "Cross-site Scripting\nCross-Site Scripting in third party library `mso/idna-convert`.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-020", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-020" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52837?format=api", "purl": "pkg:composer/typo3/cms@7.6.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/52838?format=api", "purl": "pkg:composer/typo3/cms@8.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h7cg-64er-uya9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.2.1" } ], "aliases": [ "GMS-2016-154" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2vpx-fqb6-aqfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38075?format=api", "vulnerability_id": "VCID-39jx-muqb-nkfq", "summary": "Cross-site Scripting\nCross-Site Scripting in TYPO3 Backend.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-009/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-009/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52639?format=api", "purl": "pkg:composer/typo3/cms@7.6.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52640?format=api", "purl": "pkg:composer/typo3/cms@8.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h7cg-64er-uya9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.0.1" } ], "aliases": [ "GMS-2016-143" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-39jx-muqb-nkfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38256?format=api", "vulnerability_id": "VCID-5dxs-cdht-27hw", "summary": "Insecure Deserialization\nInsecure Unserialize in TYPO3 Backend.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-023/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-023/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52970?format=api", "purl": "pkg:composer/typo3/cms@7.6.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/52971?format=api", "purl": "pkg:composer/typo3/cms@8.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h7cg-64er-uya9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.4.1" } ], "aliases": [ "GMS-2016-157" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5dxs-cdht-27hw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38487?format=api", "vulnerability_id": "VCID-66ru-n2df-b3ay", "summary": "Cross-site Scripting\nXSS in TYPO3 CMS.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-003/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53303?format=api", "purl": "pkg:composer/typo3/cms@7.6.16", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/53304?format=api", "purl": "pkg:composer/typo3/cms@8.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h7cg-64er-uya9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.6.1" } ], "aliases": [ "GMS-2017-349" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-66ru-n2df-b3ay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38254?format=api", "vulnerability_id": "VCID-727q-h3ey-6yc9", "summary": "Path Traversal in TYPO3 Core.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-024/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-024/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52970?format=api", "purl": "pkg:composer/typo3/cms@7.6.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/52971?format=api", "purl": "pkg:composer/typo3/cms@8.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h7cg-64er-uya9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.4.1" } ], "aliases": [ "GMS-2016-158" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-727q-h3ey-6yc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38127?format=api", "vulnerability_id": "VCID-8p64-6zpt-t3av", "summary": "Improper Access Control\nMissing Access Check in TYPO3 CMS.", "references": [ { "reference_url": "https://typo3.org/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/missing-access-check-in-typo3-cms/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/missing-access-check-in-typo3-cms/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52709?format=api", "purl": "pkg:composer/typo3/cms@7.6.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/52710?format=api", "purl": "pkg:composer/typo3/cms@8.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.1.1" } ], "aliases": [ "GMS-2016-147" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8p64-6zpt-t3av" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38811?format=api", "vulnerability_id": "VCID-9saf-w56y-pugz", "summary": "Information Disclosure in TYPO3 CMS.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-005/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54049?format=api", "purl": "pkg:composer/typo3/cms@7.6.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/54050?format=api", "purl": "pkg:composer/typo3/cms@8.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6a22-c7x5-sqe2" }, { "vulnerability": "VCID-h7cg-64er-uya9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.0" } ], "aliases": [ "GMS-2017-351" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9saf-w56y-pugz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38162?format=api", "vulnerability_id": "VCID-dd9u-w2y2-87h9", "summary": "SQL Injection in TYPO3 Frontend Login.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-016", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-016" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52837?format=api", "purl": "pkg:composer/typo3/cms@7.6.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.10" } ], "aliases": [ "GMS-2016-150" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dd9u-w2y2-87h9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38807?format=api", "vulnerability_id": "VCID-e564-zdku-9fc6", "summary": "Information Disclosure\nHTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called endpoint.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-006/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-006/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54049?format=api", "purl": "pkg:composer/typo3/cms@7.6.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/54048?format=api", "purl": "pkg:composer/typo3/cms@8.7.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5" } ], "aliases": [ "TYPO3-CORE-SA-2017-006" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e564-zdku-9fc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38253?format=api", "vulnerability_id": "VCID-eutz-mj58-audb", "summary": "Insecure Unserialize in TYPO3 Backend\nFailing to properly validate incoming data, the suggest wizard is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is needed.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-023" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52970?format=api", "purl": "pkg:composer/typo3/cms@7.6.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/52971?format=api", "purl": "pkg:composer/typo3/cms@8.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h7cg-64er-uya9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.4.1" } ], "aliases": [ "TYPO3-CORE-SA-2016-023" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eutz-mj58-audb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38039?format=api", "vulnerability_id": "VCID-exjy-5cyn-zfg1", "summary": "Uncontrolled Resource Consumption\nDenial of Service attack possibility in TYPO3 component Indexed Search.