Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/110997?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110997?format=api", "vulnerability_id": "VCID-dz2n-vpss-zqe9", "summary": "TYPO3 allows remote authenticated backend users to unserialize arbitrary objects\nview_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a \"missing signature (HMAC).\"", "aliases": [ { "alias": "CVE-2012-3527" }, { "alias": "GHSA-m4hw-r893-xh4g" } ], "fixed_packages": [], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61473?format=api", "purl": "pkg:composer/typo3/cms@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ef6-uy9t-mqcu" }, { "vulnerability": "VCID-1m3k-7uhk-7kbr" }, { "vulnerability": "VCID-1txa-3guj-4fe2" }, { "vulnerability": "VCID-2f2m-tcjn-fyby" }, { "vulnerability": "VCID-2rb1-4nfa-sba1" }, { "vulnerability": "VCID-3c8n-x9h6-5ybw" }, { "vulnerability": "VCID-531r-qzmx-1yfa" }, { "vulnerability": "VCID-75xh-4935-mqa9" }, { "vulnerability": "VCID-88un-etsg-2qas" }, { "vulnerability": "VCID-8yun-8pau-tkhu" }, { "vulnerability": "VCID-a1kt-str6-rqec" }, { "vulnerability": "VCID-ae89-sz78-kydg" }, { "vulnerability": "VCID-bdx9-qjnn-ybbh" }, { "vulnerability": "VCID-brj5-1b16-fbb2" }, { "vulnerability": "VCID-dz2n-vpss-zqe9" }, { "vulnerability": "VCID-e958-8xq7-1qh4" }, { "vulnerability": "VCID-eku4-xr4n-vbg8" }, { "vulnerability": "VCID-emf6-2wa5-2yc7" }, { "vulnerability": "VCID-etsd-q5s7-2qcy" }, { "vulnerability": "VCID-j4zg-ekjr-jycg" }, { "vulnerability": "VCID-jppr-qkg2-ebc9" }, { "vulnerability": "VCID-krup-sey3-x7av" }, { "vulnerability": "VCID-ksmp-ds38-z3dd" }, { "vulnerability": "VCID-mebb-nda6-fbfk" }, { "vulnerability": "VCID-n8w2-c67q-fkd5" }, { "vulnerability": "VCID-nx7p-v66a-vfg1" }, { "vulnerability": "VCID-ra42-mjmq-cfa6" }, { "vulnerability": "VCID-t9q4-xnmg-p3hz" }, { "vulnerability": "VCID-ue3u-mrsa-3yd2" }, { "vulnerability": "VCID-uqt6-d8qh-vbcr" }, { "vulnerability": "VCID-wasp-gawc-cbca" }, { "vulnerability": "VCID-wzje-a1jd-2bgx" }, { "vulnerability": "VCID-yphc-ujay-7fcs" }, { "vulnerability": "VCID-zqe5-53je-mfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/63422?format=api", "purl": "pkg:composer/typo3/cms@4.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ef6-uy9t-mqcu" }, { "vulnerability": "VCID-1m3k-7uhk-7kbr" }, { "vulnerability": "VCID-2f2m-tcjn-fyby" }, { "vulnerability": "VCID-2rb1-4nfa-sba1" }, { "vulnerability": "VCID-3c8n-x9h6-5ybw" }, { "vulnerability": "VCID-531r-qzmx-1yfa" }, { "vulnerability": "VCID-8yun-8pau-tkhu" }, { "vulnerability": "VCID-dz2n-vpss-zqe9" }, { "vulnerability": "VCID-emf6-2wa5-2yc7" }, { "vulnerability": "VCID-krup-sey3-x7av" }, { "vulnerability": "VCID-ksmp-ds38-z3dd" }, { "vulnerability": "VCID-mebb-nda6-fbfk" }, { "vulnerability": "VCID-n8w2-c67q-fkd5" }, { "vulnerability": "VCID-ra42-mjmq-cfa6" }, { "vulnerability": "VCID-t9q4-xnmg-p3hz" }, { "vulnerability": "VCID-ue3u-mrsa-3yd2" }, { "vulnerability": "VCID-wzje-a1jd-2bgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/62891?format=api", "purl": "pkg:composer/typo3/cms@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1m3k-7uhk-7kbr" }, { "vulnerability": "VCID-2f2m-tcjn-fyby" }, { "vulnerability": "VCID-3c8n-x9h6-5ybw" }, { "vulnerability": "VCID-88un-etsg-2qas" }, { "vulnerability": "VCID-a1kt-str6-rqec" }, { "vulnerability": "VCID-dz2n-vpss-zqe9" }, { "vulnerability": "VCID-emf6-2wa5-2yc7" }, { "vulnerability": "VCID-j4zg-ekjr-jycg" }, { "vulnerability": "VCID-jppr-qkg2-ebc9" }, { "vulnerability": "VCID-ksmp-ds38-z3dd" }, { "vulnerability": "VCID-mebb-nda6-fbfk" }, { "vulnerability": "VCID-n8w2-c67q-fkd5" }, { "vulnerability": "VCID-nx7p-v66a-vfg1" }, { "vulnerability": "VCID-ra42-mjmq-cfa6" }, { "vulnerability": "VCID-t9q4-xnmg-p3hz" }, { "vulnerability": "VCID-ue3u-mrsa-3yd2" }, { "vulnerability": "VCID-wasp-gawc-cbca" }, { "vulnerability": "VCID-wzje-a1jd-2bgx" }, { "vulnerability": "VCID-yphc-ujay-7fcs" }, { "vulnerability": "VCID-zqe5-53je-mfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.0" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3527", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02065", "scoring_system": "epss", "scoring_elements": "0.8424", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02065", "scoring_system": "epss", "scoring_elements": "0.8426", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02065", "scoring_system": "epss", "scoring_elements": "0.84266", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02065", "scoring_system": "epss", "scoring_elements": "0.84263", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3527" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77791", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77791" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3527", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3527" }, { "reference_url": "https://web.archive.org/web/20120817233148/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120817233148/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2537", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2537" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/22/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/08/22/8" }, { "reference_url": "https://github.com/advisories/GHSA-m4hw-r893-xh4g", "reference_id": "GHSA-m4hw-r893-xh4g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m4hw-r893-xh4g" } ], "weaknesses": [ { "cwe_id": 502, "name": "Deserialization of Untrusted Data", "description": "The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dz2n-vpss-zqe9" }