Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-bzqv-s7g3-wff9
Summary
TYPO3 vulnerable to Weak Authentication in Session Handling
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Aliases
0
alias CVE-2023-47127
1
alias GHSA-3vmm-7h4j-69rm
Fixed_packages
0
url pkg:composer/typo3/cms-core@11.5.33
purl pkg:composer/typo3/cms-core@11.5.33
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.33
1
url pkg:composer/typo3/cms-core@12.4.8
purl pkg:composer/typo3/cms-core@12.4.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.8
Affected_packages
0
url pkg:composer/typo3/cms-core@8.0.0
purl pkg:composer/typo3/cms-core@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1knh-es99-dubw
2
vulnerability VCID-1prg-c74k-37ec
3
vulnerability VCID-2m67-xdxz-ryc2
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-3ebd-765h-j3g7
6
vulnerability VCID-3hta-35zx-zuc4
7
vulnerability VCID-4q6d-bd3h-t7f4
8
vulnerability VCID-4rfq-u488-sbh5
9
vulnerability VCID-51k2-j834-pffb
10
vulnerability VCID-5nq2-nchj-fkc8
11
vulnerability VCID-6ffw-r4k7-5qf8
12
vulnerability VCID-6q7t-kdrg-8qc3
13
vulnerability VCID-6rgp-dzw1-kycx
14
vulnerability VCID-78ff-k66z-bkh7
15
vulnerability VCID-7ch1-q9f4-a7bt
16
vulnerability VCID-7r4g-gxc6-hubh
17
vulnerability VCID-8216-asqx-f7eb
18
vulnerability VCID-82ds-xda8-5ye4
19
vulnerability VCID-848u-w88s-5bbe
20
vulnerability VCID-87ej-qn3k-t3dy
21
vulnerability VCID-8sek-v483-8ueu
22
vulnerability VCID-9mpc-hjjh-u3d2
23
vulnerability VCID-a64u-6bag-n3hu
24
vulnerability VCID-b92x-56ng-3ygy
25
vulnerability VCID-bzqv-s7g3-wff9
26
vulnerability VCID-cg7w-xkyg-abgj
27
vulnerability VCID-cq82-qt6v-dfhz
28
vulnerability VCID-cv9x-ea8e-pufu
29
vulnerability VCID-daz8-j1ns-rkgt
30
vulnerability VCID-dzrt-8tny-kbcy
31
vulnerability VCID-e8ze-umec-a7hx
32
vulnerability VCID-e9jc-8mpp-fkgh
33
vulnerability VCID-eq57-btkt-hug8
34
vulnerability VCID-ev4k-5k1d-2bhu
35
vulnerability VCID-fqkx-v8t5-q3h6
36
vulnerability VCID-g3t9-1yx2-6ufd
37
vulnerability VCID-gvag-nxmd-s7d1
38
vulnerability VCID-hfcx-1kuh-p3ez
39
vulnerability VCID-hnyk-614g-yuhy
40
vulnerability VCID-j8hk-bqnb-gycp
41
vulnerability VCID-jp1p-rfxa-hyd9
42
vulnerability VCID-k8r2-2ak8-qkak
43
vulnerability VCID-ke39-846j-kbh3
44
vulnerability VCID-n56h-zuzr-ruhf
45
vulnerability VCID-nyw8-q5ef-2fcv
46
vulnerability VCID-pwh8-c992-vqav
47
vulnerability VCID-qr1u-kcn9-cuf6
48
vulnerability VCID-qtyt-338b-ayay
49
vulnerability VCID-qxab-9uwr-yqhv
50
vulnerability VCID-sdjb-gp4t-vbgt
51
vulnerability VCID-sxn7-t6tm-8udh
52
vulnerability VCID-uaf3-fyst-u7gm
53
vulnerability VCID-uhrk-ad4f-nqgh
54
vulnerability VCID-uncp-sa58-ufdd