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-008/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-008/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52564?format=api", "purl": "pkg:composer/typo3/cms@7.6.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.4" } ], "aliases": [ "GMS-2016-142" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-exjy-5cyn-zfg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38040?format=api", "vulnerability_id": "VCID-g9ns-sxkx-aqh1", "summary": "Cross-site Scripting\nCross-Site Scripting in TYPO3 component CSS styled content.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-007/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52564?format=api", "purl": "pkg:composer/typo3/cms@7.6.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.4" } ], "aliases": [ "GMS-2016-141" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g9ns-sxkx-aqh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38255?format=api", "vulnerability_id": "VCID-h217-xe8x-nua3", "summary": "Path Traversal\nDue to a too loose type check in an API method, attackers could bypass the directory traversal check by providing an invalid UTF-8 encoding sequence.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-024" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52970?format=api", "purl": "pkg:composer/typo3/cms@7.6.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/52971?format=api", "purl": "pkg:composer/typo3/cms@8.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h7cg-64er-uya9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.4.1" } ], "aliases": [ "TYPO3-CORE-SA-2016-024" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h217-xe8x-nua3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38829?format=api", "vulnerability_id": "VCID-h7cg-64er-uya9", "summary": "Unrestricted Upload of File with Dangerous Type\nUnrestricted File Upload vulnerability in the `fileDenyPattern` in `sysext/core/Classes/Core/SystemEnvironmentBuilder`.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/" }, { "reference_url": "http://www.securityfocus.com/bid/100620", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100620" }, { "reference_url": "http://www.securitytracker.com/id/1039295", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039295" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14251", "reference_id": "CVE-2017-14251", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14251" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54049?format=api", "purl": "pkg:composer/typo3/cms@7.6.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/54048?format=api", "purl": "pkg:composer/typo3/cms@8.7.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5" } ], "aliases": [ "CVE-2017-14251" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h7cg-64er-uya9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38437?format=api", "vulnerability_id": "VCID-h7hf-sf2q-73ay", "summary": "Code Injection\nRemote Code Execution in third party library swiftmailer.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-001/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53166?format=api", "purl": "pkg:composer/typo3/cms@7.6.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9bep-jsfw-x3gn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/53167?format=api", "purl": "pkg:composer/typo3/cms@8.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h7cg-64er-uya9" }, { "vulnerability": "VCID-je4q-svfw-hqda" }, { "vulnerability": "VCID-w1wb-mq2y-dfca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.5.0" } ], "aliases": [ "GMS-2017-347" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h7hf-sf2q-73ay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38159?format=api", "vulnerability_id": "VCID-hzma-cduk-3uhp", "summary": "Cross-site Scripting\nXSS in TYPO3 Backend.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-021" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52821?format=api", "purl": "pkg:composer/typo3/cms@7.6.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52822?format=api", "purl": "pkg:composer/typo3/cms@8.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h7cg-64er-uya9" }, { "vulnerability": "VCID-qv14-m93d-jyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.3.0" } ], "aliases": [ "GMS-2016-155" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hzma-cduk-3uhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38163?format=api", "vulnerability_id": "VCID-jeqr-9tfu-f7b2", "summary": "Deserialization of Untrusted Data\nInsecure Unserialize in TYPO3 Import/Export.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-015" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52837?format=api", "purl": "pkg:composer/typo3/cms@7.6.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/52838?format=api", "purl": "pkg:composer/typo3/cms@8.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h7cg-64er-uya9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.2.1" } ], "aliases": [ "GMS-2016-149" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jeqr-9tfu-f7b2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38806?format=api", "vulnerability_id": "VCID-jqe4-8hzb-mfea", "summary": "Arbitrary Code Execution\nDue to a missing file extension in the `fileDenyPattern`, backend user are allowed to upload *.pht files which can be executed in certain web server setups.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54049?format=api", "purl": "pkg:composer/typo3/cms@7.6.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/54048?format=api", "purl": "pkg:composer/typo3/cms@8.7.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5" } ], "aliases": [ "TYPO3-CORE-SA-2017-007" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jqe4-8hzb-mfea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38165?format=api", "vulnerability_id": "VCID-ks1q-a8x2-uqht", "summary": "Information Disclosure in TYPO3 Backend.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-017" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52837?format=api", "purl": "pkg:composer/typo3/cms@7.6.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/52838?format=api", "purl": "pkg:composer/typo3/cms@8.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h7cg-64er-uya9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.2.1" } ], "aliases": [ "GMS-2016-151" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ks1q-a8x2-uqht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38166?format=api", "vulnerability_id": "VCID-m3nc-xbb4-yubr", "summary": "Cross-site Scripting\nCross-Site Scripting in TYPO3 Backend.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-014/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-014/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52837?format=api", "purl": "pkg:composer/typo3/cms@7.6.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/52838?format=api", "purl": "pkg:composer/typo3/cms@8.