Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-uua1-9rt1-dfbz
Summary
Improper Access Control
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.
Aliases
0
alias CVE-2024-25120
1
alias GHSA-wf85-8hx9-gj7c
Fixed_packages
0
url pkg:composer/typo3/cms-core@8.7.57
purl pkg:composer/typo3/cms-core@8.7.57
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.57
1
url pkg:composer/typo3/cms-core@9.5.46
purl pkg:composer/typo3/cms-core@9.5.46
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.46
2
url pkg:composer/typo3/cms-core@10.4.43
purl pkg:composer/typo3/cms-core@10.4.43
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.43
3
url pkg:composer/typo3/cms-core@11.5.35
purl pkg:composer/typo3/cms-core@11.5.35
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.35
4
url pkg:composer/typo3/cms-core@12.4.11
purl pkg:composer/typo3/cms-core@12.4.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.11
5
url pkg:composer/typo3/cms-core@13.0.1
purl pkg:composer/typo3/cms-core@13.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.0.1
Affected_packages
0
url pkg:composer/typo3/cms-core@8.0.0
purl pkg:composer/typo3/cms-core@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1knh-es99-dubw
1
vulnerability VCID-1prg-c74k-37ec
2
vulnerability VCID-2m67-xdxz-ryc2
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-3hta-35zx-zuc4
5
vulnerability VCID-6ffw-r4k7-5qf8
6
vulnerability VCID-6q7t-kdrg-8qc3
7
vulnerability VCID-6rgp-dzw1-kycx
8
vulnerability VCID-7ch1-q9f4-a7bt
9
vulnerability VCID-7r4g-gxc6-hubh
10
vulnerability VCID-82ds-xda8-5ye4
11
vulnerability VCID-8sek-v483-8ueu
12
vulnerability VCID-b92x-56ng-3ygy
13
vulnerability VCID-bzqv-s7g3-wff9
14
vulnerability VCID-cg7w-xkyg-abgj
15
vulnerability VCID-cv9x-ea8e-pufu
16
vulnerability VCID-daz8-j1ns-rkgt
17
vulnerability VCID-e8ze-umec-a7hx
18
vulnerability VCID-e9jc-8mpp-fkgh
19
vulnerability VCID-hfcx-1kuh-p3ez
20
vulnerability VCID-hnyk-614g-yuhy
21
vulnerability VCID-j8hk-bqnb-gycp
22
vulnerability VCID-k8r2-2ak8-qkak
23
vulnerability VCID-n56h-zuzr-ruhf
24
vulnerability VCID-nyw8-q5ef-2fcv
25
vulnerability VCID-pwh8-c992-vqav
26
vulnerability VCID-qr1u-kcn9-cuf6
27
vulnerability VCID-qxab-9uwr-yqhv
28
vulnerability VCID-sdjb-gp4t-vbgt
29
vulnerability VCID-uaf3-fyst-u7gm
30
vulnerability VCID-uncp-sa58-ufdd
31
vulnerability VCID-uq77-aax5-k7d8
32
vulnerability VCID-uua1-9rt1-dfbz
33
vulnerability VCID-w94g-xxea-23fb
34
vulnerability VCID-wm4a-hcvt-vkbk
35
vulnerability VCID-y3zj-acc7-jkau
36
vulnerability VCID-z2bk-m2kw-h3c9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.0.0
1
url pkg:composer/typo3/cms-core@8.7.56
purl pkg:composer/typo3/cms-core@8.7.56
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7r4g-gxc6-hubh
1
vulnerability VCID-uua1-9rt1-dfbz
2
vulnerability VCID-w94g-xxea-23fb
3
vulnerability VCID-y3zj-acc7-jkau
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.56
2
url pkg:composer/typo3/cms-core@9.0.0
purl pkg:composer/typo3/cms-core@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1knh-es99-dubw
1
vulnerability VCID-1prg-c74k-37ec
2
vulnerability VCID-23ss-xwrm-1qcu
3
vulnerability VCID-2m67-xdxz-ryc2
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-3hta-35zx-zuc4
