Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/contao/core-bundle@4.0.0-beta1

Type composer

Namespace contao

Name core-bundle

Version 4.0.0-beta1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.13.57

Latest_non_vulnerable_version 5.6.5

Affected_by_vulnerabilities

url VCID-36gy-wpwv-rqew

vulnerability_id VCID-36gy-wpwv-rqew

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) in GitHub repository contao/contao prior to 4.13.3. Attacker can execute Malicious JS in Application :)

references

reference_url	https://github.com/contao/contao/commit/199206849a87ddd0fa5cf674eb3c58292fd8366c
reference_id
reference_type
scores
url	https://github.com/contao/contao/commit/199206849a87ddd0fa5cf674eb3c58292fd8366c

reference_url	https://huntr.dev/bounties/df46e285-1b7f-403c-8f6c-8819e42deb80
reference_id
reference_type
scores
url	https://huntr.dev/bounties/df46e285-1b7f-403c-8f6c-8819e42deb80

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50945.tzt
reference_id	CVE-2022-1588
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50945.tzt

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-1588
reference_id	CVE-2022-1588
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-1588

fixed_packages

url pkg:composer/contao/core-bundle@4.13.3

purl pkg:composer/contao/core-bundle@4.13.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3ezy-wm8p-fudx

vulnerability	VCID-44rf-v5ep-fbd9

vulnerability	VCID-5188-r5n1-tycn

vulnerability	VCID-53kv-tku1-x3fk

vulnerability	VCID-bmmc-gmwu-a7dx

vulnerability	VCID-crxv-8yda-d3ex

vulnerability	VCID-kgp5-x27x-vyh6

vulnerability	VCID-n1pv-237p-e3ay

vulnerability	VCID-pawf-h8n3-83hh

vulnerability	VCID-r8z4-2ayx-1bg4

vulnerability	VCID-ttwq-29ke-s7ez

vulnerability	VCID-uwqd-um3d-97bk

vulnerability	VCID-y73g-hkmg-c7dp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.13.3

url pkg:composer/contao/core-bundle@5.5.4

purl pkg:composer/contao/core-bundle@5.5.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5188-r5n1-tycn

vulnerability	VCID-9d3a-nqn3-yyd4

vulnerability	VCID-auy8-w747-7qg1

vulnerability	VCID-crxv-8yda-d3ex

vulnerability	VCID-n1pv-237p-e3ay

vulnerability	VCID-uwqd-um3d-97bk

vulnerability	VCID-w65f-31zb-8kgd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.5.4

aliases CVE-2022-1588

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-36gy-wpwv-rqew

url VCID-3ezy-wm8p-fudx

vulnerability_id VCID-3ezy-wm8p-fudx

summary

Contao: Remember-me tokens will not be cleared after a password change
When a front end member changes their password, the corresponding remember-me tokens are not removed.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-30262

reference_id

reference_type

scores

value	0.00364
scoring_system	epss
scoring_elements	0.5871
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-30262

reference_url

https://contao.org/en/security-advisories/remember-me-tokens-are-not-cleared-after-a-password-change

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://contao.org/en/security-advisories/remember-me-tokens-are-not-cleared-after-a-password-change

reference_url

https://github.com/contao/contao

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/contao/contao

reference_url

https://github.com/contao/contao/commit/3032baa456f607169ffae82a8920354adb338fe9

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T19:19:06Z/

url

https://github.com/contao/contao/commit/3032baa456f607169ffae82a8920354adb338fe9

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-30262

reference_id

CVE-2024-30262

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-30262

reference_url

https://github.com/advisories/GHSA-r4r6-j2j3-7pp5

reference_id

GHSA-r4r6-j2j3-7pp5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r4r6-j2j3-7pp5

reference_url

https://github.com/contao/contao/security/advisories/GHSA-r4r6-j2j3-7pp5

reference_id

GHSA-r4r6-j2j3-7pp5

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T19:19:06Z/

url

https://github.com/contao/contao/security/advisories/GHSA-r4r6-j2j3-7pp5

fixed_packages

url pkg:composer/contao/core-bundle@4.13.40

purl pkg:composer/contao/core-bundle@4.13.40

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-44rf-v5ep-fbd9

vulnerability	VCID-5188-r5n1-tycn

vulnerability	VCID-crxv-8yda-d3ex

vulnerability	VCID-n1pv-237p-e3ay

vulnerability	VCID-ttwq-29ke-s7ez

vulnerability	VCID-uwqd-um3d-97bk

vulnerability	VCID-y73g-hkmg-c7dp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.13.40

