{"url":"http://public2.vulnerablecode.io/api/packages/52528?format=json","purl":"pkg:composer/typo3/cms@7.6.0","type":"composer","namespace":"typo3","name":"cms","version":"7.6.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"7.6.1","latest_non_vulnerable_version":"12.2.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38081?format=json","vulnerability_id":"VCID-2r7u-mc45-8yhe","summary":"Improper Authentication\nAuthentication Bypass in TYPO3 CMS.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-011/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-011/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52639?format=json","purl":"pkg:composer/typo3/cms@7.6.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.5"},{"url":"http://public2.vulnerablecode.io/api/packages/52640?format=json","purl":"pkg:composer/typo3/cms@8.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7cg-64er-uya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.0.1"}],"aliases":["GMS-2016-145"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2r7u-mc45-8yhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38164?format=json","vulnerability_id":"VCID-2vpx-fqb6-aqfa","summary":"Cross-site Scripting\nCross-Site Scripting in third party library `mso/idna-convert`.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-020","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-020"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52837?format=json","purl":"pkg:composer/typo3/cms@7.6.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.10"},{"url":"http://public2.vulnerablecode.io/api/packages/52838?format=json","purl":"pkg:composer/typo3/cms@8.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7cg-64er-uya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.2.1"}],"aliases":["GMS-2016-154"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2vpx-fqb6-aqfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38075?format=json","vulnerability_id":"VCID-39jx-muqb-nkfq","summary":"Cross-site Scripting\nCross-Site Scripting in TYPO3 Backend.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-009/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-009/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52639?format=json","purl":"pkg:composer/typo3/cms@7.6.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.5"},{"url":"http://public2.vulnerablecode.io/api/packages/52640?format=json","purl":"pkg:composer/typo3/cms@8.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7cg-64er-uya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.0.1"}],"aliases":["GMS-2016-143"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-39jx-muqb-nkfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38256?format=json","vulnerability_id":"VCID-5dxs-cdht-27hw","summary":"Insecure Deserialization\nInsecure Unserialize in TYPO3 Backend.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-023/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-023/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52970?format=json","purl":"pkg:composer/typo3/cms@7.6.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.13"},{"url":"http://public2.vulnerablecode.io/api/packages/52971?format=json","purl":"pkg:composer/typo3/cms@8.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7cg-64er-uya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.4.1"}],"aliases":["GMS-2016-157"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5dxs-cdht-27hw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38487?format=json","vulnerability_id":"VCID-66ru-n2df-b3ay","summary":"Cross-site Scripting\nXSS in TYPO3 CMS.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-003/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-003/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53303?format=json","purl":"pkg:composer/typo3/cms@7.6.16","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.16"},{"url":"http://public2.vulnerablecode.io/api/packages/53304?format=json","purl":"pkg:composer/typo3/cms@8.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7cg-64er-uya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.6.1"}],"aliases":["GMS-2017-349"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-66ru-n2df-b3ay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38254?format=json","vulnerability_id":"VCID-727q-h3ey-6yc9","summary":"Path Traversal in TYPO3 Core.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-024/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-024/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52970?format=json","purl":"pkg:composer/typo3/cms@7.6.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.13"},{"url":"http://public2.vulnerablecode.io/api/packages/52971?format=json","purl":"pkg:composer/typo3/cms@8.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7cg-64er-uya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.4.1"}],"aliases":["GMS-2016-158"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-727q-h3ey-6yc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38127?format=json","vulnerability_id":"VCID-8p64-6zpt-t3av","summary":"Improper Access Control\nMissing Access Check in TYPO3 CMS.","references":[{"reference_url":"https://typo3.org/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/missing-access-check-in-typo3-cms/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/missing-access-check-in-typo3-cms/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52709?format=json","purl":"pkg:composer/typo3/cms@7.6.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.8"},{"url":"http://public2.vulnerablecode.io/api/packages/52710?format=json","purl":"pkg:composer/typo3/cms@8.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.1.1"}],"aliases":["GMS-2016-147"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8p64-6zpt-t3av"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38811?format=json","vulnerability_id":"VCID-9saf-w56y-pugz","summary":"Information Disclosure in TYPO3 CMS.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-005/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-005/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54049?format=json","purl":"pkg:composer/typo3/cms@7.6.