Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/typo3fluid/fluid@1.0.1
Typecomposer
Namespacetypo3fluid
Namefluid
Version1.0.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.8
Latest_non_vulnerable_version2.6.10
Affected_by_vulnerabilities
0
url VCID-jtky-62am-k7hz
vulnerability_id VCID-jtky-62am-k7hz
summary 
Cross-site Scripting
TYPO3 Fluid is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid - `TagBasedViewHelper` allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with attribute-closing quotes followed by HTML. When rendering such attributes, `TagBuilder` would not escape the keys. `ViewHelpers` which used the `CompileWithContentArgumentAndRenderStatic` trait, and which declared escapeOutput = false, would receive the content argument in unescaped format. Subclasses of `AbstractConditionViewHelper` would receive the then and else arguments in unescaped format. More details are available in the linked advisory.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26216
reference_id
reference_type
scores
0
value 0.00583
scoring_system epss
scoring_elements 0.69376
published_at 2026-06-04T12:55:00Z
1
value 0.00583
scoring_system epss
scoring_elements 0.69402
published_at 2026-06-08T12:55:00Z
2
value 0.00583
scoring_system epss
scoring_elements 0.69414
published_at 2026-06-07T12:55:00Z
3
value 0.00583
scoring_system epss
scoring_elements 0.69424
published_at 2026-06-06T12:55:00Z
4
value 0.00583
scoring_system epss
scoring_elements 0.69416
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26216
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3fluid/fluid/CVE-2020-26216.yaml
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3fluid/fluid/CVE-2020-26216.yaml
2
reference_url https://github.com/TYPO3/Fluid/commit/f20db4e74cf9803c6cffca2ed2f03e1b0b89d0dc
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/Fluid/commit/f20db4e74cf9803c6cffca2ed2f03e1b0b89d0dc
3
reference_url https://github.com/TYPO3/Fluid/security/advisories/GHSA-hpjm-3ww5-6cpf
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/Fluid/security/advisories/GHSA-hpjm-3ww5-6cpf
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2020-009
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2020-009
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26216
reference_id CVE-2020-26216
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26216
6
reference_url https://github.com/advisories/GHSA-hpjm-3ww5-6cpf
reference_id GHSA-hpjm-3ww5-6cpf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hpjm-3ww5-6cpf
fixed_packages
0
url pkg:composer/typo3fluid/fluid@2.0.8
purl pkg:composer/typo3fluid/fluid@2.0.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3fluid/fluid@2.0.8
1
url pkg:composer/typo3fluid/fluid@2.1.7
purl pkg:composer/typo3fluid/fluid@2.1.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3fluid/fluid@2.1.7
2
url pkg:composer/typo3fluid/fluid@2.2.4
purl pkg:composer/typo3fluid/fluid@2.2.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3fluid/fluid@2.2.4
3
url pkg:composer/typo3fluid/fluid@2.3.7
purl pkg:composer/typo3fluid/fluid@2.3.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3fluid/fluid@2.3.7
4
url pkg:composer/typo3fluid/fluid@2.4.4
purl pkg:composer/typo3fluid/fluid@2.4.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3fluid/fluid@2.4.4
5
url pkg:composer/typo3fluid/fluid@2.5.11
purl pkg:composer/typo3fluid/fluid@2.5.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3fluid/fluid@2.5.11
6
url pkg:composer/typo3fluid/fluid@2.6.10
purl pkg:composer/typo3fluid/fluid@2.6.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3fluid/fluid@2.6.10
aliases CVE-2020-26216, GHSA-hpjm-3ww5-6cpf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jtky-62am-k7hz
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/typo3fluid/fluid@1.0.1