Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-zkmd-h3ch-ebbg
Summary
Improper Authentication
Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.
Aliases
0
alias CVE-2009-0256
1
alias GHSA-q45q-5233-229p
Fixed_packages
Affected_packages
0
url pkg:composer/typo3/cms@4.0.0
purl pkg:composer/typo3/cms@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-69fr-ztbp-z7gg
1
vulnerability VCID-acey-xzmu-7yg9
2
vulnerability VCID-b5ht-z6zp-pbht
3
vulnerability VCID-zkmd-h3ch-ebbg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.0.0
1
url pkg:composer/typo3/cms@4.0.9
purl pkg:composer/typo3/cms@4.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-69fr-ztbp-z7gg
1
vulnerability VCID-zkmd-h3ch-ebbg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.0.9
2
url pkg:composer/typo3/cms@4.1.0
purl pkg:composer/typo3/cms@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-69fr-ztbp-z7gg
1
vulnerability VCID-acey-xzmu-7yg9
2
vulnerability VCID-tsmu-e547-8kdx
3
vulnerability VCID-u1y7-xzfg-z7ce
4
vulnerability VCID-zkmd-h3ch-ebbg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.1.0
3
url pkg:composer/typo3/cms@4.1.7
purl pkg:composer/typo3/cms@4.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-69fr-ztbp-z7gg
1
vulnerability VCID-zkmd-h3ch-ebbg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.1.7
4
url pkg:composer/typo3/cms@4.2.0
purl pkg:composer/typo3/cms@4.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5arh-exf5-zub1
1
vulnerability VCID-69fr-ztbp-z7gg
2
vulnerability VCID-acey-xzmu-7yg9
3
vulnerability VCID-enht-zcrt-mbe6
4
vulnerability VCID-jbu9-bp56-rkgw
5
vulnerability VCID-k6fn-pcqn-byhu
6
vulnerability VCID-tsmu-e547-8kdx
7
vulnerability VCID-u1y7-xzfg-z7ce
8
vulnerability VCID-zkmd-h3ch-ebbg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.2.0
5
url pkg:composer/typo3/cms@4.2.3
purl pkg:composer/typo3/cms@4.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-69fr-ztbp-z7gg
1
vulnerability VCID-zkmd-h3ch-ebbg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.2.3
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-0256
reference_id
reference_type
scores
0
value 0.00911
scoring_system epss
scoring_elements 0.75846
published_at 2026-04-21T12:55:00Z
1
value 0.00911
scoring_system epss
scoring_elements 0.75777
published_at 2026-04-07T12:55:00Z
2
value 0.00911
scoring_system epss
scoring_elements 0.75809
published_at 2026-04-08T12:55:00Z
3
value 0.00911
scoring_system epss
scoring_elements 0.75821
published_at 2026-04-09T12:55:00Z
4
value 0.00911
scoring_system epss
scoring_elements 0.75845
published_at 2026-04-11T12:55:00Z
5
value 0.00911
scoring_system epss
scoring_elements 0.75826
published_at 2026-04-12T12:55:00Z
6
value 0.00911
scoring_system epss
scoring_elements 0.7582
published_at 2026-04-13T12:55:00Z
7
value 0.00911
scoring_system epss
scoring_elements 0.75857
published_at 2026-04-16T12:55:00Z
8
value 0.00911
scoring_system epss
scoring_elements 0.75861
published_at 2026-04-18T12:55:00Z
9
value 0.00911
scoring_system epss
scoring_elements 0.75762
published_at 2026-04-01T12:55:00Z
10
value 0.00911
scoring_system epss
scoring_elements 0.75765
published_at 2026-04-02T12:55:00Z
11
value 0.00911
scoring_system epss
scoring_elements 0.75798
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-0256
1
reference_url http://secunia.com/advisories/33617
reference_id
reference_type
scores
url http://secunia.com/advisories/33617
2
reference_url http://secunia.com/advisories/33679
reference_id
reference_type
scores
url http://secunia.com/advisories/33679
3
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/48133
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/48133
4
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
5
reference_url https://web.archive.org/web/20111210005350/http://www.securityfocus.com/bid/33376
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20111210005350/http://www.securityfocus.com/bid/33376
6
reference_url http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001
7
reference_url http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/
reference_id
reference_type
scores
url http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/
8
reference_url http://www.debian.org/security/2009/dsa-1711
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2009/dsa-1711
9
reference_url http://www.securityfocus.com/bid/33376
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/33376
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/detail/CVE-2009-0256
reference_id CVE-2009-0256
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2009-0256
35
reference_url https://github.com/advisories/GHSA-q45q-5233-229p
reference_id GHSA-q45q-5233-229p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q45q-5233-229p
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 287
name Improper Authentication
description When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 384
name Session Fixation
description Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-zkmd-h3ch-ebbg