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22"},{"url":"http://public2.vulnerablecode.io/api/packages/54050?format=json","purl":"pkg:composer/typo3/cms@8.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6a22-c7x5-sqe2"},{"vulnerability":"VCID-h7cg-64er-uya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.0"}],"aliases":["GMS-2017-351"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9saf-w56y-pugz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38162?format=json","vulnerability_id":"VCID-dd9u-w2y2-87h9","summary":"SQL Injection in TYPO3 Frontend Login.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-016","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-016"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52837?format=json","purl":"pkg:composer/typo3/cms@7.6.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.10"}],"aliases":["GMS-2016-150"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dd9u-w2y2-87h9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38807?format=json","vulnerability_id":"VCID-e564-zdku-9fc6","summary":"Information Disclosure\nHTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called endpoint.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-006/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-006/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54049?format=json","purl":"pkg:composer/typo3/cms@7.6.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22"},{"url":"http://public2.vulnerablecode.io/api/packages/54048?format=json","purl":"pkg:composer/typo3/cms@8.7.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5"}],"aliases":["TYPO3-CORE-SA-2017-006"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e564-zdku-9fc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38253?format=json","vulnerability_id":"VCID-eutz-mj58-audb","summary":"Insecure Unserialize in TYPO3 Backend\nFailing to properly validate incoming data, the suggest wizard is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is needed.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-023","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-023"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52970?format=json","purl":"pkg:composer/typo3/cms@7.6.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.13"},{"url":"http://public2.vulnerablecode.io/api/packages/52971?format=json","purl":"pkg:composer/typo3/cms@8.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7cg-64er-uya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.4.1"}],"aliases":["TYPO3-CORE-SA-2016-023"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eutz-mj58-audb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38039?format=json","vulnerability_id":"VCID-exjy-5cyn-zfg1","summary":"Uncontrolled Resource Consumption\nDenial of Service attack possibility in TYPO3 component Indexed Search.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-008/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-008/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52564?format=json","purl":"pkg:composer/typo3/cms@7.6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.4"}],"aliases":["GMS-2016-142"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-exjy-5cyn-zfg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38040?format=json","vulnerability_id":"VCID-g9ns-sxkx-aqh1","summary":"Cross-site Scripting\nCross-Site Scripting in TYPO3 component CSS styled content.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-007/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-007/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52564?format=json","purl":"pkg:composer/typo3/cms@7.6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.4"}],"aliases":["GMS-2016-141"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g9ns-sxkx-aqh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38255?format=json","vulnerability_id":"VCID-h217-xe8x-nua3","summary":"Path Traversal\nDue to a too loose type check in an API method, attackers could bypass the directory traversal check by providing an invalid UTF-8 encoding sequence.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-024","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-024"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52970?format=json","purl":"pkg:composer/typo3/cms@7.6.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.13"},{"url":"http://public2.vulnerablecode.io/api/packages/52971?format=json","purl":"pkg:composer/typo3/cms@8.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7cg-64er-uya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.4.1"}],"aliases":["TYPO3-CORE-SA-2016-024"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h217-xe8x-nua3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38829?format=json","vulnerability_id":"VCID-h7cg-64er-uya9","summary":"Unrestricted Upload of File with Dangerous Type\nUnrestricted File Upload vulnerability in the `fileDenyPattern` in `sysext/core/Classes/Core/SystemEnvironmentBuilder`.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/"},{"reference_url":"http://www.securityfocus.com/bid/100620","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100620"},{"reference_url":"http://www.securitytracker.com/id/1039295","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039295"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14251","reference_id":"CVE-2017-14251","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14251"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54049?format=json","purl":"pkg:composer/typo3/cms@7.6.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22"},{"url":"http://public2.vulnerablecode.io/api/packages/54048?format=json","purl":"pkg:composer/typo3/cms@8.7.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5"}],"aliases":["CVE-2017-14251"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h7cg-64er-uya9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38437?format=json","vulnerability_id":"VCID-h7hf-sf2q-73ay","summary":"Code Injection\nRemote Code Execution in third party library swiftmailer.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-001/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-001/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53166?format=json","purl":"pkg:composer/typo3/cms@7.6.