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h7cg-64er-uya9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.2.1" } ], "aliases": [ "GMS-2016-148" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m3nc-xbb4-yubr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38810?format=api", "vulnerability_id": "VCID-mctp-nf36-7qdn", "summary": "Information Disclosure\nFailing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-005/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54049?format=api", "purl": "pkg:composer/typo3/cms@7.6.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/54048?format=api", "purl": "pkg:composer/typo3/cms@8.7.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5" } ], "aliases": [ "TYPO3-CORE-SA-2017-005" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mctp-nf36-7qdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38028?format=api", "vulnerability_id": "VCID-s97a-nmk8-y3ay", "summary": "Cross-site Scripting\nCross-Site Scripting in link validator component.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-002/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52529?format=api", "purl": "pkg:composer/typo3/cms@7.6.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.3" } ], "aliases": [ "GMS-2016-136" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s97a-nmk8-y3ay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38809?format=api", "vulnerability_id": "VCID-sy7r-d6pv-yba9", "summary": "Code Injection\nArbitrary Code Execution in TYPO3 CMS.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54049?format=api", "purl": "pkg:composer/typo3/cms@7.6.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/54050?format=api", "purl": "pkg:composer/typo3/cms@8.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6a22-c7x5-sqe2" }, { "vulnerability": "VCID-h7cg-64er-uya9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.0" } ], "aliases": [ "GMS-2017-353" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sy7r-d6pv-yba9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38083?format=api", "vulnerability_id": "VCID-u4tq-8qnk-5fd7", "summary": "Improper Privilege Management\nPrivilege Escalation in TYPO3 CMS.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-012/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-012/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52639?format=api", "purl": "pkg:composer/typo3/cms@7.6.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52640?format=api", "purl": "pkg:composer/typo3/cms@8.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h7cg-64er-uya9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.0.1" } ], "aliases": [ "GMS-2016-146" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u4tq-8qnk-5fd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47106?format=api", "vulnerability_id": "VCID-w58p-3wg1-7ycr", "summary": "Path Traversal in TYPO3 Core\nDue to a too loose type check in an API method, attackers could bypass the directory traversal check by providing an invalid UTF-8 encoding sequence.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2016-11-22-2.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2016-11-22-2.yaml" }, { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-024" }, { "reference_url": "https://github.com/advisories/GHSA-gj48-w74w-8gvm", "reference_id": "GHSA-gj48-w74w-8gvm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gj48-w74w-8gvm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52970?format=api", "purl": "pkg:composer/typo3/cms@7.6.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/52971?format=api", "purl": "pkg:composer/typo3/cms@8.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h7cg-64er-uya9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.4.1" } ], "aliases": [ "GHSA-gj48-w74w-8gvm", "GMS-2024-342" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w58p-3wg1-7ycr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38492?format=api", "vulnerability_id": "VCID-xh68-defe-f7ce", "summary": "XSS Vulnerability\nTYPO3 is vulnerable to Cross-Site Scripting.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-003/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53303?format=api", "purl": "pkg:composer/typo3/cms@7.6.16", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/53304?format=api", "purl": "pkg:composer/typo3/cms@8.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h7cg-64er-uya9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.6.1" } ], "aliases": [ "TYPO3-CORE-SA-2017-003" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xh68-defe-f7ce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38038?format=api", "vulnerability_id": "VCID-y1ap-y4az-x7ec", "summary": "Improper Restriction of XML External Entity Reference\nXML External Entity (XXE) Processing in TYPO3 Core.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-005/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52564?format=api", "purl": "pkg:composer/typo3/cms@7.6.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.4" } ], "aliases": [ "GMS-2016-139" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y1ap-y4az-x7ec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38805?format=api", "vulnerability_id": "VCID-ygw4-jdqu-4fbt", "summary": "Information Disclosure in TYPO3 CMS.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-006/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-006/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54049?format=api", "purl": "pkg:composer/typo3/cms@7.6.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/54050?format=api", "purl": "pkg:composer/typo3/cms@8.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6a22-c7x5-sqe2" }, { "vulnerability": "VCID-h7cg-64er-uya9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.0" } ], "aliases": [ "GMS-2017-352" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ygw4-jdqu-4fbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38157?format=api", "vulnerability_id": "VCID-yn6z-9v7k-x7br", "summary": "Uncontrolled Resource Consumption\nCache Flooding in TYPO3 Frontend.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-022" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52821?format=api", "purl": "pkg:composer/typo3/cms@7.6.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52822?format=api", "purl": "pkg:composer/typo3/cms@8.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h7cg-64er-uya9" }, { "vulnerability": "VCID-qv14-m93d-jyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.3.0" } ], "aliases": [ "GMS-2016-156" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yn6z-9v7k-x7br" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38168?format=api", "vulnerability_id": "VCID-zrz3-3dnf-tbay", "summary": "Cross-site Scripting\nCross-Site Scripting vulnerability in typolinks.", "references": [ { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-018", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-018" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52837?format=api", "purl": "pkg:composer/typo3/cms@7.6.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/52838?format=api", "purl": "pkg:composer/typo3/cms@8.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h7cg-64er-uya9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.2.1" } ], "aliases": [ "GMS-2016-152" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zrz3-3dnf-tbay" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.0" }