Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/directmailteam/direct-mail@5.0.1
Typecomposer
Namespacedirectmailteam
Namedirect-mail
Version5.0.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.0.3
Latest_non_vulnerable_version9.5.2
Affected_by_vulnerabilities
0
url VCID-2a4k-8gds-2qb2
vulnerability_id VCID-2a4k-8gds-2qb2
summary 
direct_mail for Typo3 sensitive data exposure
The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 has a missing access check in the backend module, allowing a user (with restricted permissions to the fe_users table) to view and export data of frontend users who are subscribed to a newsletter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16698
reference_id
reference_type
scores
0
value 0.00114
scoring_system epss
scoring_elements 0.29727
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16698
1
reference_url https://extensions.typo3.org/extension/direct_mail
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://extensions.typo3.org/extension/direct_mail
2
reference_url https://github.com/kartolo/direct_mail
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kartolo/direct_mail
3
reference_url https://github.com/kartolo/direct_mail/commit/3a70924777294c7fb40e9f6eb3f7627bac58dfd1
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kartolo/direct_mail/commit/3a70924777294c7fb40e9f6eb3f7627bac58dfd1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16698
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16698
5
reference_url https://typo3.org/security/advisory/typo3-ext-sa-2019-016
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-ext-sa-2019-016
6
reference_url https://typo3.org/security/advisory/typo3-ext-sa-2019-016/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-ext-sa-2019-016/
7
reference_url https://github.com/advisories/GHSA-j2w4-45qm-r674
reference_id GHSA-j2w4-45qm-r674
reference_type
scores
url https://github.com/advisories/GHSA-j2w4-45qm-r674
fixed_packages
0
url pkg:composer/directmailteam/direct-mail@5.2.3
purl pkg:composer/directmailteam/direct-mail@5.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-az3m-6mtw-ukdm
1
vulnerability VCID-g8rw-8hjc-hucr
2
vulnerability VCID-gzxu-wqzd-wbbu
3
vulnerability VCID-kds7-cfb3-7ucz
4
vulnerability VCID-z4vj-sd9x-3qdh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/directmailteam/direct-mail@5.2.3
aliases CVE-2019-16698, GHSA-j2w4-45qm-r674
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2a4k-8gds-2qb2
1
url VCID-az3m-6mtw-ukdm
vulnerability_id VCID-az3m-6mtw-ukdm
summary 
Missing Authorization in TYPO3 extension
The direct_mail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12700
reference_id
reference_type
scores
0
value 0.00129
scoring_system epss
scoring_elements 0.32029
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12700
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12700
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12700
2
reference_url https://typo3.org/help/security-advisories
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/help/security-advisories
3
reference_url https://typo3.org/security/advisory/typo3-ext-sa-2020-005
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-ext-sa-2020-005
4
reference_url https://github.com/advisories/GHSA-qwmj-72mp-q3m2
reference_id GHSA-qwmj-72mp-q3m2
reference_type
scores
url https://github.com/advisories/GHSA-qwmj-72mp-q3m2
fixed_packages
0
url pkg:composer/directmailteam/direct-mail@5.2.4
purl pkg:composer/directmailteam/direct-mail@5.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gzxu-wqzd-wbbu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/directmailteam/direct-mail@5.2.4
aliases CVE-2020-12700, GHSA-qwmj-72mp-q3m2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-az3m-6mtw-ukdm
2
url VCID-g8rw-8hjc-hucr
vulnerability_id VCID-g8rw-8hjc-hucr
summary 
Missing Authorization in TYPO3 extension
The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12698
reference_id
reference_type
scores
0
value 0.00129
scoring_system epss
scoring_elements 0.32029
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12698
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12698
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12698
2
reference_url https://typo3.org/help/security-advisories
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/help/security-advisories
3
reference_url https://typo3.org/security/advisory/typo3-ext-sa-2020-005
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-ext-sa-2020-005
4
reference_url https://github.com/advisories/GHSA-9pm8-xcj6-2m33
reference_id GHSA-9pm8-xcj6-2m33
reference_type
scores
url https://github.com/advisories/GHSA-9pm8-xcj6-2m33
fixed_packages
0
url pkg:composer/directmailteam/direct-mail@5.2.4
purl pkg:composer/directmailteam/direct-mail@5.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gzxu-wqzd-wbbu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/directmailteam/direct-mail@5.2.4
aliases CVE-2020-12698, GHSA-9pm8-xcj6-2m33
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g8rw-8hjc-hucr
3
url VCID-gzxu-wqzd-wbbu
vulnerability_id VCID-gzxu-wqzd-wbbu
summary 
Configuration Injection in extension "Direct Mail" (direct_mail)
The “Configuration” backend module of the extension allows an authenticated user to write arbitrary page TSConfig for folders configured as “Direct Mail”. Exploiting the vulnerability may lead to Configuration Injection (TYPO3 10.4 and above) and to Arbitrary Code Execution (TYPO3 9.5 and below).