55
vulnerability VCID-uq77-aax5-k7d8
56
vulnerability VCID-uua1-9rt1-dfbz
57
vulnerability VCID-w94g-xxea-23fb
58
vulnerability VCID-wm4a-hcvt-vkbk
59
vulnerability VCID-y3zj-acc7-jkau
60
vulnerability VCID-yf3d-yyzq-guh1
61
vulnerability VCID-ygw1-vqxg-z3h3
62
vulnerability VCID-z2bk-m2kw-h3c9
63
vulnerability VCID-z718-97ez-r7g3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.0.0
1
url pkg:composer/typo3/cms-core@8.7.54
purl pkg:composer/typo3/cms-core@8.7.54
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bzqv-s7g3-wff9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.54
2
url pkg:composer/typo3/cms-core@9.0.0
purl pkg:composer/typo3/cms-core@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1knh-es99-dubw
2
vulnerability VCID-1prg-c74k-37ec
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-23ss-xwrm-1qcu
5
vulnerability VCID-2m67-xdxz-ryc2
6
vulnerability VCID-2rhr-8vaz-hqfj
7
vulnerability VCID-3ebd-765h-j3g7
8
vulnerability VCID-3hta-35zx-zuc4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4q6d-bd3h-t7f4
11
vulnerability VCID-4rfq-u488-sbh5
12
vulnerability VCID-51k2-j834-pffb
13
vulnerability VCID-5nq2-nchj-fkc8
14
vulnerability VCID-5ync-ktk5-23gh
15
vulnerability VCID-6ffw-r4k7-5qf8
16
vulnerability VCID-6mnf-2fcw-dqgp
17
vulnerability VCID-6q7t-kdrg-8qc3
18
vulnerability VCID-6rgp-dzw1-kycx
19
vulnerability VCID-78ff-k66z-bkh7
20
vulnerability VCID-7ch1-q9f4-a7bt
21
vulnerability VCID-7r4g-gxc6-hubh
22
vulnerability VCID-7snt-7hyt-1fbx
23
vulnerability VCID-8216-asqx-f7eb
24
vulnerability VCID-82ds-xda8-5ye4
25
vulnerability VCID-848u-w88s-5bbe
26
vulnerability VCID-87ej-qn3k-t3dy
27
vulnerability VCID-8sek-v483-8ueu
28
vulnerability VCID-8w4e-d49b-nbg8
29
vulnerability VCID-9mpc-hjjh-u3d2
30
vulnerability VCID-a1g9-pyz5-9fca
31
vulnerability VCID-an3r-c2yp-1bbd
32
vulnerability VCID-bbh5-rss8-bfct
33
vulnerability VCID-bzqv-s7g3-wff9
34
vulnerability VCID-cf9m-qdyj-eyav
35
vulnerability VCID-cgny-nmk3-4fcd
36
vulnerability VCID-cq82-qt6v-dfhz
37
vulnerability VCID-cv9x-ea8e-pufu
38
vulnerability VCID-daz8-j1ns-rkgt
39
vulnerability VCID-dzrt-8tny-kbcy
40
vulnerability VCID-e6zr-4bgg-kkh5
41
vulnerability VCID-e8ze-umec-a7hx
42
vulnerability VCID-e9jc-8mpp-fkgh
43
vulnerability VCID-efrn-3w2z-xyaf
44
vulnerability VCID-eq57-btkt-hug8
45
vulnerability VCID-etcc-43a3-a7ek
46
vulnerability VCID-ev4k-5k1d-2bhu
47
vulnerability VCID-f9pk-cwyr-a7cv
48
vulnerability VCID-fgkd-jp96-cbcs
49
vulnerability VCID-fqkx-v8t5-q3h6
50
vulnerability VCID-g3t9-1yx2-6ufd
51
vulnerability VCID-gemf-j9uj-jka1
52
vulnerability VCID-gvag-nxmd-s7d1
53
