{"url":"http://public2.vulnerablecode.io/api/packages/22342?format=json","purl":"pkg:composer/typo3/cms@8.0.0-alpha","type":"composer","namespace":"typo3","name":"cms","version":"8.0.0-alpha","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"10.4.35","latest_non_vulnerable_version":"12.2.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7407?format=json","vulnerability_id":"VCID-h958-d3pm-kfcs","summary":"Missing Access Check\nExtbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation. The missing access check inevitably leads to information disclosure or remote code execution, depending on the action that an attacker is able to execute.","references":[{"reference_url":"https://github.com/TYPO3/TYPO3.CMS/commit/21ed4054212babb7ec75d80a24f95c6ba25bd2fb","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/TYPO3.CMS/commit/21ed4054212babb7ec75d80a24f95c6ba25bd2fb"},{"reference_url":"https://github.com/TYPO3/TYPO3.CMS/commit/404f09d491c96b294ded5e2741277dfbeba92807","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/TYPO3.CMS/commit/404f09d491c96b294ded5e2741277dfbeba92807"},{"reference_url":"https://github.com/TYPO3/TYPO3.CMS/commit/c10db60dfc87c33542c418fa316754a5309c3e26","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/TYPO3.CMS/commit/c10db60dfc87c33542c418fa316754a5309c3e26"},{"reference_url":"https://typo3.org/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/missing-access-check-in-typo3-cms/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/missing-access-check-in-typo3-cms/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22345?format=json","purl":"pkg:composer/typo3/cms@8.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18dg-eevv-3ug9"},{"vulnerability":"VCID-1jcy-nx8g-z3d3"},{"vulnerability":"VCID-1kae-ffj3-xyc7"},{"vulnerability":"VCID-1qjx-grvf-y7bk"},{"vulnerability":"VCID-25t3-1sm6-3kdn"},{"vulnerability":"VCID-28bf-jvah-zkhw"},{"vulnerability":"VCID-2fs8-bscc-3ye2"},{"vulnerability":"VCID-2meq-x4kd-bbdn"},{"vulnerability":"VCID-3gg5-1921-rbfs"},{"vulnerability":"VCID-3n2r-awja-dug9"},{"vulnerability":"VCID-3v4n-fzxa-bfaw"},{"vulnerability":"VCID-435j-f3yx-9yep"},{"vulnerability":"VCID-47px-4d98-ubab"},{"vulnerability":"VCID-4ack-haf2-cfbe"},{"vulnerability":"VCID-4btk-jt5n-2ugf"},{"vulnerability":"VCID-551q-gpyd-ffe8"},{"vulnerability":"VCID-5jgb-dsyx-hyb4"},{"vulnerability":"VCID-5paq-5frf-43ed"},{"vulnerability":"VCID-5ppt-avmb-cqb2"},{"vulnerability":"VCID-5qfv-y43v-akdm"},{"vulnerability":"VCID-5yg8-2cbr-d3as"},{"vulnerability":"VCID-6487-15z5-pkd4"},{"vulnerability":"VCID-6b5q-vzs3-pkcc"},{"vulnerability":"VCID-6wsa-4ywc-8fh4"},{"vulnerability":"VCID-7d1g-j3k5-gub8"},{"vulnerability":"VCID-8jp8-a363-67be"},{"vulnerability":"VCID-9g62-zd1x-3bdg"},{"vulnerability":"VCID-9gpp-ez8w-rqav"},{"vulnerability":"VCID-auw7-pc55-73hj"},{"vulnerability":"VCID-axaf-45kr-kbfe"},{"vulnerability":"VCID-bajy-qbwq-fufn"},{"vulnerability":"VCID-bck9-34jp-6ydx"},{"vulnerability":"VCID-bmj2-4k58-tqa4"},{"vulnerability":"VCID-bnne-7p2q-eqd2"},{"vulnerability":"VCID-bxjw-7426-gyb8"},{"vulnerability":"VCID-c2tm-eqmm-1ugt"},{"vulnerability":"VCID-c6zq-cfg5-u7d9"},{"vulnerability":"VCID-cm14-t8uv-k3es"},{"vulnerability":