Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/63799?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/63799?format=api", "purl": "pkg:composer/in2code/femanager@7.0.0", "type": "composer", "namespace": "in2code", "name": "femanager", "version": "7.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "7.1.0", "latest_non_vulnerable_version": "7.2.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46131?format=api", "vulnerability_id": "VCID-mp37-6ntu-zkbt", "summary": "TYPO3 extension femanager Broken Access Control vulnerability\nfemanager fails to check access permissions for the invitation component. Depending on the configuration of the plugin, a remote user can create frontend user accounts with access to configured frontend groups.", "references": [ { "reference_url": "https://github.com/in2code-de/femanager/commit/cc5f2893613a6b3fd2677c457574ab587a0862ca", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/in2code-de/femanager/commit/cc5f2893613a6b3fd2677c457574ab587a0862ca" }, { "reference_url": "https://github.com/in2code-de/femanager/releases/tag/7.2.2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/in2code-de/femanager/releases/tag/7.2.2" }, { "reference_url": "https://typo3.org/security/advisory/typo3-ext-sa-2023-008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-ext-sa-2023-008" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/in2code/femanager/CVE-2023-45023.yaml", "reference_id": "CVE-2023-45023.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/in2code/femanager/CVE-2023-45023.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-93j4-v838-8767", "reference_id": "GHSA-93j4-v838-8767", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-93j4-v838-8767" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67165?format=api", "purl": "pkg:composer/in2code/femanager@7.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/in2code/femanager@7.2.2" } ], "aliases": [ "CVE-2023-45023", "GHSA-93j4-v838-8767" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mp37-6ntu-zkbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44365?format=api", "vulnerability_id": "VCID-ms2h-k8ts-zfhf", "summary": "Broken Access Control in 3rd party TYPO3 extension \"femanager\"\nAn issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-ext-sa-2023-001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-ext-sa-2023-001" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25014", "reference_id": "CVE-2023-25014", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25014" }, { "reference_url": "https://github.com/advisories/GHSA-3p9x-xxx6-2w4p", "reference_id": "GHSA-3p9x-xxx6-2w4p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3p9x-xxx6-2w4p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63802?format=api", "purl": "pkg:composer/in2code/femanager@7.1.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/in2code/femanager@7.1.0" } ], "aliases": [ "CVE-2023-25014", "GHSA-3p9x-xxx6-2w4p" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ms2h-k8ts-zfhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44361?format=api", "vulnerability_id": "VCID-xppr-vgfx-p3hy", "summary": "Broken Access Control in 3rd party TYPO3 extension \"femanager\"\nAn issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-ext-sa-2023-001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-ext-sa-2023-001" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25013", "reference_id": "CVE-2023-25013", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25013" }, { "reference_url": "https://github.com/advisories/GHSA-mm8v-wmqx-8h2j", "reference_id": "GHSA-mm8v-wmqx-8h2j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mm8v-wmqx-8h2j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63802?format=api", "purl": "pkg:composer/in2code/femanager@7.1.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/in2code/femanager@7.1.0" } ], "aliases": [ "CVE-2023-25013", "GHSA-mm8v-wmqx-8h2j" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xppr-vgfx-p3hy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46636?format=api", "vulnerability_id": "VCID-za9q-3m4u-b7gx", "summary": "Broken Access Control in extension \"femanager\"\nThe extension fails to check access permissions for the edit user component. An authenticated frontend user can use the vulnerability to either edit data of various frontend users or to delete various frontend user accounts.\n\nAnother missing access check in the backend module of the extensions allows an authenticated backend user to perform various actions (userLogout, confirmUser, refuseUser and resendUserConfirmation) for any frontend user in the system.", "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-ext-sa-2023-010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-ext-sa-2023-010" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/in2code/femanager/CVE-2023-50459.yaml", "reference_id": "CVE-2023-50459.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/in2code/femanager/CVE-2023-50459.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-4xp5-hr35-84cx", "reference_id": "GHSA-4xp5-hr35-84cx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4xp5-hr35-84cx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68165?format=api", "purl": "pkg:composer/in2code/femanager@7.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/in2code/femanager@7.2.3" } ], "aliases": [ "CVE-2023-50459", "GHSA-4xp5-hr35-84cx" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-za9q-3m4u-b7gx" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/in2code/femanager@7.0.0" }