Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/derhansen/fe_change_pwd@1.2.4
Typecomposer
Namespacederhansen
Namefe_change_pwd
Version1.2.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.5
Latest_non_vulnerable_version3.0.3
Affected_by_vulnerabilities
0
url VCID-9jpt-77e5-bqez
vulnerability_id VCID-9jpt-77e5-bqez
summary 
TYPO3 vulnerable to Insufficient Session Expiration
An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-47406
reference_id
reference_type
scores
0
value 0.00259
scoring_system epss
scoring_elements 0.49493
published_at 2026-06-08T12:55:00Z
1
value 0.00259
scoring_system epss
scoring_elements 0.49466
published_at 2026-06-04T12:55:00Z
2
value 0.00259
scoring_system epss
scoring_elements 0.49528
published_at 2026-06-05T12:55:00Z
3
value 0.00259
scoring_system epss
scoring_elements 0.49539
published_at 2026-06-06T12:55:00Z
4
value 0.00259
scoring_system epss
scoring_elements 0.49522
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-47406
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/derhansen/fe_change_pwd/CVE-2022-47406.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/derhansen/fe_change_pwd/CVE-2022-47406.yaml
2
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-47406
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-47406
4
reference_url https://typo3.org/security/advisory/typo3-ext-sa-2022-016
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:L/AV:N/A:N/C:L/I:L/PR:L/S:U/UI:N
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T19:04:22Z/
url https://typo3.org/security/advisory/typo3-ext-sa-2022-016
5
reference_url https://github.com/advisories/GHSA-53mm-hx32-6475
reference_id GHSA-53mm-hx32-6475
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-53mm-hx32-6475
fixed_packages
0
url pkg:composer/derhansen/fe_change_pwd@2.0.5
purl pkg:composer/derhansen/fe_change_pwd@2.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/derhansen/fe_change_pwd@2.0.5
1
url pkg:composer/derhansen/fe_change_pwd@3.0.3
purl pkg:composer/derhansen/fe_change_pwd@3.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/derhansen/fe_change_pwd@3.0.3
aliases CVE-2022-47406, GHSA-53mm-hx32-6475
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9jpt-77e5-bqez
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/derhansen/fe_change_pwd@1.2.4