Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/typo3/flow@3.3.5
purl pkg:composer/typo3/flow@3.3.5
Next non-vulnerable version 3.3.13
Latest non-vulnerable version 4.0.6
Risk
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-urrb-mdfx-yuhb
Aliases:
GHSA-vh6j-wv25-8qxr
Flow Bugfix Releases for Entity Security
3.3.13
Affected by 0 other vulnerabilities.
4.0.6
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-hy8r-du1x-93cf Time-Based Information Disclosure Vulnerability The `PersistedUsernamePasswordProvider` is prone to a information disclosure of account existence based on timing attacks as the hashing of passwords is only done in case an account is found. Flow-SA-2016-001
VCID-x6zc-hygf-hqb7 Time-Based Information Disclosure Vulnerability in Flow GHSA-r6mm-wmhf-849m
VCID-xc43-9az2-bbd2 Information Exposure Through Timing Discrepancy Time-Based Information Disclosure Vulnerability in Flow. GMS-2016-159

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-01T08:05:53.503471+00:00 GitLab Importer Affected by VCID-urrb-mdfx-yuhb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/flow/GHSA-vh6j-wv25-8qxr.yml 38.6.0
2026-05-31T19:18:52.652274+00:00 GitLab Importer Fixing VCID-x6zc-hygf-hqb7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/flow/GHSA-r6mm-wmhf-849m.yml 38.6.0
2026-05-31T10:49:58.087943+00:00 GithubOSV Importer Fixing VCID-x6zc-hygf-hqb7 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-r6mm-wmhf-849m/GHSA-r6mm-wmhf-849m.json 38.6.0
2026-05-31T01:03:46.554952+00:00 GHSA Importer Fixing VCID-x6zc-hygf-hqb7 https://github.com/advisories/GHSA-r6mm-wmhf-849m 38.6.0
2026-05-30T20:52:33.564144+00:00 GitLab Importer Fixing VCID-xc43-9az2-bbd2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/flow/GMS-2016-159.yml 38.6.0
2026-05-30T20:52:33.442204+00:00 GitLab Importer Fixing VCID-hy8r-du1x-93cf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/flow/Flow-SA-2016-001.yml 38.6.0