Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/typo3/cms@8.7.5
Typecomposer
Namespacetypo3
Namecms
Version8.7.5
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version8.7.11
Latest_non_vulnerable_version12.2.0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-e564-zdku-9fc6
vulnerability_id VCID-e564-zdku-9fc6
summary 
Information Disclosure
HTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called endpoint.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-006/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-006/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.22
purl pkg:composer/typo3/cms@7.6.22
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22
1
url pkg:composer/typo3/cms@8.7.5
purl pkg:composer/typo3/cms@8.7.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5
aliases TYPO3-CORE-SA-2017-006
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e564-zdku-9fc6
1
url VCID-h7cg-64er-uya9
vulnerability_id VCID-h7cg-64er-uya9
summary 
Unrestricted Upload of File with Dangerous Type
Unrestricted File Upload vulnerability in the `fileDenyPattern` in `sysext/core/Classes/Core/SystemEnvironmentBuilder`.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/
1
reference_url http://www.securityfocus.com/bid/100620
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100620
2
reference_url http://www.securitytracker.com/id/1039295
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1039295
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-14251
reference_id CVE-2017-14251
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-14251
fixed_packages
0
url pkg:composer/typo3/cms@7.6.22
purl pkg:composer/typo3/cms@7.6.22
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22
1
url pkg:composer/typo3/cms@8.7.5
purl pkg:composer/typo3/cms@8.7.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5
aliases CVE-2017-14251
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h7cg-64er-uya9
2
url VCID-jqe4-8hzb-mfea
vulnerability_id VCID-jqe4-8hzb-mfea
summary 
Arbitrary Code Execution
Due to a missing file extension in the `fileDenyPattern`, backend user are allowed to upload *.pht files which can be executed in certain web server setups.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.22
purl pkg:composer/typo3/cms@7.6.22
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22
1
url pkg:composer/typo3/cms@8.7.5
purl pkg:composer/typo3/cms@8.7.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5
aliases TYPO3-CORE-SA-2017-007
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jqe4-8hzb-mfea
3
url VCID-mctp-nf36-7qdn
vulnerability_id VCID-mctp-nf36-7qdn
summary 
Information Disclosure
Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-005/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-005/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.22
purl pkg:composer/typo3/cms@7.6.22
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22
1
url pkg:composer/typo3/cms@8.7.5
purl pkg:composer/typo3/cms@8.7.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5
aliases TYPO3-CORE-SA-2017-005
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mctp-nf36-7qdn
4
url VCID-wy45-2gmr-fkfg
vulnerability_id VCID-wy45-2gmr-fkfg
summary 
XSS Vulnerability
Failing to properly encode user input, backend forms are vulnerable to Cross-Site Scripting. A valid backend user account is needed to exploit this vulnerability.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-004/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-004/
fixed_packages
0
url pkg:composer/typo3/cms@8.7.5
purl pkg:composer/typo3/cms@8.7.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5
aliases TYPO3-CORE-SA-2017-004
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wy45-2gmr-fkfg
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5