A valid backend user account having access to the Direct Mail "Configuration" backend  module is needed in order to exploit this vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/directmailteam/direct-mail/CVE-2023-50461.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/directmailteam/direct-mail/CVE-2023-50461.yaml
1
reference_url https://github.com/kartolo/direct_mail
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kartolo/direct_mail
2
reference_url https://typo3.org/security/advisory/typo3-ext-sa-2023-011
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-ext-sa-2023-011
3
reference_url https://github.com/advisories/GHSA-p6xx-fhfw-7mj7
reference_id GHSA-p6xx-fhfw-7mj7
reference_type
scores
url https://github.com/advisories/GHSA-p6xx-fhfw-7mj7
fixed_packages
0
url pkg:composer/directmailteam/direct-mail@6.0.3
purl pkg:composer/directmailteam/direct-mail@6.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/directmailteam/direct-mail@6.0.3
1
url pkg:composer/directmailteam/direct-mail@7.0.3
purl pkg:composer/directmailteam/direct-mail@7.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/directmailteam/direct-mail@7.0.3
2
url pkg:composer/directmailteam/direct-mail@9.5.2
purl pkg:composer/directmailteam/direct-mail@9.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/directmailteam/direct-mail@9.5.2
aliases CVE-2023-50461, GHSA-p6xx-fhfw-7mj7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gzxu-wqzd-wbbu
4
url VCID-kds7-cfb3-7ucz
vulnerability_id VCID-kds7-cfb3-7ucz
summary 
Open redirect in direct_mail
The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12699
reference_id
reference_type
scores
0
value 0.00171
scoring_system epss
scoring_elements 0.3812
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12699
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12699
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12699
2
reference_url https://typo3.org/help/security-advisories
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/help/security-advisories
3
reference_url https://typo3.org/security/advisory/typo3-ext-sa-2020-005
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-ext-sa-2020-005
4
reference_url https://github.com/advisories/GHSA-952m-m83c-3xm6
reference_id GHSA-952m-m83c-3xm6
reference_type
scores
url https://github.com/advisories/GHSA-952m-m83c-3xm6
fixed_packages
0
url pkg:composer/directmailteam/direct-mail@5.2.4
purl pkg:composer/directmailteam/direct-mail@5.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gzxu-wqzd-wbbu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/directmailteam/direct-mail@5.2.4
aliases CVE-2020-12699, GHSA-952m-m83c-3xm6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kds7-cfb3-7ucz
5
url VCID-z4vj-sd9x-3qdh
vulnerability_id VCID-z4vj-sd9x-3qdh
summary 
Denial of service in direct_mail
The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12697
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.56039
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12697
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12697
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12697
2
reference_url https://typo3.org/help/security-advisories
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/help/security-advisories
3
reference_url https://typo3.org/security/advisory/typo3-ext-sa-2020-005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-ext-sa-2020-005
4
reference_url https://github.com/advisories/GHSA-5gm6-r79q-hfgw
reference_id GHSA-5gm6-r79q-hfgw
reference_type
scores
url https://github.com/advisories/GHSA-5gm6-r79q-hfgw
fixed_packages
0
url pkg:composer/directmailteam/direct-mail@5.2.4
purl pkg:composer/directmailteam/direct-mail@5.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gzxu-wqzd-wbbu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/directmailteam/direct-mail@5.2.4
aliases CVE-2020-12697, GHSA-5gm6-r79q-hfgw
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z4vj-sd9x-3qdh
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/directmailteam/direct-mail@5.0.1