Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/typo3/neos@1.1.0-beta1

Type composer

Namespace typo3

Name neos

Version 1.1.0-beta1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.1.3

Latest_non_vulnerable_version 4.3.3

Affected_by_vulnerabilities

url VCID-bh6n-n4s6-13gt

vulnerability_id VCID-bh6n-n4s6-13gt

summary It has been discovered that TYPO3 Neos is vulnerable to Privilege Escalation. Logged in editors could access, create and modify content nodes that exist in the workspace of other editors.

references

reference_url	https://www.neos.io/blog/neos-sa-2015-001.html
reference_id
reference_type
scores
url	https://www.neos.io/blog/neos-sa-2015-001.html

fixed_packages

url	pkg:composer/typo3/neos@1.1.3
purl	pkg:composer/typo3/neos@1.1.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@1.1.3

url pkg:composer/typo3/neos@1.2.3

purl pkg:composer/typo3/neos@1.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3gkh-89k9-4ybn

vulnerability	VCID-eyk1-hqju-cfc2

vulnerability	VCID-kftp-w8kn-9ybx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@1.2.3

aliases neos-sa-2015-001

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bh6n-n4s6-13gt

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/neos@1.1.0-beta1

Package Instance