Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/typo3/flow@3.0.10
Typecomposer
Namespacetypo3
Nameflow
Version3.0.10
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.0.12
Latest_non_vulnerable_version4.0.6
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-hy8r-du1x-93cf
vulnerability_id VCID-hy8r-du1x-93cf
summary 
Time-Based Information Disclosure Vulnerability
The `PersistedUsernamePasswordProvider` is prone to a information disclosure of account existence based on timing attacks as the hashing of passwords is only done in case an account is found.
references
0
reference_url https://www.neos.io/blog/flow-sa-2016-001.html
reference_id
reference_type
scores
url https://www.neos.io/blog/flow-sa-2016-001.html
fixed_packages
0
url pkg:composer/typo3/flow@2.3.16
purl pkg:composer/typo3/flow@2.3.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/flow@2.3.16
1
url pkg:composer/typo3/flow@3.0.10
purl pkg:composer/typo3/flow@3.0.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/flow@3.0.10
2
url pkg:composer/typo3/flow@3.1.7
purl pkg:composer/typo3/flow@3.1.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/flow@3.1.7
3
url pkg:composer/typo3/flow@3.2.7
purl pkg:composer/typo3/flow@3.2.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/flow@3.2.7
4
url pkg:composer/typo3/flow@3.3.5
purl pkg:composer/typo3/flow@3.3.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/flow@3.3.5
aliases Flow-SA-2016-001
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hy8r-du1x-93cf
1
url VCID-x6zc-hygf-hqb7
vulnerability_id VCID-x6zc-hygf-hqb7
summary Time-Based Information Disclosure Vulnerability in Flow
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/flow/2016-11-01.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/flow/2016-11-01.yaml
1
reference_url https://github.com/neos/flow
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/neos/flow
2
reference_url https://www.neos.io/blog/flow-sa-2016-001.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.neos.io/blog/flow-sa-2016-001.html
3
reference_url https://github.com/advisories/GHSA-r6mm-wmhf-849m
reference_id GHSA-r6mm-wmhf-849m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r6mm-wmhf-849m
fixed_packages
0
url pkg:composer/typo3/flow@2.3.16
purl pkg:composer/typo3/flow@2.3.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/flow@2.3.16
1
url pkg:composer/typo3/flow@3.0.10
purl pkg:composer/typo3/flow@3.0.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/flow@3.0.10
2
url pkg:composer/typo3/flow@3.1.7
purl pkg:composer/typo3/flow@3.1.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/flow@3.1.7
3
url pkg:composer/typo3/flow@3.2.7
purl pkg:composer/typo3/flow@3.2.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/flow@3.2.7
4
url pkg:composer/typo3/flow@3.3.5
purl pkg:composer/typo3/flow@3.3.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/flow@3.3.5
aliases GHSA-r6mm-wmhf-849m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x6zc-hygf-hqb7
2
url VCID-xc43-9az2-bbd2
vulnerability_id VCID-xc43-9az2-bbd2
summary 
Information Exposure Through Timing Discrepancy
Time-Based Information Disclosure Vulnerability in Flow.
references
0
reference_url https://www.neos.io/blog/flow-sa-2016-001.html
reference_id
reference_type
scores
url https://www.neos.io/blog/flow-sa-2016-001.html
fixed_packages
0
url pkg:composer/typo3/flow@2.3.16
purl pkg:composer/typo3/flow@2.3.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/flow@2.3.16
1
url pkg:composer/typo3/flow@3.0.0-beta1
purl pkg:composer/typo3/flow@3.0.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ang-rha7-7faa
1
vulnerability VCID-hy8r-du1x-93cf
2
vulnerability VCID-xa2m-k18s-x7hv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/flow@3.0.0-beta1
2
url pkg:composer/typo3/flow@3.0.10
purl pkg:composer/typo3/flow@3.0.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/flow@3.0.10
3
url pkg:composer/typo3/flow@3.1.7
purl pkg:composer/typo3/flow@3.1.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/flow@3.1.7
4
url pkg:composer/typo3/flow@3.2.7
purl pkg:composer/typo3/flow@3.2.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/flow@3.2.7
5
url pkg:composer/typo3/flow@3.3.5
purl pkg:composer/typo3/flow@3.3.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/flow@3.3.5
aliases GMS-2016-159
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xc43-9az2-bbd2
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/typo3/flow@3.0.10