Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-jbu9-bp56-rkgw
Summary
TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism
The jumpUrl (aka access tracking) implementation in `tslib/class.tslib_fe.php` in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.
Aliases
0
alias CVE-2010-3714
1
alias GHSA-w736-qv86-vq94
Fixed_packages
Affected_packages
0
url pkg:composer/typo3/cms@4.2.0
purl pkg:composer/typo3/cms@4.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5arh-exf5-zub1
1
vulnerability VCID-69fr-ztbp-z7gg
2
vulnerability VCID-acey-xzmu-7yg9
3
vulnerability VCID-enht-zcrt-mbe6
4
vulnerability VCID-jbu9-bp56-rkgw
5
vulnerability VCID-k6fn-pcqn-byhu
6
vulnerability VCID-tsmu-e547-8kdx
7
vulnerability VCID-u1y7-xzfg-z7ce
8
vulnerability VCID-zkmd-h3ch-ebbg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.2.0
1
url pkg:composer/typo3/cms@4.3.0
purl pkg:composer/typo3/cms@4.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5arh-exf5-zub1
1
vulnerability VCID-enht-zcrt-mbe6
2
vulnerability VCID-jbu9-bp56-rkgw
3
vulnerability VCID-k6fn-pcqn-byhu
4
vulnerability VCID-p8an-crb2-2qc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.3.0
2
url pkg:composer/typo3/cms@4.4.0
purl pkg:composer/typo3/cms@4.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2zuf-yf2d-t3hg
1
vulnerability VCID-57cn-dmzh-4kdq
2
vulnerability VCID-5arh-exf5-zub1
3
vulnerability VCID-88ng-ph1q-cybw
4
vulnerability VCID-93v3-exum-5qf5
5
vulnerability VCID-enht-zcrt-mbe6
6
vulnerability VCID-fprf-zjud-8fcv
7
vulnerability VCID-fv74-gq28-rkd5
8
vulnerability VCID-jbu9-bp56-rkgw
9
vulnerability VCID-jk5g-64sn-ffgx
10
vulnerability VCID-k6fn-pcqn-byhu
11
vulnerability VCID-n177-3cym-d7e7
12
vulnerability VCID-nvd8-5j51-2yeg
13
vulnerability VCID-tu8v-rv87-wfa3
14
vulnerability VCID-ybdc-993m-aqfu
15
vulnerability VCID-yk4b-baue-rkbt
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.4.0
References
0
reference_url http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2010-3714
reference_id
reference_type
scores
0
value 0.35507
scoring_system epss
scoring_elements 0.97074
published_at 2026-04-21T12:55:00Z
1
value 0.35507
scoring_system epss
scoring_elements 0.9707
published_at 2026-04-18T12:55:00Z
2
value 0.35507
scoring_system epss
scoring_elements 0.97067
published_at 2026-04-16T12:55:00Z
3
value 0.35507
scoring_system epss
scoring_elements 0.97056
published_at 2026-04-13T12:55:00Z
4
value 0.35507
scoring_system epss
scoring_elements 0.97055
published_at 2026-04-12T12:55:00Z
5
value 0.35507
scoring_system epss
scoring_elements 0.97052
published_at 2026-04-09T12:55:00Z
6
value 0.35507
scoring_system epss
scoring_elements 0.97051
published_at 2026-04-08T12:55:00Z
7
value 0.35507
scoring_system epss
scoring_elements 0.97041
published_at 2026-04-07T12:55:00Z
8
value 0.35507
scoring_system epss
scoring_elements 0.9703
published_at 2026-04-01T12:55:00Z
9
value 0.35507
scoring_system epss
scoring_elements 0.97037
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2010-3714
2
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
3
reference_url https://github.com/TYPO3/typo3/commit/687b671c765eac10ffb764547bb403ac3ef55620
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/687b671c765eac10ffb764547bb403ac3ef55620
4
reference_url https://github.com/TYPO3/typo3/commit/a8ccd387cafd2c2c338fc29109c16418f7657229
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/a8ccd387cafd2c2c338fc29109c16418f7657229
5
reference_url https://github.com/TYPO3/typo3/commit/d95f06f633fd2c289b544f6d5907b789eae6cccb
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/d95f06f633fd2c289b544f6d5907b789eae6cccb
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2010-3714
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:C/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2010-3714
7
reference_url https://web.archive.org/web/20111220151231/http://www.securityfocus.com/bid/43786
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20111220151231/http://www.securityfocus.com/bid/43786
8
reference_url http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020
9
reference_url http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/
reference_id
reference_type
scores
url http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/
10
reference_url http://www.debian.org/security/2010/dsa-2121
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2010/dsa-2121
11
reference_url http://www.exploit-db.com/exploits/15856
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.exploit-db.com/exploits/15856
12
reference_url http://www.securityfocus.com/bid/43786
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/43786
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.13:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.2.13:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.13:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.2.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.14:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.4:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*
39
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/15856.php
reference_id CVE-2012-2344;OSVDB-70121;CVE-2010-5099;CVE-2010-3714;OSVDB-68590
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/15856.php
40
reference_url https://github.com/advisories/GHSA-w736-qv86-vq94
reference_id GHSA-w736-qv86-vq94
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w736-qv86-vq94
Weaknesses
0
cwe_id 284
name Improper Access Control
description The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
1
cwe_id 264
name Permissions, Privileges, and Access Controls
description Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
3
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
0
date_added null
description 
This module exploits a flaw in the way the TYPO3 jumpurl feature matches hashes.
        Due to this flaw a Remote File Disclosure is possible by matching the juhash of 0.
        This flaw can be used to read any file that the web server user account has access to view.
required_action null
due_date null
notes 
Stability:
  - crash-safe
SideEffects:
  - ioc-in-logs
Reliability: []
known_ransomware_campaign_use false
source_date_published null
exploit_type null
platform
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/admin/http/typo3_sa_2010_020.rb
1
date_added 2010-12-29
description TYPO3 - Arbitrary File Retrieval
required_action null
due_date null
notes null
known_ransomware_campaign_use false
source_date_published 2010-12-29
exploit_type webapps
platform php
source_date_updated 2010-12-29
data_source Exploit-DB
source_url
Severity_range_score7.0 - 8.9
Exploitability2.0
Weighted_severity8.0
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-jbu9-bp56-rkgw