Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/in2code/powermail@11.2.0
Typecomposer
Namespacein2code
Namepowermail
Version11.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version12.5.3
Latest_non_vulnerable_version13.0.1
Affected_by_vulnerabilities
0
url VCID-ckp6-xdae-vub7
vulnerability_id VCID-ckp6-xdae-vub7
summary An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins, an unauthenticated attacker can exploit this to edit, update, delete, or export data of persisted forms. This can only be exploited when the Powermail Frontend plugins are used. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45233
reference_id
reference_type
scores
0
value 0.00252
scoring_system epss
scoring_elements 0.48962
published_at 2026-06-12T12:55:00Z
1
value 0.00252
scoring_system epss
scoring_elements 0.48826
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45233
1
reference_url https://github.com/in2code-de/powermail
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/in2code-de/powermail
2
reference_url https://github.com/in2code-de/powermail/commit/04a010c4009202e8e1b4c72accd4d7b2771b80b3
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/in2code-de/powermail/commit/04a010c4009202e8e1b4c72accd4d7b2771b80b3
3
reference_url https://github.com/in2code-de/powermail/commit/2c8a1bf7669eb0661e8a93164f57e4b653ac3408
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/in2code-de/powermail/commit/2c8a1bf7669eb0661e8a93164f57e4b653ac3408
4
reference_url https://github.com/in2code-de/powermail/commit/6e94ec5e0c7b553c467b826df1b922db6c2ad08e
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/in2code-de/powermail/commit/6e94ec5e0c7b553c467b826df1b922db6c2ad08e
5
reference_url https://github.com/in2code-de/powermail/commit/f56f8eefe151ad67cbd32c21f1106953b8e4f19f
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/in2code-de/powermail/commit/f56f8eefe151ad67cbd32c21f1106953b8e4f19f
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45233
reference_id CVE-2024-45233
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45233
7
reference_url https://github.com/advisories/GHSA-9jqr-5x45-pgw8
reference_id GHSA-9jqr-5x45-pgw8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9jqr-5x45-pgw8
8
reference_url https://typo3.org/security/advisory/typo3-ext-sa-2024-006
reference_id typo3-ext-sa-2024-006
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C
1
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:22:49Z/
url https://typo3.org/security/advisory/typo3-ext-sa-2024-006
fixed_packages
0
url pkg:composer/in2code/powermail@12.4.0
purl pkg:composer/in2code/powermail@12.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k2ex-385c-xufh
1
vulnerability VCID-q9qe-8vzg-bbg6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/in2code/powermail@12.4.0
aliases CVE-2024-45233, GHSA-9jqr-5x45-pgw8
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ckp6-xdae-vub7
1
url VCID-wx8v-veep-nfd6
vulnerability_id VCID-wx8v-veep-nfd6
summary An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the extension. This can only be exploited when the extension is configured to save submitted form data to the database (plugin.tx_powermail.settings.db.enable=1), which however is the default setting of the extension. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45232
reference_id
reference_type
scores
0
value 0.0022
scoring_system epss
scoring_elements 0.44904
published_at 2026-06-12T12:55:00Z
1
value 0.0022
scoring_system epss
scoring_elements 0.44753
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45232
1
reference_url https://github.com/in2code-de/powermail
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/in2code-de/powermail
2
reference_url https://github.com/in2code-de/powermail/commit/061756732357206f2f13bf39a0676dd266ec9586
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/in2code-de/powermail/commit/061756732357206f2f13bf39a0676dd266ec9586
3
reference_url https://github.com/in2code-de/powermail/commit/ac402d4972c77dd119c8db6ffe594c15e8ae0bc5
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/in2code-de/powermail/commit/ac402d4972c77dd119c8db6ffe594c15e8ae0bc5
4
reference_url https://github.com/in2code-de/powermail/commit/e2ddfaa06d29019d60be02b5a3da04b237ed760b
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/in2code-de/powermail/commit/e2ddfaa06d29019d60be02b5a3da04b237ed760b
5
reference_url https://github.com/in2code-de/powermail/commit/f58d70311799ae5f6acbec52ea9206d21eba91bb
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/in2code-de/powermail/commit/f58d70311799ae5f6acbec52ea9206d21eba91bb
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45232
reference_id CVE-2024-45232
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45232
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/in2code/powermail/CVE-2024-45232.yaml
reference_id CVE-2024-45232.YAML
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/in2code/powermail/CVE-2024-45232.yaml
8
reference_url https://github.com/advisories/GHSA-p652-xcgx-f85m
reference_id GHSA-p652-xcgx-f85m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p652-xcgx-f85m
9
reference_url https://typo3.org/security/advisory/typo3-ext-sa-2024-006
reference_id typo3-ext-sa-2024-006
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:16:35Z/
url https://typo3.org/security/advisory/typo3-ext-sa-2024-006
fixed_packages
0
url pkg:composer/in2code/powermail@12.4.0
purl pkg:composer/in2code/powermail@12.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k2ex-385c-xufh
1
vulnerability VCID-q9qe-8vzg-bbg6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/in2code/powermail@12.4.0
aliases CVE-2024-45232, GHSA-p652-xcgx-f85m
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wx8v-veep-nfd6
Fixing_vulnerabilities
Risk_score3.3
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/in2code/powermail@11.2.0