"VCID-cmka-8484-27bu"},{"vulnerability":"VCID-dbrh-t8zx-nkd9"},{"vulnerability":"VCID-dj88-f3p8-cfbn"},{"vulnerability":"VCID-dm97-51uu-r7gw"},{"vulnerability":"VCID-dquc-7amf-e7cs"},{"vulnerability":"VCID-dsu7-jjjq-f3e1"},{"vulnerability":"VCID-e72u-tpc3-23g3"},{"vulnerability":"VCID-e7sv-4xc2-m3d5"},{"vulnerability":"VCID-eajg-ctpd-2bby"},{"vulnerability":"VCID-ehzg-bzrd-kbcc"},{"vulnerability":"VCID-ekfd-wp8z-d7e1"},{"vulnerability":"VCID-ep6t-zwd1-4bb3"},{"vulnerability":"VCID-euk5-hagy-xqfz"},{"vulnerability":"VCID-fy3g-uegw-2bew"},{"vulnerability":"VCID-gcnj-6qb6-pbgz"},{"vulnerability":"VCID-h63t-9enx-qfdn"},{"vulnerability":"VCID-he5m-6wj4-rbhc"},{"vulnerability":"VCID-hpgq-deze-p7dp"},{"vulnerability":"VCID-hv3n-j8ck-1ufx"},{"vulnerability":"VCID-j77k-hjgx-5kc5"},{"vulnerability":"VCID-jmu3-5k7e-x7ch"},{"vulnerability":"VCID-jppe-cbgm-k3cz"},{"vulnerability":"VCID-jqth-wfgx-87cx"},{"vulnerability":"VCID-jqx9-41zx-dbcy"},{"vulnerability":"VCID-k4h1-mvnf-1ybx"},{"vulnerability":"VCID-k8af-cg9k-87a9"},{"vulnerability":"VCID-m3nf-1qbv-d3dj"},{"vulnerability":"VCID-m7w6-b2xu-6uee"},{"vulnerability":"VCID-mnz3-rj21-67ad"},{"vulnerability":"VCID-mqbh-k9n3-nbed"},{"vulnerability":"VCID-mqk6-z77g-bfdv"},{"vulnerability":"VCID-mub5-s7h1-57cy"},{"vulnerability":"VCID-n15v-ta9h-6ffb"},{"vulnerability":"VCID-n61z-6v8a-hygf"},{"vulnerability":"VCID-n78p-x7hh-gqcf"},{"vulnerability":"VCID-nnh9-udcj-m7fv"},{"vulnerability":"VCID-nt6a-5zkv-pbcm"},{"vulnerability":"VCID-nwxj-3ajk-rkh5"},{"vulnerability":"VCID-p545-vwe6-9kfr"},{"vulnerability":"VCID-pk8d-8u15-5bfq"},{"vulnerability":"VCID-pnfa-cksc-43de"},{"vulnerability":"VCID-prbd-r82t-87dm"},{"vulnerability":"VCID-px44-19tj-h7aa"},{"vulnerability":"VCID-q8hy-wjd9-nbgp"},{"vulnerability":"VCID-q9ak-qcq6-qfhy"},{"vulnerability":"VCID-qb4j-9tz7-m7a2"},{"vulnerability":"VCID-rdrs-mhaw-b3ge"},{"vulnerability":"VCID-rzw5-8d1u-sfam"},{"vulnerability":"VCID-s64f-x81f-b7ce"},{"vulnerability":"VCID-shqd-udhm-pff8"},{"vulnerability":"VCID-sr3p-pdxy-4yhu"},{"vulnerability":"VCID-stzu-sxe6-5yf5"},{"vulnerability":"VCID-t1n7-eswt-73gw"},{"vulnerability":"VCID-t3jn-vwbx-u7cr"},{"vulnerability":"VCID-tmrt-6fxw-5ugh"},{"vulnerability":"VCID-tqf5-2fsm-8fch"},{"vulnerability":"VCID-tw1y-t4qj-j3d1"},{"vulnerability":"VCID-uckg-j48d-efad"},{"vulnerability":"VCID-utpu-q2dv-m3hm"},{"vulnerability":"VCID-vndb-w8e1-4ugv"},{"vulnerability":"VCID-vrt1-aj9v-2kb6"},{"vulnerability":"VCID-vxj6-wvyz-zbaq"},{"vulnerability":"VCID-vxry-uvph-kbfd"},{"vulnerability":"VCID-vybh-pxr3-17hn"},{"vulnerability":"VCID-wea9-egep-h7g5"},{"vulnerability":"VCID-wge3-kxdq-f3bz"},{"vulnerability":"VCID-wr5t-xqnn-gkcj"},{"vulnerability":"VCID-wxps-mnue-6bbh"},{"vulnerability":"VCID-xa4m-xpa9-v7h8"},{"vulnerability":"VCID-xh7y-56vy-5ud8"},{"vulnerability":"VCID-xqew-bx7v-1qfk"},{"vulnerability":"VCID-y32z-2d3f-gkgw"},{"vulnerability":"VCID-zawz-vky5-tkgt"},{"vulnerability":"VCID-zdq2-dhb2-6kaq"},{"vulnerability":"VCID-zspb-bd6j-wyd2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.1.1"}],"aliases":["TYPO3-CORE-SA-2016-013"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h958-d3pm-kfcs"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.0.0-alpha"}