Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/44361?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44361?format=api", "vulnerability_id": "VCID-xppr-vgfx-p3hy", "summary": "Broken Access Control in 3rd party TYPO3 extension \"femanager\"\nAn issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users.", "aliases": [ { "alias": "CVE-2023-25013" }, { "alias": "GHSA-mm8v-wmqx-8h2j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63800?format=api", "purl": "pkg:composer/in2code/femanager@5.5.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/in2code/femanager@5.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/63801?format=api", "purl": "pkg:composer/in2code/femanager@6.3.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/in2code/femanager@6.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/63802?format=api", "purl": "pkg:composer/in2code/femanager@7.1.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/in2code/femanager@7.1.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58872?format=api", "purl": "pkg:composer/in2code/femanager@6.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dqeg-vzve-kqdr" }, { "vulnerability": "VCID-ms2h-k8ts-zfhf" }, { "vulnerability": "VCID-xppr-vgfx-p3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/in2code/femanager@6.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/63799?format=api", "purl": "pkg:composer/in2code/femanager@7.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mp37-6ntu-zkbt" }, { "vulnerability": "VCID-ms2h-k8ts-zfhf" }, { "vulnerability": "VCID-xppr-vgfx-p3hy" }, { "vulnerability": "VCID-za9q-3m4u-b7gx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/in2code/femanager@7.0.0" } ], "references": [ { "reference_url": "https://typo3.org/security/advisory/typo3-ext-sa-2023-001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-ext-sa-2023-001" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25013", "reference_id": "CVE-2023-25013", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25013" }, { "reference_url": "https://github.com/advisories/GHSA-mm8v-wmqx-8h2j", "reference_id": "GHSA-mm8v-wmqx-8h2j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mm8v-wmqx-8h2j" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xppr-vgfx-p3hy" }