Search for packages
| purl | pkg:composer/typo3/flow@3.1.7 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-hy8r-du1x-93cf | Time-Based Information Disclosure Vulnerability The `PersistedUsernamePasswordProvider` is prone to a information disclosure of account existence based on timing attacks as the hashing of passwords is only done in case an account is found. |
Flow-SA-2016-001
|
| VCID-x6zc-hygf-hqb7 | Time-Based Information Disclosure Vulnerability in Flow |
GHSA-r6mm-wmhf-849m
|
| VCID-xc43-9az2-bbd2 | Information Exposure Through Timing Discrepancy Time-Based Information Disclosure Vulnerability in Flow. |
GMS-2016-159
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-05-31T01:03:46.525623+00:00 | GHSA Importer | Fixing | VCID-x6zc-hygf-hqb7 | https://github.com/advisories/GHSA-r6mm-wmhf-849m | 38.6.0 |
| 2026-05-30T20:52:33.556514+00:00 | GitLab Importer | Fixing | VCID-xc43-9az2-bbd2 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/flow/GMS-2016-159.yml | 38.6.0 |
| 2026-05-30T20:52:33.432822+00:00 | GitLab Importer | Fixing | VCID-hy8r-du1x-93cf | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/flow/Flow-SA-2016-001.yml | 38.6.0 |