url pkg:composer/contao/core-bundle@5.0.0-RC1

purl pkg:composer/contao/core-bundle@5.0.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5188-r5n1-tycn

vulnerability	VCID-53kv-tku1-x3fk

vulnerability	VCID-9d3a-nqn3-yyd4

vulnerability	VCID-kgp5-x27x-vyh6

vulnerability	VCID-n1pv-237p-e3ay

vulnerability	VCID-r8z4-2ayx-1bg4

vulnerability	VCID-uwqd-um3d-97bk

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.0.0-RC1

aliases CVE-2024-30262, GHSA-r4r6-j2j3-7pp5

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ezy-wm8p-fudx

url VCID-hcak-ajk5-nka1

vulnerability_id VCID-hcak-ajk5-nka1

summary

SQL injection vulnerability
Both the search filter in the back end and the "listing" module in the front end are vulnerable to SQL injection. To exploit the vulnerability in the back end, a back end user has to be logged in, whereas the front end vulnerability can be exploited by anyone.

references

reference_url	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16558
reference_id
reference_type
scores
url	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16558

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-16558

reference_id

reference_type

scores

value	0.00288
scoring_system	epss
scoring_elements	0.5246
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-16558

reference_url

https://contao.org/de/changelog/versions/4.4.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://contao.org/de/changelog/versions/4.4.html

reference_url

https://contao.org/en/news/contao-4_4_8.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://contao.org/en/news/contao-4_4_8.html

reference_url

https://github.com/contao/contao/blob/4.4.57/CHANGELOG.md#448-2017-11-15

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/contao/contao/blob/4.4.57/CHANGELOG.md#448-2017-11-15

reference_url

https://github.com/contao/contao/commit/501cb3cd34d61089b94e7ed78da53977bc71fc3e

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/contao/contao/commit/501cb3cd34d61089b94e7ed78da53977bc71fc3e

reference_url

https://github.com/contao/contao/commit/6b4a2711edf166c85cfd7a53fed6aea56d4f0544

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/contao/contao/commit/6b4a2711edf166c85cfd7a53fed6aea56d4f0544

reference_url	https://github.com/contao/core-bundle/commit/92598f97b513e0b831dbfd68d471c44c79c425a4
reference_id
reference_type
scores
url	https://github.com/contao/core-bundle/commit/92598f97b513e0b831dbfd68d471c44c79c425a4

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-16558.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-16558.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-16558.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-16558.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/listing-bundle/CVE-2017-16558.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/listing-bundle/CVE-2017-16558.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-16558

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-16558

fixed_packages

url pkg:composer/contao/core-bundle@4.4.8

purl pkg:composer/contao/core-bundle@4.4.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2yp8-5gu9-3uaz

vulnerability	VCID-36gy-wpwv-rqew

vulnerability	VCID-3ezy-wm8p-fudx

vulnerability	VCID-3vgc-cz48-ybd2

vulnerability	VCID-44rf-v5ep-fbd9

vulnerability	VCID-5188-r5n1-tycn

vulnerability	VCID-6x8j-5qsd-9ycb

vulnerability	VCID-7xp8-e1k3-a3bz

vulnerability	VCID-8nqr-2rzv-ufh3

vulnerability	VCID-bmmc-gmwu-a7dx

vulnerability	VCID-cggz-67cp-2bha

vulnerability	VCID-crxv-8yda-d3ex

vulnerability	VCID-gwrb-9v7c-tfgb

vulnerability	VCID-k1t6-91wr-xqc2

vulnerability	VCID-kgp5-x27x-vyh6

vulnerability	VCID-pawf-h8n3-83hh

vulnerability	VCID-r8z4-2ayx-1bg4

vulnerability	VCID-ttwq-29ke-s7ez

vulnerability	VCID-uwqd-um3d-97bk

vulnerability	VCID-v3dm-nk2z-e7cx

vulnerability	VCID-xydg-y6gc-kyfq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.4.8

url pkg:composer/contao/core-bundle@4.5.0-beta2

purl pkg:composer/contao/core-bundle@4.5.0-beta2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-36gy-wpwv-rqew

