Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/43139?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43139?format=api", "vulnerability_id": "VCID-zpyt-j4jd-8ufk", "summary": "TYPO3 Unrestricted File Upload vulnerability\nTYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.", "aliases": [ { "alias": "CVE-2008-2717" }, { "alias": "GHSA-f35p-hcwf-9f9f" } ], "fixed_packages": [], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61748?format=api", "purl": "pkg:composer/typo3/cms-core@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zpyt-j4jd-8ufk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@4.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/61749?format=api", "purl": "pkg:composer/typo3/cms-core@4.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h1jn-6xyy-vfga" }, { "vulnerability": "VCID-zpyt-j4jd-8ufk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@4.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/61750?format=api", "purl": "pkg:composer/typo3/cms-core@4.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-47pq-dk4d-1fhx" }, { "vulnerability": "VCID-h1jn-6xyy-vfga" }, { "vulnerability": "VCID-zpyt-j4jd-8ufk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@4.2.0" } ], "references": [ { "reference_url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern" }, { "reference_url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2717", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.44018", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43949", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2717" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988" }, { "reference_url": "https://github.com/TYPO3-CMS/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3-CMS/core" }, { "reference_url": "https://web.archive.org/web/20080815050856/http://securityreason.com/securityalert/3945", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20080815050856/http://securityreason.com/securityalert/3945" }, { "reference_url": "https://web.archive.org/web/20081201212626/http://secunia.com/advisories/30619", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20081201212626/http://secunia.com/advisories/30619" }, { "reference_url": "https://web.archive.org/web/20081206030529/http://secunia.com/advisories/30660", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20081206030529/http://secunia.com/advisories/30660" }, { "reference_url": "https://web.archive.org/web/20200228131005/http://www.securityfocus.com/bid/29657", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228131005/http://www.securityfocus.com/bid/29657" }, { "reference_url": "https://web.archive.org/web/20201208012148/http://www.securityfocus.com/archive/1/493270/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201208012148/http://www.securityfocus.com/archive/1/493270/100/0/threaded" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/" }, { "reference_url": "http://www.debian.org/security/2008/dsa-1596", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2008/dsa-1596" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2717", "reference_id": "CVE-2008-2717", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2717" }, { "reference_url": "https://github.com/advisories/GHSA-f35p-hcwf-9f9f", "reference_id": "GHSA-f35p-hcwf-9f9f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f35p-hcwf-9f9f" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 264, "name": "Permissions, Privileges, and Access Controls", "description": "Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 434, "name": "Unrestricted Upload of File with Dangerous Type", "description": "The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zpyt-j4jd-8ufk" }