6
vulnerability VCID-6ffw-r4k7-5qf8
7
vulnerability VCID-6q7t-kdrg-8qc3
8
vulnerability VCID-6rgp-dzw1-kycx
9
vulnerability VCID-7ch1-q9f4-a7bt
10
vulnerability VCID-7r4g-gxc6-hubh
11
vulnerability VCID-82ds-xda8-5ye4
12
vulnerability VCID-8sek-v483-8ueu
13
vulnerability VCID-a1g9-pyz5-9fca
14
vulnerability VCID-bzqv-s7g3-wff9
15
vulnerability VCID-cf9m-qdyj-eyav
16
vulnerability VCID-cv9x-ea8e-pufu
17
vulnerability VCID-daz8-j1ns-rkgt
18
vulnerability VCID-e8ze-umec-a7hx
19
vulnerability VCID-e9jc-8mpp-fkgh
20
vulnerability VCID-efrn-3w2z-xyaf
21
vulnerability VCID-hfcx-1kuh-p3ez
22
vulnerability VCID-hnyk-614g-yuhy
23
vulnerability VCID-j8hk-bqnb-gycp
24
vulnerability VCID-k8r2-2ak8-qkak
25
vulnerability VCID-n56h-zuzr-ruhf
26
vulnerability VCID-nyw8-q5ef-2fcv
27
vulnerability VCID-pwh8-c992-vqav
28
vulnerability VCID-qr1u-kcn9-cuf6
29
vulnerability VCID-qxab-9uwr-yqhv
30
vulnerability VCID-sdjb-gp4t-vbgt
31
vulnerability VCID-uaf3-fyst-u7gm
32
vulnerability VCID-uncp-sa58-ufdd
33
vulnerability VCID-uq77-aax5-k7d8
34
vulnerability VCID-uua1-9rt1-dfbz
35
vulnerability VCID-v7b1-x8hy-2kcg
36
vulnerability VCID-w94g-xxea-23fb
37
vulnerability VCID-wm4a-hcvt-vkbk
38
vulnerability VCID-x5jb-yj3d-qbdf
39
vulnerability VCID-y3zj-acc7-jkau
40
vulnerability VCID-z2bk-m2kw-h3c9
41
vulnerability VCID-zbm9-cx69-wqg3
42
vulnerability VCID-zhcb-h8ph-7uhk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.0.0
3
url pkg:composer/typo3/cms-core@9.5.45
purl pkg:composer/typo3/cms-core@9.5.45
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7r4g-gxc6-hubh
1
vulnerability VCID-uua1-9rt1-dfbz
2
vulnerability VCID-w94g-xxea-23fb
3
vulnerability VCID-y3zj-acc7-jkau
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.45
4
url pkg:composer/typo3/cms-core@10.0.0
purl pkg:composer/typo3/cms-core@10.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-3hta-35zx-zuc4
2
vulnerability VCID-6a22-c7x5-sqe2
3
vulnerability VCID-7r4g-gxc6-hubh
4
vulnerability VCID-9tpm-8udy-c3cd
5
vulnerability VCID-a1g9-pyz5-9fca
6
vulnerability VCID-bzqv-s7g3-wff9
7
vulnerability VCID-gxsd-4nd9-gqgn
8
vulnerability VCID-j8hk-bqnb-gycp
9
vulnerability VCID-sdjb-gp4t-vbgt
10
vulnerability VCID-uq77-aax5-k7d8
11
vulnerability VCID-uua1-9rt1-dfbz
12
vulnerability VCID-w94g-xxea-23fb
13
vulnerability VCID-y3zj-acc7-jkau
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.0.0
5
url pkg:composer/typo3/cms-core@10.4.42
purl pkg:composer/typo3/cms-core@10.4.42
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7r4g-gxc6-hubh
1
vulnerability VCID-uua1-9rt1-dfbz
2
vulnerability VCID-w94g-xxea-23fb
3
vulnerability VCID-y3zj-acc7-jkau
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.42
6
url pkg:composer/typo3/cms-core@11.0.0
purl pkg:composer/typo3/cms-core@11.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-3hta-35zx-zuc4
2
vulnerability VCID-6a22-c7x5-sqe2
3
vulnerability VCID-7r4g-gxc6-hubh
4
vulnerability VCID-9tpm-8udy-c3cd
5
vulnerability VCID-a1g9-pyz5-9fca
6
vulnerability VCID-bzqv-s7g3-wff9
7
vulnerability VCID-fsx8-7qjz-2ubw
8
vulnerability VCID-gxsd-4nd9-gqgn
9
vulnerability VCID-j8hk-bqnb-gycp
10
vulnerability VCID-sdjb-gp4t-vbgt
11
