Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-2f2m-tcjn-fyby
Summary
Typo3 Vulnerable to Cache Poisoning
**Problem Description:** A request URL with arbitrary arguments, but still pointing to the home page of  a TYPO3 installation can be cached if the configuration option `config.prefixLocalAnchors` is used with the values "all" or "cached". The impact of this vulnerability is that unfamiliar looking links to the home page can end up in the cache, which leads to a reload of the page in the browser when section links are followed by web page visitors, instead of just directly jumping to the requested section of the page. TYPO3 versions 4.6.x and higher are only affected if the homepage is not a shortcut to a different page.

**Solution:** Removing the configuration options `config.prefixLocalAnchors` (and optionally also config.baseUrl) in favor of `config.absRefPrefix`

**Credits:** Thanks to Gernot Leitgab who discovered and reported the vulnerability.
Aliases
0
alias CVE-2014-9509
1
alias GHSA-5479-gqqr-f9gj
Fixed_packages
0
url pkg:composer/typo3/cms@6.2.9
purl pkg:composer/typo3/cms@6.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1efr-h9gq-r7h1
1
vulnerability VCID-1u4r-r97q-3yfk
2
vulnerability VCID-2r7u-mc45-8yhe
3
vulnerability VCID-39jx-muqb-nkfq
4
vulnerability VCID-5dxs-cdht-27hw
5
vulnerability VCID-5hm4-ms5p-uuae
6
vulnerability VCID-727q-h3ey-6yc9
7
vulnerability VCID-7n9x-c9gs-9yb3
8
vulnerability VCID-8jcy-3kje-fqeh
9
vulnerability VCID-8p64-6zpt-t3av
10
vulnerability VCID-8vum-snng-jfcv
11
vulnerability VCID-ansr-8m5j-pya6
12
vulnerability VCID-c57c-akce-xufq
13
vulnerability VCID-dd9u-w2y2-87h9
14
vulnerability VCID-dw8z-wtph-skey
15
vulnerability VCID-dwjk-7sqh-hqa8
16
vulnerability VCID-e1gr-txgg-fqa6
17
vulnerability VCID-e82x-2cdb-7fgn
18
vulnerability VCID-ebku-sk43-m7bf
19
vulnerability VCID-ec17-eauu-67d3
20
vulnerability VCID-eutz-mj58-audb
21
vulnerability VCID-ev4k-5k1d-2bhu
22
vulnerability VCID-exjy-5cyn-zfg1
23
vulnerability VCID-fqkx-v8t5-q3h6
24
vulnerability VCID-g9ns-sxkx-aqh1
25
vulnerability VCID-h217-xe8x-nua3
26
vulnerability VCID-h7hf-sf2q-73ay
27
vulnerability VCID-huxd-2e6q-abak
28
vulnerability VCID-hzma-cduk-3uhp
29
vulnerability VCID-j6x1-dfre-2bdq
30
vulnerability VCID-jeqr-9tfu-f7b2
31
vulnerability VCID-kj76-rsr8-yqb3
32
vulnerability VCID-kqu8-8c1n-73hr
33
vulnerability VCID-ks1q-a8x2-uqht
34
vulnerability VCID-m3nc-xbb4-yubr
35
vulnerability VCID-n18b-qe5x-z7cj
36
vulnerability VCID-n326-yy8y-xuap
37
vulnerability VCID-nhjv-nke2-2kf8
38
vulnerability VCID-nqqc-nkwq-rqhx
39
vulnerability VCID-p7gd-anw2-1qbz
40
vulnerability VCID-q5f3-nhjn-hyb4
41
vulnerability VCID-rae3-cugy-hbh5
42
vulnerability VCID-s97a-nmk8-y3ay
43
vulnerability VCID-sn8n-mawq-3uht
44
vulnerability VCID-tgyt-axv1-c7ag
45
vulnerability VCID-u4tq-8qnk-5fd7
46
vulnerability VCID-u6h1-ccgw-jqds
47
vulnerability VCID-ub3e-hrb1-wqac
48
vulnerability VCID-vq15-t92r-5bhx
49
vulnerability VCID-wk4s-4bcd-2yb5
50
vulnerability VCID-wms8-dnuz-b3hc
51
vulnerability VCID-xw1s-93bu-wuh9
52
vulnerability VCID-y1ap-y4az-x7ec
53
vulnerability VCID-yn6z-9v7k-x7br
54
vulnerability VCID-zrz3-3dnf-tbay
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.9
1
url pkg:composer/typo3/cms@7.0.2
purl pkg:composer/typo3/cms@7.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1u4r-r97q-3yfk
1
vulnerability VCID-3ugj-6m1e-e3hr
2
vulnerability VCID-5hm4-ms5p-uuae
3
vulnerability VCID-7n9x-c9gs-9yb3
4
vulnerability VCID-8jcy-3kje-fqeh
5
vulnerability VCID-953t-q1cr-zyd6
6
vulnerability VCID-abjx-8v46-d7d8
7
vulnerability VCID-ansr-8m5j-pya6
8
vulnerability VCID-c57c-akce-xufq
9
vulnerability VCID-dsqm-9q3e-dudw
10
vulnerability VCID-dwjk-7sqh-hqa8
11
vulnerability VCID-e1gr-txgg-fqa6
12
vulnerability VCID-e82x-2cdb-7fgn
13
vulnerability VCID-ec17-eauu-67d3
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fdnw-2tz5-4fdr
16
vulnerability VCID-fqkx-v8t5-q3h6
17
vulnerability VCID-hp99-ncuh-6ugv
18
vulnerability VCID-j6x1-dfre-2bdq
19
vulnerability VCID-jp1p-rfxa-hyd9
20
vulnerability VCID-jq5y-7h9g-mufa
21
vulnerability VCID-n18b-qe5x-z7cj
22
vulnerability VCID-nhjv-nke2-2kf8
23
vulnerability VCID-njsj-bwjq-fyap
24
vulnerability VCID-nqqc-nkwq-rqhx
25
vulnerability VCID-p7gd-anw2-1qbz
26
vulnerability VCID-q5f3-nhjn-hyb4
27
vulnerability VCID-rae3-cugy-hbh5
28
vulnerability VCID-u6h1-ccgw-jqds
29
vulnerability VCID-ub3e-hrb1-wqac
30
vulnerability VCID-vq15-t92r-5bhx
31
vulnerability VCID-wms8-dnuz-b3hc
32
vulnerability VCID-xw1s-93bu-wuh9
33
vulnerability VCID-yz6t-ge1y-qfgr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.0.2
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-9509
reference_id
reference_type
scores
0
value 0.00633
scoring_system epss
scoring_elements 0.70755
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-9509
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-9509
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-9509
2
reference_url http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003
Weaknesses
0
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Exploits
Severity_range_score7.0 - 8.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-2f2m-tcjn-fyby