Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/in2code/femanager@6.3.4
Typecomposer
Namespacein2code
Namefemanager
Version6.3.4
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version7.1.0
Latest_non_vulnerable_version7.2.3
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-ms2h-k8ts-zfhf
vulnerability_id VCID-ms2h-k8ts-zfhf
summary 
Broken Access Control in 3rd party TYPO3 extension "femanager"
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users.
references
0
reference_url https://typo3.org/security/advisory/typo3-ext-sa-2023-001
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-ext-sa-2023-001
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25014
reference_id CVE-2023-25014
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-25014
2
reference_url https://github.com/advisories/GHSA-3p9x-xxx6-2w4p
reference_id GHSA-3p9x-xxx6-2w4p
reference_type
scores
url https://github.com/advisories/GHSA-3p9x-xxx6-2w4p
fixed_packages
0
url pkg:composer/in2code/femanager@5.5.3
purl pkg:composer/in2code/femanager@5.5.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/in2code/femanager@5.5.3
1
url pkg:composer/in2code/femanager@6.3.4
purl pkg:composer/in2code/femanager@6.3.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/in2code/femanager@6.3.4
2
url pkg:composer/in2code/femanager@7.1.0
purl pkg:composer/in2code/femanager@7.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/in2code/femanager@7.1.0
aliases CVE-2023-25014, GHSA-3p9x-xxx6-2w4p
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ms2h-k8ts-zfhf
1
url VCID-xppr-vgfx-p3hy
vulnerability_id VCID-xppr-vgfx-p3hy
summary 
Broken Access Control in 3rd party TYPO3 extension "femanager"
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users.
references
0
reference_url https://typo3.org/security/advisory/typo3-ext-sa-2023-001
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-ext-sa-2023-001
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25013
reference_id CVE-2023-25013
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-25013
2
reference_url https://github.com/advisories/GHSA-mm8v-wmqx-8h2j
reference_id GHSA-mm8v-wmqx-8h2j
reference_type
scores
url https://github.com/advisories/GHSA-mm8v-wmqx-8h2j
fixed_packages
0
url pkg:composer/in2code/femanager@5.5.3
purl pkg:composer/in2code/femanager@5.5.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/in2code/femanager@5.5.3
1
url pkg:composer/in2code/femanager@6.3.4
purl pkg:composer/in2code/femanager@6.3.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/in2code/femanager@6.3.4
2
url pkg:composer/in2code/femanager@7.1.0
purl pkg:composer/in2code/femanager@7.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/in2code/femanager@7.1.0
aliases CVE-2023-25013, GHSA-mm8v-wmqx-8h2j
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xppr-vgfx-p3hy
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/in2code/femanager@6.3.4