Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/typo3/cms-core@4.2.1

Type composer

Namespace typo3

Name cms-core

Version 4.2.1

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 4.2.10

Latest_non_vulnerable_version 14.0.2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-zpyt-j4jd-8ufk

vulnerability_id VCID-zpyt-j4jd-8ufk

summary

TYPO3 Unrestricted File Upload vulnerability
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.

references

reference_url	http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/
reference_id
reference_type
scores
url	http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/42988
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/42988

reference_url	https://web.archive.org/web/20080815050856/http://securityreason.com/securityalert/3945
reference_id
reference_type
scores
url	https://web.archive.org/web/20080815050856/http://securityreason.com/securityalert/3945

reference_url	https://web.archive.org/web/20081201212626/http://secunia.com/advisories/30619
reference_id
reference_type
scores
url	https://web.archive.org/web/20081201212626/http://secunia.com/advisories/30619

reference_url	https://web.archive.org/web/20081206030529/http://secunia.com/advisories/30660
reference_id
reference_type
scores
url	https://web.archive.org/web/20081206030529/http://secunia.com/advisories/30660

reference_url	https://web.archive.org/web/20200228131005/http://www.securityfocus.com/bid/29657
reference_id
reference_type
scores
url	https://web.archive.org/web/20200228131005/http://www.securityfocus.com/bid/29657

reference_url	https://web.archive.org/web/20201208012148/http://www.securityfocus.com/archive/1/493270/100/0/threaded
reference_id
reference_type
scores
url	https://web.archive.org/web/20201208012148/http://www.securityfocus.com/archive/1/493270/100/0/threaded

reference_url	http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/
reference_id
reference_type
scores
url	http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/

reference_url	http://www.debian.org/security/2008/dsa-1596
reference_id
reference_type
scores
url	http://www.debian.org/security/2008/dsa-1596

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2008-2717
reference_id	CVE-2008-2717
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2008-2717

reference_url	https://github.com/advisories/GHSA-f35p-hcwf-9f9f
reference_id	GHSA-f35p-hcwf-9f9f
reference_type
scores
url	https://github.com/advisories/GHSA-f35p-hcwf-9f9f

fixed_packages

url	pkg:composer/typo3/cms-core@4.0.9
purl	pkg:composer/typo3/cms-core@4.0.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@4.0.9

url	pkg:composer/typo3/cms-core@4.1.7
purl	pkg:composer/typo3/cms-core@4.1.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@4.1.7

url	pkg:composer/typo3/cms-core@4.2.1
purl	pkg:composer/typo3/cms-core@4.2.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@4.2.1

aliases CVE-2008-2717, GHSA-f35p-hcwf-9f9f

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zpyt-j4jd-8ufk

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@4.2.1

Package Instance