{"url":"http://public2.vulnerablecode.io/api/packages/504808?format=json","purl":"pkg:composer/directmailteam/direct-mail@5.0","type":"composer","namespace":"directmailteam","name":"direct-mail","version":"5.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.0.3","latest_non_vulnerable_version":"9.5.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/321715?format=json","vulnerability_id":"VCID-4982-2x83-7fdh","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12700","reference_id":"","reference_type":"","scores":[{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31954","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12700"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12700","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12700"},{"reference_url":"https://typo3.org/security/advisory/typo3-ext-sa-2020-005","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/security/advisory/typo3-ext-sa-2020-005"},{"reference_url":"https://github.com/advisories/GHSA-qwmj-72mp-q3m2","reference_id":"GHSA-qwmj-72mp-q3m2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qwmj-72mp-q3m2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383152?format=json","purl":"pkg:composer/directmailteam/direct-mail@5.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jz8b-mdrx-gkhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/directmailteam/direct-mail@5.2.4"}],"aliases":["CVE-2020-12700","GHSA-qwmj-72mp-q3m2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4982-2x83-7fdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/321713?format=json","vulnerability_id":"VCID-9x8y-fu93-4uef","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12698","reference_id":"","reference_type":"","scores":[{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31954","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12698"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12698","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12698"},{"reference_url":"https://typo3.org/security/advisory/typo3-ext-sa-2020-005","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/security/advisory/typo3-ext-sa-2020-005"},{"reference_url":"https://github.com/advisories/GHSA-9pm8-xcj6-2m33","reference_id":"GHSA-9pm8-xcj6-2m33","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9pm8-xcj6-2m33"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383152?format=json","purl":"pkg:composer/directmailteam/direct-mail@5.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jz8b-mdrx-gkhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/directmailteam/direct-mail@5.2.4"}],"aliases":["CVE-2020-12698","GHSA-9pm8-xcj6-2m33"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9x8y-fu93-4uef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/312723?format=json","vulnerability_id":"VCID-frx5-seaz-e7dk","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16698","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.2963","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16698"},{"reference_url":"https://extensions.typo3.org/extension/direct_mail","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://extensions.typo3.org/extension/direct_mail"},{"reference_url":"https://github.com/kartolo/direct_mail","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/kartolo/direct_mail"},{"reference_url":"https://github.com/kartolo/direct_mail/commit/3a70924777294c7fb40e9f6eb3f7627bac58dfd1","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/kartolo/direct_mail/commit/3a70924777294c7fb40e9f6eb3f7627bac58dfd1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16698","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16698"},{"reference_url":"https://typo3.org/security/advisory/typo3-ext-sa-2019-016","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/security/advisory/typo3-ext-sa-2019-016"},{"reference_url":"https://typo3.org/security/advisory/typo3-ext-sa-2019-016/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-ext-sa-2019-016/"},{"reference_url":"https://github.com/advisories/GHSA-j2w4-45qm-r674","reference_id":"GHSA-j2w4-45qm-r674","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j2w4-45qm-r674"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384884?format=json","purl":"pkg:composer/directmailteam/direct-mail@5.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4982-2x83-7fdh"},{"vulnerability":"VCID-9x8y-fu93-4uef"},{"vulnerability":"VCID-jz8b-mdrx-gkhh"},{"vulnerability":"VCID-sqja-v4hk-5yhu"},{"vulnerability":"VCID-z4dk-2ppt-7udn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/directmailteam/direct-mail@5.2.3"}],"aliases":["CVE-2019-16698","GHSA-j2w4-45qm-r674"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-frx5-seaz-e7dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360936?format=json","vulnerability_id":"VCID-jz8b-mdrx-gkhh","summary":"Configuration Injection in extension \"Direct Mail\" (direct_mail)\nThe “Configuration” backend module of the extension allows an authenticated user to write arbitrary page TSConfig for folders configured as “Direct Mail”. Exploiting the vulnerability may lead to Configuration Injection (TYPO3 10.4 and above) and to Arbitrary Code Execution (TYPO3 9.5 and below).\n\nA valid backend user account having access to the Direct Mail \"Configuration\" backend  module is needed in order to exploit this vulnerability.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/directmailteam/direct-mail/CVE-2023-50461.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/directmailteam/direct-mail/CVE-2023-50461.yaml"},{"reference_url":"https://github.com/kartolo/direct_mail","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/kartolo/direct_mail"},{"reference_url":"https://typo3.org/security/advisory/typo3-ext-sa-2023-011","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/security/advisory/typo3-ext-sa-2023-011"},{"reference_url":"https://github.com/advisories/GHSA-p6xx-fhfw-7mj7","reference_id":"GHSA-p6xx-fhfw-7mj7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p6xx-fhfw-7mj7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380264?format=json","purl":"pkg:composer/directmailteam/direct-mail@6.0.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/directmailteam/direct-mail@6.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/380263?format=json","purl":"pkg:composer/directmailteam/direct-mail@7.0.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/directmailteam/direct-mail@7.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/380262?format=json","purl":"pkg:composer/directmailteam/direct-mail@9.5.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/directmailteam/direct-mail@9.5.2"}],"aliases":["CVE-2023-50461","GHSA-p6xx-fhfw-7mj7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jz8b-mdrx-gkhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/321712?format=json","vulnerability_id":"VCID-sqja-v4hk-5yhu","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12697","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56205","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12697"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12697","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12697"},{"reference_url":"https://typo3.org/security/advisory/typo3-ext-sa-2020-005","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/security/advisory/typo3-ext-sa-2020-005"},{"reference_url":"https://github.com/advisories/GHSA-5gm6-r79q-hfgw","reference_id":"GHSA-5gm6-r79q-hfgw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5gm6-r79q-hfgw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383152?format=json","purl":"pkg:composer/directmailteam/direct-mail@5.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jz8b-mdrx-gkhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/directmailteam/direct-mail@5.2.4"}],"aliases":["CVE-2020-12697","GHSA-5gm6-r79q-hfgw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sqja-v4hk-5yhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/321714?format=json","vulnerability_id":"VCID-z4dk-2ppt-7udn","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12699","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38189","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12699"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12699","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12699"},{"reference_url":"https://typo3.org/security/advisory/typo3-ext-sa-2020-005","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/security/advisory/typo3-ext-sa-2020-005"},{"reference_url":"https://github.com/advisories/GHSA-952m-m83c-3xm6","reference_id":"GHSA-952m-m83c-3xm6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-952m-m83c-3xm6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383152?format=json","purl":"pkg:composer/directmailteam/direct-mail@5.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jz8b-mdrx-gkhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/directmailteam/direct-mail@5.2.4"}],"aliases":["CVE-2020-12699","GHSA-952m-m83c-3xm6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z4dk-2ppt-7udn"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/directmailteam/direct-mail@5.0"}