Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-w483-prq4-rycx

Summary

TYPO3 Broken Access Control in Localization Handling
It has been discovered that backend users having limited access to specific languages are capable of modifying and creating pages in the default language which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability.

Aliases

alias	GHSA-772m-43f3-hmf8

Fixed_packages

url pkg:composer/typo3/cms@8.7.23

purl pkg:composer/typo3/cms@8.7.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23

Affected_packages

url pkg:composer/typo3/cms@8.0.0

purl pkg:composer/typo3/cms@8.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-11u3-8xzy-jfhh

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-28fn-ncj5-2ufk

vulnerability	VCID-2r7u-mc45-8yhe

vulnerability	VCID-2rhr-8vaz-hqfj

vulnerability	VCID-2vpx-fqb6-aqfa

vulnerability	VCID-39jx-muqb-nkfq

vulnerability	VCID-39vn-73mc-jqav

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-4wnp-gusy-43b8

vulnerability	VCID-5dxs-cdht-27hw

vulnerability	VCID-5u2f-5zzf-j3e4

vulnerability	VCID-66kh-c1dm-8fbf

vulnerability	VCID-66ru-n2df-b3ay

vulnerability	VCID-6su8-bbrw-hbhp

vulnerability	VCID-727q-h3ey-6yc9

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8p64-6zpt-t3av

vulnerability	VCID-94r9-hh4g-jkej

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-9726-hafj-wkay

vulnerability	VCID-9saf-w56y-pugz

vulnerability	VCID-9yu1-z7c2-t3fj

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bn3p-39sv-6fdg

vulnerability	VCID-bq2j-t19h-zyad

vulnerability	VCID-bstt-ybrs-5ua3

vulnerability	VCID-buj5-2t53-3kcr

vulnerability	VCID-d6c2-upx1-e7cd

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e564-zdku-9fc6

vulnerability	VCID-emqq-kwjg-3kfk

vulnerability	VCID-eutz-mj58-audb

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-f319-jpf5-hyex

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fgqa-5fx9-nkaz

vulnerability	VCID-fh61-7rfy-s3hg

vulnerability	VCID-fqkc-utex-3kav

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-g7mm-vjbw-bbhd

vulnerability	VCID-gk79-jtuz-myh6

vulnerability	VCID-gpv4-4tpd-tbaa

vulnerability	VCID-h217-xe8x-nua3

vulnerability	VCID-h7cg-64er-uya9

vulnerability	VCID-h7hf-sf2q-73ay

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-hyx9-8ae6-sba8

vulnerability	VCID-hzma-cduk-3uhp

vulnerability	VCID-j8hk-bqnb-gycp

vulnerability	VCID-j8sh-5evd-dkaz

vulnerability	VCID-jeqr-9tfu-f7b2

vulnerability	VCID-jf28-91be-6kbr

vulnerability	VCID-jmea-qzsr-wkf4

vulnerability	VCID-jn38-wfec-7bb2

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-jqe4-8hzb-mfea

vulnerability	VCID-jwb1-3sbg-kfa5

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-ks1q-a8x2-uqht

vulnerability	VCID-m3nc-xbb4-yubr

vulnerability	VCID-mctp-nf36-7qdn

vulnerability	VCID-nhjv-nke2-2kf8

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-nvbp-pbjw-3qgx

vulnerability	VCID-p576-w7dd-p3h7

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-q2ym-y2rz-1bdn

vulnerability	VCID-q52p-xfj8-gygd

vulnerability	VCID-q7vt-19eb-sqeq

vulnerability	VCID-qcnh-z4zh-myaw

vulnerability	VCID-qdxh-arxx-wbcr

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdjb-gp4t-vbgt

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-sdz8-hju8-4bcb

vulnerability	VCID-sy7r-d6pv-yba9

vulnerability	VCID-teby-zvvw-zkhv

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-u4tq-8qnk-5fd7

vulnerability	VCID-u5he-6tqb-gqaf

vulnerability	VCID-u6as-cwxc-pkhk

vulnerability	VCID-uq77-aax5-k7d8

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-w483-prq4-rycx

vulnerability	VCID-w58p-3wg1-7ycr

vulnerability	VCID-wat8-4m83-hken

vulnerability	VCID-wy45-2gmr-fkfg

100

vulnerability	VCID-x175-xjek-97ds

101

vulnerability	VCID-x5x1-w7yv-eye9

102

vulnerability	VCID-xh68-defe-f7ce

103

vulnerability	VCID-xpxg-qq49-b7fd

104

vulnerability	VCID-xvyu-2hb8-8ufh

105

vulnerability	VCID-xw1s-93bu-wuh9

106

vulnerability	VCID-y7ds-p5r2-yuhq

107

vulnerability	VCID-ygw4-jdqu-4fbt

108

vulnerability	VCID-yh6b-tc4u-v3bk

109

vulnerability	VCID-yn6z-9v7k-x7br

110

vulnerability	VCID-yz6t-ge1y-qfgr

111

vulnerability	VCID-zgfw-pk39-gyg8

112

vulnerability	VCID-zmwv-gwq3-fkej

113

vulnerability	VCID-zrz3-3dnf-tbay

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.0.0

References

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-01-22-3.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-01-22-3.yaml

reference_url

https://github.com/TYPO3/typo3

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/typo3

reference_url

https://github.com/TYPO3/typo3/commit/5004201ee77a69cb825637bc95cdeedb1186f4d4

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/typo3/commit/5004201ee77a69cb825637bc95cdeedb1186f4d4

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2019-003

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://typo3.org/security/advisory/typo3-core-sa-2019-003

reference_url	https://github.com/advisories/GHSA-772m-43f3-hmf8
reference_id	GHSA-772m-43f3-hmf8
reference_type
scores
url	https://github.com/advisories/GHSA-772m-43f3-hmf8

Weaknesses

cwe_id	285
name	Improper Authorization
description	The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w483-prq4-rycx

Vulnerability Instance