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9bep-jsfw-x3gn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.15"},{"url":"http://public2.vulnerablecode.io/api/packages/53167?format=json","purl":"pkg:composer/typo3/cms@8.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7cg-64er-uya9"},{"vulnerability":"VCID-je4q-svfw-hqda"},{"vulnerability":"VCID-w1wb-mq2y-dfca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.5.0"}],"aliases":["GMS-2017-347"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h7hf-sf2q-73ay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38159?format=json","vulnerability_id":"VCID-hzma-cduk-3uhp","summary":"Cross-site Scripting\nXSS in TYPO3 Backend.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-021","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-021"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52821?format=json","purl":"pkg:composer/typo3/cms@7.6.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.11"},{"url":"http://public2.vulnerablecode.io/api/packages/52822?format=json","purl":"pkg:composer/typo3/cms@8.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7cg-64er-uya9"},{"vulnerability":"VCID-qv14-m93d-jyd9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.3.0"}],"aliases":["GMS-2016-155"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hzma-cduk-3uhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38163?format=json","vulnerability_id":"VCID-jeqr-9tfu-f7b2","summary":"Deserialization of Untrusted Data\nInsecure Unserialize in TYPO3 Import/Export.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-015","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-015"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52837?format=json","purl":"pkg:composer/typo3/cms@7.6.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.10"},{"url":"http://public2.vulnerablecode.io/api/packages/52838?format=json","purl":"pkg:composer/typo3/cms@8.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7cg-64er-uya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.2.1"}],"aliases":["GMS-2016-149"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jeqr-9tfu-f7b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38806?format=json","vulnerability_id":"VCID-jqe4-8hzb-mfea","summary":"Arbitrary Code Execution\nDue to a missing file extension in the `fileDenyPattern`, backend user are allowed to upload *.pht files which can be executed in certain web server setups.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54049?format=json","purl":"pkg:composer/typo3/cms@7.6.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22"},{"url":"http://public2.vulnerablecode.io/api/packages/54048?format=json","purl":"pkg:composer/typo3/cms@8.7.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5"}],"aliases":["TYPO3-CORE-SA-2017-007"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jqe4-8hzb-mfea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38165?format=json","vulnerability_id":"VCID-ks1q-a8x2-uqht","summary":"Information Disclosure in TYPO3 Backend.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-017","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-017"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52837?format=json","purl":"pkg:composer/typo3/cms@7.6.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.10"},{"url":"http://public2.vulnerablecode.io/api/packages/52838?format=json","purl":"pkg:composer/typo3/cms@8.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7cg-64er-uya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.2.1"}],"aliases":["GMS-2016-151"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ks1q-a8x2-uqht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38166?format=json","vulnerability_id":"VCID-m3nc-xbb4-yubr","summary":"Cross-site Scripting\nCross-Site Scripting in TYPO3 Backend.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-014/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-014/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52837?format=json","purl":"pkg:composer/typo3/cms@7.6.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.10"},{"url":"http://public2.vulnerablecode.io/api/packages/52838?format=json","purl":"pkg:composer/typo3/cms@8.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7cg-64er-uya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.2.1"}],"aliases":["GMS-2016-148"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m3nc-xbb4-yubr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38810?format=json","vulnerability_id":"VCID-mctp-nf36-7qdn","summary":"Information Disclosure\nFailing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-005/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-005/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54049?format=json","purl":"pkg:composer/typo3/cms@7.6.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22"},{"url":"http://public2.vulnerablecode.io/api/packages/54048?format=json","purl":"pkg:composer/typo3/cms@8.7.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5"}],"aliases":["TYPO3-CORE-SA-2017-005"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mctp-nf36-7qdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38028?format=json","vulnerability_id":"VCID-s97a-nmk8-y3ay","summary":"Cross-site Scripting\nCross-Site Scripting in link validator component.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-002/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-002/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52529?format=json","purl":"pkg:composer/typo3/cms@7.6.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.3"}],"aliases":["GMS-2016-136"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s97a-nmk8-y3ay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38809?format=json","vulnerability_id":"VCID-sy7r-d6pv-yba9","summary":"Code Injection\nArbitrary Code Execution in TYPO3 CMS.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54049?format=json","purl":"pkg:composer/typo3/cms@7.6.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22"},{"url":"http://public2.vulnerablecode.io/api/packages/54050?format=json","purl":"pkg:composer/typo3/cms@8.