vulnerability VCID-uq77-aax5-k7d8
12
vulnerability VCID-uua1-9rt1-dfbz
13
vulnerability VCID-w94g-xxea-23fb
14
vulnerability VCID-y3zj-acc7-jkau
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.0.0
7
url pkg:composer/typo3/cms-core@11.5.34
purl pkg:composer/typo3/cms-core@11.5.34
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7r4g-gxc6-hubh
1
vulnerability VCID-uua1-9rt1-dfbz
2
vulnerability VCID-w94g-xxea-23fb
3
vulnerability VCID-y3zj-acc7-jkau
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.34
8
url pkg:composer/typo3/cms-core@12.0.0
purl pkg:composer/typo3/cms-core@12.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hta-35zx-zuc4
1
vulnerability VCID-6a22-c7x5-sqe2
2
vulnerability VCID-7r4g-gxc6-hubh
3
vulnerability VCID-9tpm-8udy-c3cd
4
vulnerability VCID-bzqv-s7g3-wff9
5
vulnerability VCID-gxsd-4nd9-gqgn
6
vulnerability VCID-uua1-9rt1-dfbz
7
vulnerability VCID-w94g-xxea-23fb
8
vulnerability VCID-y3zj-acc7-jkau
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.0.0
9
url pkg:composer/typo3/cms-core@12.4.10
purl pkg:composer/typo3/cms-core@12.4.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7r4g-gxc6-hubh
1
vulnerability VCID-uua1-9rt1-dfbz
2
vulnerability VCID-w94g-xxea-23fb
3
vulnerability VCID-y3zj-acc7-jkau
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.10
10
url pkg:composer/typo3/cms-core@13.0.0
purl pkg:composer/typo3/cms-core@13.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hta-35zx-zuc4
1
vulnerability VCID-7r4g-gxc6-hubh
2
vulnerability VCID-9tpm-8udy-c3cd
3
vulnerability VCID-uua1-9rt1-dfbz
4
vulnerability VCID-w94g-xxea-23fb
5
vulnerability VCID-y3zj-acc7-jkau
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.0.0
References
0
reference_url https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references
reference_id
reference_type
scores
url https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references
1
reference_url https://github.com/TYPO3/typo3/commit/2de87ff113ba24333ab7cbb8078588743f8958d6
reference_id
reference_type
scores
url https://github.com/TYPO3/typo3/commit/2de87ff113ba24333ab7cbb8078588743f8958d6
2
reference_url https://github.com/TYPO3/typo3/commit/33f4d279b82bca0a509227a17065244c6156e68f
reference_id
reference_type
scores
url https://github.com/TYPO3/typo3/commit/33f4d279b82bca0a509227a17065244c6156e68f
3
reference_url https://github.com/TYPO3/typo3/commit/ae0dfc4c058a90c10eedb3f49cfaf33164d21cdd
reference_id
reference_type
scores
url https://github.com/TYPO3/typo3/commit/ae0dfc4c058a90c10eedb3f49cfaf33164d21cdd
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2024-005
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2024-005
5
reference_url https://github.com/advisories/GHSA-wf85-8hx9-gj7c
reference_id GHSA-wf85-8hx9-gj7c
reference_type
scores
url https://github.com/advisories/GHSA-wf85-8hx9-gj7c
6
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c
reference_id GHSA-wf85-8hx9-gj7c
reference_type
scores
url https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
2
cwe_id 284
name Improper Access Control
description The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
3
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-uua1-9rt1-dfbz