Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/typo3/cms-form@11.1.0

Type composer

Namespace typo3

Name cms-form

Version 11.1.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 12.4.25

Latest_non_vulnerable_version 14.3.3

Affected_by_vulnerabilities

url VCID-91ky-rf6s-mudv

vulnerability_id VCID-91ky-rf6s-mudv

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21358

reference_id

reference_type

scores

value	0.00379
scoring_system	epss
scoring_elements	0.59849
published_at	2026-06-11T12:55:00Z

value	0.00379
scoring_system	epss
scoring_elements	0.59957
published_at	2026-06-12T12:55:00Z

value	0.00379
scoring_system	epss
scoring_elements	0.59968
published_at	2026-06-13T12:55:00Z

value	0.00379
scoring_system	epss
scoring_elements	0.5996
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21358

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21358.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21358.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21358.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21358.yaml

reference_url

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21358

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21358

reference_url

https://packagist.org/packages/typo3/cms-form

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://packagist.org/packages/typo3/cms-form

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2021-004

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://typo3.org/security/advisory/typo3-core-sa-2021-004

reference_url

https://github.com/advisories/GHSA-x79j-wgqv-g8h2

reference_id

GHSA-x79j-wgqv-g8h2

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x79j-wgqv-g8h2

fixed_packages

url pkg:composer/typo3/cms-form@11.1.1

purl pkg:composer/typo3/cms-form@11.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v7x2-zg4n-9yb2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-form@11.1.1

aliases CVE-2021-21358, GHSA-x79j-wgqv-g8h2

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-91ky-rf6s-mudv

url VCID-k2ma-t35n-abha

vulnerability_id VCID-k2ma-t35n-abha

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21355

reference_id

reference_type

scores

value	0.00416
scoring_system	epss
scoring_elements	0.62172
published_at	2026-06-11T12:55:00Z

value	0.00416
scoring_system	epss
scoring_elements	0.62274
published_at	2026-06-12T12:55:00Z

value	0.00416
scoring_system	epss
scoring_elements	0.62285
published_at	2026-06-13T12:55:00Z

value	0.00416
scoring_system	epss
scoring_elements	0.6228
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21355

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21355.yaml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21355.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21355.yaml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21355.yaml

reference_url

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21355

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21355

reference_url

https://packagist.org/packages/typo3/cms-form

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://packagist.org/packages/typo3/cms-form

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2021-002

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://typo3.org/security/advisory/typo3-core-sa-2021-002

reference_url

https://github.com/advisories/GHSA-2r6j-862c-m2v2

reference_id

GHSA-2r6j-862c-m2v2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2r6j-862c-m2v2

fixed_packages

url pkg:composer/typo3/cms-form@11.1.1

purl pkg:composer/typo3/cms-form@11.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v7x2-zg4n-9yb2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-form@11.1.1

aliases CVE-2021-21355, GHSA-2r6j-862c-m2v2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k2ma-t35n-abha

url VCID-v7x2-zg4n-9yb2

vulnerability_id VCID-v7x2-zg4n-9yb2

summary TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none The vulnerability in the affected downstream component “Form Framework Module” allows attackers to manipulate or delete persisted form definitions. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-55922

reference_id

reference_type

scores

value	0.00189
scoring_system	epss
scoring_elements	0.40759
published_at	2026-06-12T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40769
published_at	2026-06-14T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40782
published_at	2026-06-13T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40591
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-55922

reference_url

https://github.com/TYPO3-CMS/form

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3-CMS/form

reference_url

https://github.com/TYPO3-CMS/form/commit/93327743f5dfd31c44898ce16e3e004e05f8ba5f

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3-CMS/form/commit/93327743f5dfd31c44898ce16e3e004e05f8ba5f

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-55922

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-55922

reference_url

https://github.com/advisories/GHSA-ww7h-g2qf-7xv6

reference_id

GHSA-ww7h-g2qf-7xv6

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-ww7h-g2qf-7xv6

reference_url

https://github.com/TYPO3/typo3/security/advisories/GHSA-ww7h-g2qf-7xv6

reference_id

GHSA-ww7h-g2qf-7xv6

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:42:02Z/

url

https://github.com/TYPO3/typo3/security/advisories/GHSA-ww7h-g2qf-7xv6

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2025-007

reference_id

typo3-core-sa-2025-007

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:42:02Z/

url

https://typo3.org/security/advisory/typo3-core-sa-2025-007

fixed_packages

url	pkg:composer/typo3/cms-form@11.5.42
purl	pkg:composer/typo3/cms-form@11.5.42
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-form@11.5.42

url	pkg:composer/typo3/cms-form@12.4.25
purl	pkg:composer/typo3/cms-form@12.4.25
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-form@12.4.25

url	pkg:composer/typo3/cms-form@13.4.3
purl	pkg:composer/typo3/cms-form@13.4.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-form@13.4.3

aliases CVE-2024-55922, GHSA-ww7h-g2qf-7xv6

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v7x2-zg4n-9yb2

url VCID-wmvt-9z94-qkak

vulnerability_id VCID-wmvt-9z94-qkak

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21357

reference_id

reference_type

scores

value	0.01121
scoring_system	epss
scoring_elements	0.78658
published_at	2026-06-11T12:55:00Z

value	0.01121
scoring_system	epss
scoring_elements	0.78724
published_at	2026-06-12T12:55:00Z

value	0.01121
scoring_system	epss
scoring_elements	0.7874
published_at	2026-06-13T12:55:00Z

value	0.01121
scoring_system	epss
scoring_elements	0.78736
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21357

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21357.yaml

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21357.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21357.yaml

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21357.yaml

reference_url

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21357

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21357

reference_url

https://packagist.org/packages/typo3/cms-form

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://packagist.org/packages/typo3/cms-form

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2021-003

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://typo3.org/security/advisory/typo3-core-sa-2021-003

reference_url

https://github.com/advisories/GHSA-3vg7-jw9m-pc3f

reference_id

GHSA-3vg7-jw9m-pc3f

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3vg7-jw9m-pc3f

fixed_packages

url pkg:composer/typo3/cms-form@11.1.1

purl pkg:composer/typo3/cms-form@11.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v7x2-zg4n-9yb2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-form@11.1.1

aliases CVE-2021-21357, GHSA-3vg7-jw9m-pc3f

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wmvt-9z94-qkak

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-form@11.1.0

Package Instance