vulnerability	VCID-3ezy-wm8p-fudx

vulnerability	VCID-44rf-v5ep-fbd9

vulnerability	VCID-5188-r5n1-tycn

vulnerability	VCID-bmmc-gmwu-a7dx

vulnerability	VCID-crxv-8yda-d3ex

vulnerability	VCID-kgp5-x27x-vyh6

vulnerability	VCID-pawf-h8n3-83hh

vulnerability	VCID-r8z4-2ayx-1bg4

vulnerability	VCID-ttwq-29ke-s7ez

vulnerability	VCID-uwqd-um3d-97bk

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.5.0-beta2

aliases CVE-2017-16558, GHSA-w38g-hj45-mjjp

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hcak-ajk5-nka1

url VCID-pawf-h8n3-83hh

vulnerability_id VCID-pawf-h8n3-83hh

summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Contao is an open source content management system. Prior to versions 4.9.40, 4.13.21, and 5.1.4, logged in users can list arbitrary system files in the file manager by manipulating the Ajax request. However, it is not possible to read the contents of these files. Users should update to Contao 4.9.40, 4.13.21 or 5.1.4 to receive a patch. There are no known workarounds.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-29200

reference_id

reference_type

scores

value	0.00578
scoring_system	epss
scoring_elements	0.69176
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-29200

reference_url

https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:37:07Z/

url

https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager

reference_url

https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager.html

reference_url

https://github.com/contao/contao

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/contao/contao

reference_url

https://github.com/contao/contao/commit/6f3e705f4ff23f4419563d09d8485793569f31df

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:37:07Z/

url

https://github.com/contao/contao/commit/6f3e705f4ff23f4419563d09d8485793569f31df

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-29200

reference_id

CVE-2023-29200

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-29200

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2023-29200.yaml

reference_id

CVE-2023-29200.YAML

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2023-29200.yaml

reference_url

https://github.com/advisories/GHSA-fp7q-xhhw-6rj3

reference_id

GHSA-fp7q-xhhw-6rj3

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fp7q-xhhw-6rj3

reference_url

https://github.com/contao/contao/security/advisories/GHSA-fp7q-xhhw-6rj3

reference_id

GHSA-fp7q-xhhw-6rj3

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:37:07Z/

url

https://github.com/contao/contao/security/advisories/GHSA-fp7q-xhhw-6rj3

fixed_packages

url pkg:composer/contao/core-bundle@4.9.40

purl pkg:composer/contao/core-bundle@4.9.40

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3ezy-wm8p-fudx

vulnerability	VCID-44rf-v5ep-fbd9

vulnerability	VCID-5188-r5n1-tycn

vulnerability	VCID-53kv-tku1-x3fk

vulnerability	VCID-bmmc-gmwu-a7dx

vulnerability	VCID-crxv-8yda-d3ex

vulnerability	VCID-kgp5-x27x-vyh6

vulnerability	VCID-n1pv-237p-e3ay

vulnerability	VCID-r8z4-2ayx-1bg4

vulnerability	VCID-ttwq-29ke-s7ez

vulnerability	VCID-uwqd-um3d-97bk

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.9.40

url pkg:composer/contao/core-bundle@4.10.0-RC1

purl pkg:composer/contao/core-bundle@4.10.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-36gy-wpwv-rqew

vulnerability	VCID-3ezy-wm8p-fudx

vulnerability	VCID-44rf-v5ep-fbd9

vulnerability	VCID-5188-r5n1-tycn

vulnerability	VCID-53kv-tku1-x3fk

vulnerability	VCID-crxv-8yda-d3ex

vulnerability	VCID-kgp5-x27x-vyh6

vulnerability	VCID-n1pv-237p-e3ay

vulnerability	VCID-r8z4-2ayx-1bg4

vulnerability	VCID-ttwq-29ke-s7ez

vulnerability	VCID-uwqd-um3d-97bk

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.10.0-RC1

url pkg:composer/contao/core-bundle@4.13.21

purl pkg:composer/contao/core-bundle@4.13.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3ezy-wm8p-fudx

vulnerability	VCID-44rf-v5ep-fbd9

vulnerability	VCID-5188-r5n1-tycn

vulnerability	VCID-53kv-tku1-x3fk

vulnerability	VCID-bmmc-gmwu-a7dx

vulnerability	VCID-crxv-8yda-d3ex

vulnerability	VCID-kgp5-x27x-vyh6

vulnerability	VCID-n1pv-237p-e3ay

vulnerability	VCID-r8z4-2ayx-1bg4

vulnerability	VCID-ttwq-29ke-s7ez

vulnerability	VCID-uwqd-um3d-97bk

vulnerability	VCID-y73g-hkmg-c7dp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.13.21