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6a22-c7x5-sqe2"},{"vulnerability":"VCID-h7cg-64er-uya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.0"}],"aliases":["GMS-2017-353"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sy7r-d6pv-yba9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38083?format=json","vulnerability_id":"VCID-u4tq-8qnk-5fd7","summary":"Improper Privilege Management\nPrivilege Escalation in TYPO3 CMS.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-012/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-012/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52639?format=json","purl":"pkg:composer/typo3/cms@7.6.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.5"},{"url":"http://public2.vulnerablecode.io/api/packages/52640?format=json","purl":"pkg:composer/typo3/cms@8.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7cg-64er-uya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.0.1"}],"aliases":["GMS-2016-146"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u4tq-8qnk-5fd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47106?format=json","vulnerability_id":"VCID-w58p-3wg1-7ycr","summary":"Path Traversal in TYPO3 Core\nDue to a too loose type check in an API method, attackers could bypass the directory traversal check by providing an invalid UTF-8 encoding sequence.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2016-11-22-2.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2016-11-22-2.yaml"},{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-024","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-024"},{"reference_url":"https://github.com/advisories/GHSA-gj48-w74w-8gvm","reference_id":"GHSA-gj48-w74w-8gvm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gj48-w74w-8gvm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52970?format=json","purl":"pkg:composer/typo3/cms@7.6.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.13"},{"url":"http://public2.vulnerablecode.io/api/packages/52971?format=json","purl":"pkg:composer/typo3/cms@8.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7cg-64er-uya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.4.1"}],"aliases":["GHSA-gj48-w74w-8gvm","GMS-2024-342"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w58p-3wg1-7ycr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38492?format=json","vulnerability_id":"VCID-xh68-defe-f7ce","summary":"XSS Vulnerability\nTYPO3 is vulnerable to Cross-Site Scripting.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-003/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-003/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53303?format=json","purl":"pkg:composer/typo3/cms@7.6.16","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.16"},{"url":"http://public2.vulnerablecode.io/api/packages/53304?format=json","purl":"pkg:composer/typo3/cms@8.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7cg-64er-uya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.6.1"}],"aliases":["TYPO3-CORE-SA-2017-003"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xh68-defe-f7ce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38038?format=json","vulnerability_id":"VCID-y1ap-y4az-x7ec","summary":"Improper Restriction of XML External Entity Reference\nXML External Entity (XXE) Processing in TYPO3 Core.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-005/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-005/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52564?format=json","purl":"pkg:composer/typo3/cms@7.6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.4"}],"aliases":["GMS-2016-139"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y1ap-y4az-x7ec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38805?format=json","vulnerability_id":"VCID-ygw4-jdqu-4fbt","summary":"Information Disclosure in TYPO3 CMS.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-006/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-006/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54049?format=json","purl":"pkg:composer/typo3/cms@7.6.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.22"},{"url":"http://public2.vulnerablecode.io/api/packages/54050?format=json","purl":"pkg:composer/typo3/cms@8.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6a22-c7x5-sqe2"},{"vulnerability":"VCID-h7cg-64er-uya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.0"}],"aliases":["GMS-2017-352"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ygw4-jdqu-4fbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38157?format=json","vulnerability_id":"VCID-yn6z-9v7k-x7br","summary":"Uncontrolled Resource Consumption\nCache Flooding in TYPO3 Frontend.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-022","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-022"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52821?format=json","purl":"pkg:composer/typo3/cms@7.6.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.11"},{"url":"http://public2.vulnerablecode.io/api/packages/52822?format=json","purl":"pkg:composer/typo3/cms@8.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7cg-64er-uya9"},{"vulnerability":"VCID-qv14-m93d-jyd9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.3.0"}],"aliases":["GMS-2016-156"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yn6z-9v7k-x7br"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38168?format=json","vulnerability_id":"VCID-zrz3-3dnf-tbay","summary":"Cross-site Scripting\nCross-Site Scripting vulnerability in typolinks.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-018","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-018"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52837?format=json","purl":"pkg:composer/typo3/cms@7.6.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.10"},{"url":"http://public2.vulnerablecode.io/api/packages/52838?format=json","purl":"pkg:composer/typo3/cms@8.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7cg-64er-uya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.2.1"}],"aliases":["GMS-2016-152"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zrz3-3dnf-tbay"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.0"}