Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-at1e-ct87-8bah

Summary

Inadequate Encryption Strength
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function.

Aliases

alias	CVE-2010-3670

alias	GHSA-3276-p9f2-8q89

Fixed_packages

url	pkg:composer/typo3/cms-frontend@4.3.4
purl	pkg:composer/typo3/cms-frontend@4.3.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-frontend@4.3.4

url	pkg:composer/typo3/cms-frontend@4.4.1
purl	pkg:composer/typo3/cms-frontend@4.4.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-frontend@4.4.1

Affected_packages

url pkg:composer/typo3/cms-frontend@4.4.0

purl pkg:composer/typo3/cms-frontend@4.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-at1e-ct87-8bah

vulnerability	VCID-rrz7-ndgv-fug9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-frontend@4.4.0

References

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719
reference_id
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719

reference_url	https://github.com/TYPO3/typo3/commit/09ab77653161f23e266470a5984d4d5e64588355
reference_id
reference_type
scores
url	https://github.com/TYPO3/typo3/commit/09ab77653161f23e266470a5984d4d5e64588355

reference_url	https://github.com/TYPO3/typo3/commit/c03e944d200bf427bb18cad15f2ad36bc83061c9
reference_id
reference_type
scores
url	https://github.com/TYPO3/typo3/commit/c03e944d200bf427bb18cad15f2ad36bc83061c9

reference_url	https://typo3.org/security/advisory/typo3-sa-2010-012/#Insecure_Randomness
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-sa-2010-012/#Insecure_Randomness

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2010-3670
reference_id	CVE-2010-3670
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2010-3670

reference_url	https://security-tracker.debian.org/tracker/CVE-2010-3670
reference_id	CVE-2010-3670
reference_type
scores
url	https://security-tracker.debian.org/tracker/CVE-2010-3670

reference_url	https://github.com/advisories/GHSA-3276-p9f2-8q89
reference_id	GHSA-3276-p9f2-8q89
reference_type
scores
url	https://github.com/advisories/GHSA-3276-p9f2-8q89

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	326
name	Inadequate Encryption Strength
description	The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-at1e-ct87-8bah

Vulnerability Instance