url pkg:composer/contao/core-bundle@5.0.0-RC1

purl pkg:composer/contao/core-bundle@5.0.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5188-r5n1-tycn

vulnerability	VCID-53kv-tku1-x3fk

vulnerability	VCID-9d3a-nqn3-yyd4

vulnerability	VCID-kgp5-x27x-vyh6

vulnerability	VCID-n1pv-237p-e3ay

vulnerability	VCID-r8z4-2ayx-1bg4

vulnerability	VCID-uwqd-um3d-97bk

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.0.0-RC1

url pkg:composer/contao/core-bundle@5.1.4

purl pkg:composer/contao/core-bundle@5.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-44rf-v5ep-fbd9

vulnerability	VCID-5188-r5n1-tycn

vulnerability	VCID-53kv-tku1-x3fk

vulnerability	VCID-9d3a-nqn3-yyd4

vulnerability	VCID-auy8-w747-7qg1

vulnerability	VCID-bmmc-gmwu-a7dx

vulnerability	VCID-kgp5-x27x-vyh6

vulnerability	VCID-n1pv-237p-e3ay

vulnerability	VCID-r8z4-2ayx-1bg4

vulnerability	VCID-uwqd-um3d-97bk

vulnerability	VCID-y73g-hkmg-c7dp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.1.4

url pkg:composer/contao/core-bundle@5.5.4

purl pkg:composer/contao/core-bundle@5.5.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5188-r5n1-tycn

vulnerability	VCID-9d3a-nqn3-yyd4

vulnerability	VCID-auy8-w747-7qg1

vulnerability	VCID-crxv-8yda-d3ex

vulnerability	VCID-n1pv-237p-e3ay

vulnerability	VCID-uwqd-um3d-97bk

vulnerability	VCID-w65f-31zb-8kgd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.5.4

aliases CVE-2023-29200, GHSA-fp7q-xhhw-6rj3

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pawf-h8n3-83hh

url VCID-ttwq-29ke-s7ez

vulnerability_id VCID-ttwq-29ke-s7ez

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-45604

reference_id

reference_type

scores

value	0.00747
scoring_system	epss
scoring_elements	0.73387
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-45604

reference_url

https://contao.org/en/security-advisories/directory-traversal-in-the-fileselector-widget

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T13:09:34Z/

url

https://contao.org/en/security-advisories/directory-traversal-in-the-fileselector-widget

reference_url

https://github.com/contao/contao

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/contao/contao

reference_url

https://github.com/contao/contao/commit/63409c6bdfd95197d9906e229d765b630d45742e

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/contao/contao/commit/63409c6bdfd95197d9906e229d765b630d45742e

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-45604

reference_id

CVE-2024-45604

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-45604

reference_url

https://github.com/advisories/GHSA-4p75-5p53-65m9

reference_id

GHSA-4p75-5p53-65m9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4p75-5p53-65m9

reference_url

https://github.com/contao/contao/security/advisories/GHSA-4p75-5p53-65m9

reference_id

GHSA-4p75-5p53-65m9

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T13:09:34Z/

url

https://github.com/contao/contao/security/advisories/GHSA-4p75-5p53-65m9

fixed_packages

url pkg:composer/contao/core-bundle@4.13.49

purl pkg:composer/contao/core-bundle@4.13.49

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5188-r5n1-tycn

vulnerability	VCID-crxv-8yda-d3ex

vulnerability	VCID-n1pv-237p-e3ay

vulnerability	VCID-uwqd-um3d-97bk

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.13.49

url pkg:composer/contao/core-bundle@5.0.0-RC1

purl pkg:composer/contao/core-bundle@5.0.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5188-r5n1-tycn

vulnerability	VCID-53kv-tku1-x3fk

vulnerability	VCID-9d3a-nqn3-yyd4

vulnerability	VCID-kgp5-x27x-vyh6

vulnerability	VCID-n1pv-237p-e3ay

vulnerability	VCID-r8z4-2ayx-1bg4

vulnerability	VCID-uwqd-um3d-97bk

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.0.0-RC1

aliases CVE-2024-45604, GHSA-4p75-5p53-65m9

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ttwq-29ke-s7ez

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.0.0-beta1

Package Instance