Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-69fr-ztbp-z7gg

Summary

Improper Input Validation
The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.

Aliases

alias	CVE-2009-0258

alias	GHSA-74w6-ww7w-45j9

Fixed_packages

Affected_packages

url pkg:composer/typo3/cms@4.0.0

purl pkg:composer/typo3/cms@4.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-69fr-ztbp-z7gg

vulnerability	VCID-acey-xzmu-7yg9

vulnerability	VCID-b5ht-z6zp-pbht

vulnerability	VCID-zkmd-h3ch-ebbg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.0.0

url pkg:composer/typo3/cms@4.0.9

purl pkg:composer/typo3/cms@4.0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-69fr-ztbp-z7gg

vulnerability	VCID-zkmd-h3ch-ebbg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.0.9

url pkg:composer/typo3/cms@4.1.0

purl pkg:composer/typo3/cms@4.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-69fr-ztbp-z7gg

vulnerability	VCID-acey-xzmu-7yg9

vulnerability	VCID-tsmu-e547-8kdx

vulnerability	VCID-u1y7-xzfg-z7ce

vulnerability	VCID-zkmd-h3ch-ebbg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.1.0

url pkg:composer/typo3/cms@4.1.7

purl pkg:composer/typo3/cms@4.1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-69fr-ztbp-z7gg

vulnerability	VCID-zkmd-h3ch-ebbg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.1.7

url pkg:composer/typo3/cms@4.2.0

purl pkg:composer/typo3/cms@4.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5arh-exf5-zub1

vulnerability	VCID-69fr-ztbp-z7gg

vulnerability	VCID-acey-xzmu-7yg9

vulnerability	VCID-enht-zcrt-mbe6

vulnerability	VCID-jbu9-bp56-rkgw

vulnerability	VCID-k6fn-pcqn-byhu

vulnerability	VCID-tsmu-e547-8kdx

vulnerability	VCID-u1y7-xzfg-z7ce

vulnerability	VCID-zkmd-h3ch-ebbg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.2.0

url pkg:composer/typo3/cms@4.2.3

purl pkg:composer/typo3/cms@4.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-69fr-ztbp-z7gg

vulnerability	VCID-zkmd-h3ch-ebbg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.2.3

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-0258

reference_id

reference_type

scores

value	0.03387
scoring_system	epss
scoring_elements	0.87409
published_at	2026-04-21T12:55:00Z

value	0.03387
scoring_system	epss
scoring_elements	0.87369
published_at	2026-04-07T12:55:00Z

value	0.03387
scoring_system	epss
scoring_elements	0.87387
published_at	2026-04-08T12:55:00Z

value	0.03387
scoring_system	epss
scoring_elements	0.87394
published_at	2026-04-09T12:55:00Z

value	0.03387
scoring_system	epss
scoring_elements	0.87407
published_at	2026-04-11T12:55:00Z

value	0.03387
scoring_system	epss
scoring_elements	0.87401
published_at	2026-04-12T12:55:00Z

value	0.03387
scoring_system	epss
scoring_elements	0.87397
published_at	2026-04-13T12:55:00Z

value	0.03387
scoring_system	epss
scoring_elements	0.87412
published_at	2026-04-16T12:55:00Z

value	0.03387
scoring_system	epss
scoring_elements	0.87415
published_at	2026-04-18T12:55:00Z

value	0.03387
scoring_system	epss
scoring_elements	0.87344
published_at	2026-04-01T12:55:00Z

value	0.03387
scoring_system	epss
scoring_elements	0.87354
published_at	2026-04-02T12:55:00Z

value	0.03387
scoring_system	epss
scoring_elements	0.8737
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-0258

reference_url	http://secunia.com/advisories/33617
reference_id
reference_type
scores
url	http://secunia.com/advisories/33617

reference_url	http://secunia.com/advisories/33679
reference_id
reference_type
scores
url	http://secunia.com/advisories/33679

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/48138

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/48138

reference_url

https://web.archive.org/web/20111210005350/http://www.securityfocus.com/bid/33376

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20111210005350/http://www.securityfocus.com/bid/33376

reference_url

http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001

reference_url	http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/
reference_id
reference_type
scores
url	http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/

reference_url

http://www.debian.org/security/2009/dsa-1711

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2009/dsa-1711

reference_url

http://www.openwall.com/lists/oss-security/2009/01/23/4

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2009/01/23/4

reference_url	http://www.securityfocus.com/bid/33376
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/33376

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0:::::::*
reference_id	cpe:2.3:a:typo3:typo3:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.1:::::::*
reference_id	cpe:2.3:a:typo3:typo3:4.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.2:::::::*
reference_id	cpe:2.3:a:typo3:typo3:4.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.3:::::::*
reference_id	cpe:2.3:a:typo3:typo3:4.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.4:::::::*
reference_id	cpe:2.3:a:typo3:typo3:4.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.5:::::::*
reference_id	cpe:2.3:a:typo3:typo3:4.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.6:::::::*
reference_id	cpe:2.3:a:typo3:typo3:4.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.7:::::::*
reference_id	cpe:2.3:a:typo3:typo3:4.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.8:::::::*
reference_id	cpe:2.3:a:typo3:typo3:4.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.9:::::::*
reference_id	cpe:2.3:a:typo3:typo3:4.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:::::::*
reference_id	cpe:2.3:a:typo3:typo3:4.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:beta1::::::
reference_id	cpe:2.3:a:typo3:typo3:4.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:rc1::::::
reference_id	cpe:2.3:a:typo3:typo3:4.1.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.1:::::::*
reference_id	cpe:2.3:a:typo3:typo3:4.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.2:::::::*
reference_id	cpe:2.3:a:typo3:typo3:4.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.3:::::::*
reference_id	cpe:2.3:a:typo3:typo3:4.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.4:::::::*
reference_id	cpe:2.3:a:typo3:typo3:4.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.5:::::::*
reference_id	cpe:2.3:a:typo3:typo3:4.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.6:::::::*
reference_id	cpe:2.3:a:typo3:typo3:4.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.7:::::::*
reference_id	cpe:2.3:a:typo3:typo3:4.1.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.0:::::::*
reference_id	cpe:2.3:a:typo3:typo3:4.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.1:::::::*
reference_id	cpe:2.3:a:typo3:typo3:4.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.2:::::::*
reference_id	cpe:2.3:a:typo3:typo3:4.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.3:::::::*
reference_id	cpe:2.3:a:typo3:typo3:4.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.3:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2009-0258

reference_id

CVE-2009-0258

reference_type

scores

value	10.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:C/I:C/A:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2009-0258

reference_url

https://github.com/advisories/GHSA-74w6-ww7w-45j9

reference_id

GHSA-74w6-ww7w-45j9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-74w6-ww7w-45j9

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

cwe_id	78
name	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description	The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 7.0 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-69fr-ztbp-z7gg

Vulnerability Instance