{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40911?format=json","vulnerability_id":"VCID-5kwa-7kx3-kfga","summary":"Weak Password Recovery Mechanism for Forgotten Password\nContao has a Weak Password Recovery Mechanism for a Forgotten Password.","aliases":[{"alias":"CVE-2019-10641"},{"alias":"GHSA-vcgg-hp4r-87gx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63016?format=json","purl":"pkg:composer/contao/contao@4.4.37","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.4.37"},{"url":"http://public2.vulnerablecode.io/api/packages/62090?format=json","purl":"pkg:composer/contao/contao@4.7.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.7.3"},{"url":"http://public2.vulnerablecode.io/api/packages/57835?format=json","purl":"pkg:composer/contao/core@3.5.39","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.5.39"},{"url":"http://public2.vulnerablecode.io/api/packages/57829?format=json","purl":"pkg:composer/contao/core-bundle@4.4.37","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.4.37"},{"url":"http://public2.vulnerablecode.io/api/packages/57830?format=json","purl":"pkg:composer/contao/core-bundle@4.7.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.7.3"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58738?format=json","purl":"pkg:composer/contao/contao@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5kwa-7kx3-kfga"},{"vulnerability":"VCID-82d1-8yn8-sydv"},{"vulnerability":"VCID-crsc-bhc9-y3f9"},{"vulnerability":"VCID-epmj-qf23-xffd"},{"vulnerability":"VCID-rj3d-jeyz-vye5"},{"vulnerability":"VCID-t2u3-tgg3-cbb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/58739?format=json","purl":"pkg:composer/contao/contao@4.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5kwa-7kx3-kfga"},{"vulnerability":"VCID-82d1-8yn8-sydv"},{"vulnerability":"VCID-epmj-qf23-xffd"},{"vulnerability":"VCID-rj3d-jeyz-vye5"},{"vulnerability":"VCID-t2u3-tgg3-cbb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/51725?format=json","purl":"pkg:composer/contao/core@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5639-8xt3-8ugc"},{"vulnerability":"VCID-5kwa-7kx3-kfga"},{"vulnerability":"VCID-ejwd-wgb2-47e2"},{"vulnerability":"VCID-u721-yafq-bkc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/57827?format=json","purl":"pkg:composer/contao/core-bundle@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5kwa-7kx3-kfga"},{"vulnerability":"VCID-82d1-8yn8-sydv"},{"vulnerability":"VCID-jbcs-b2p9-myhz"},{"vulnerability":"VCID-jzx2-et8q-7qhm"},{"vulnerability":"VCID-nepv-9985-37g4"},{"vulnerability":"VCID-r1h5-ag74-dbaw"},{"vulnerability":"VCID-rj3d-jeyz-vye5"},{"vulnerability":"VCID-t2u3-tgg3-cbb9"},{"vulnerability":"VCID-wyd5-t8at-8bba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/57828?format=json","purl":"pkg:composer/contao/core-bundle@4.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3fux-z15d-13g1"},{"vulnerability":"VCID-5kwa-7kx3-kfga"},{"vulnerability":"VCID-82d1-8yn8-sydv"},{"vulnerability":"VCID-azpb-eq6c-e7bw"},{"vulnerability":"VCID-rj3d-jeyz-vye5"},{"vulnerability":"VCID-t2u3-tgg3-cbb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.5.0"}],"references":[{"reference_url":"https://contao.org/en/news/security-vulnerability-cve-2019-10641.html","reference_id":"","reference_type":"","scores":[],"url":"https://contao.org/en/news/security-vulnerability-cve-2019-10641.html"},{"reference_url":"https://github.com/contao/contao/commit/74c7dfafa0dfa5363a9463b486522d5d526e28fe","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/contao/contao/commit/74c7dfafa0dfa5363a9463b486522d5d526e28fe"},{"reference_url":"https://github.com/contao/contao/commit/b92e27bc7c9e59226077937f840c74ffd0f672e8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/contao/contao/commit/b92e27bc7c9e59226077937f840c74ffd0f672e8"},{"reference_url":"https://github.com/contao/core/commit/119a1b5bd9e62d27ca2838727084d04f3b7fcd32","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/contao/core/commit/119a1b5bd9e62d27ca2838727084d04f3b7fcd32"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10641","reference_id":"CVE-2019-10641","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10641"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-10641.yaml","reference_id":"CVE-2019-10641.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-10641.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-10641.yaml","reference_id":"CVE-2019-10641.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-10641.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2019-10641.yaml","reference_id":"CVE-2019-10641.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2019-10641.yaml"},{"reference_url":"https://github.com/advisories/GHSA-vcgg-hp4r-87gx","reference_id":"GHSA-vcgg-hp4r-87gx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vcgg-hp4r-87gx"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":640,"name":"Weak Password Recovery Mechanism for Forgotten Password","description":"The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5kwa-7kx3-kfga"}