vulnerability VCID-hfcx-1kuh-p3ez
54
vulnerability VCID-hnyk-614g-yuhy
55
vulnerability VCID-hr6r-88m3-9udv
56
vulnerability VCID-j8hk-bqnb-gycp
57
vulnerability VCID-jp1p-rfxa-hyd9
58
vulnerability VCID-k8r2-2ak8-qkak
59
vulnerability VCID-ke39-846j-kbh3
60
vulnerability VCID-myhc-dyh9-xygg
61
vulnerability VCID-n1gz-y615-cbbk
62
vulnerability VCID-n56h-zuzr-ruhf
63
vulnerability VCID-nyw8-q5ef-2fcv
64
vulnerability VCID-pwh8-c992-vqav
65
vulnerability VCID-qr1u-kcn9-cuf6
66
vulnerability VCID-qtyt-338b-ayay
67
vulnerability VCID-qxab-9uwr-yqhv
68
vulnerability VCID-rzx5-nv6h-qqhg
69
vulnerability VCID-sdjb-gp4t-vbgt
70
vulnerability VCID-tgyt-axv1-c7ag
71
vulnerability VCID-uaf3-fyst-u7gm
72
vulnerability VCID-uhrk-ad4f-nqgh
73
vulnerability VCID-uncp-sa58-ufdd
74
vulnerability VCID-uq77-aax5-k7d8
75
vulnerability VCID-uua1-9rt1-dfbz
76
vulnerability VCID-v7b1-x8hy-2kcg
77
vulnerability VCID-w94g-xxea-23fb
78
vulnerability VCID-wm4a-hcvt-vkbk
79
vulnerability VCID-x3n3-tsjh-8kby
80
vulnerability VCID-x5jb-yj3d-qbdf
81
vulnerability VCID-y3zj-acc7-jkau
82
vulnerability VCID-yf3d-yyzq-guh1
83
vulnerability VCID-ygw1-vqxg-z3h3
84
vulnerability VCID-z2bk-m2kw-h3c9
85
vulnerability VCID-z718-97ez-r7g3
86
vulnerability VCID-zbm9-cx69-wqg3
87
vulnerability VCID-zeut-9wfp-q7et
88
vulnerability VCID-zhcb-h8ph-7uhk
89
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.0.0
3
url pkg:composer/typo3/cms-core@9.5.43
purl pkg:composer/typo3/cms-core@9.5.43
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bzqv-s7g3-wff9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.43
4
url pkg:composer/typo3/cms-core@10.0.0
purl pkg:composer/typo3/cms-core@10.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2tz2-8qdm-2kcv
4
vulnerability VCID-3hta-35zx-zuc4
5
vulnerability VCID-4an7-9ph4-mkd4
6
vulnerability VCID-4rfq-u488-sbh5
7
vulnerability VCID-6a22-c7x5-sqe2
8
vulnerability VCID-6mnf-2fcw-dqgp
9
vulnerability VCID-6urp-p9mn-cffv
10
vulnerability VCID-78ff-k66z-bkh7
11
vulnerability VCID-7r4g-gxc6-hubh
12
vulnerability VCID-7snt-7hyt-1fbx
13
vulnerability VCID-848u-w88s-5bbe
14
vulnerability VCID-8w4e-d49b-nbg8
15
vulnerability VCID-9tpm-8udy-c3cd
16
vulnerability VCID-a1g9-pyz5-9fca
17
vulnerability VCID-an3r-c2yp-1bbd
18
vulnerability VCID-bbh5-rss8-bfct
19
vulnerability VCID-bzqv-s7g3-wff9
20
vulnerability VCID-e6zr-4bgg-kkh5
21
vulnerability VCID-etcc-43a3-a7ek
22
vulnerability VCID-ev4k-5k1d-2bhu
23
vulnerability VCID-fgkd-jp96-cbcs
24
vulnerability VCID-fqkx-v8t5-q3h6
25
vulnerability VCID-gxsd-4nd9-gqgn
26
vulnerability VCID-j8hk-bqnb-gycp
27
vulnerability VCID-jp1p-rfxa-hyd9
28
vulnerability VCID-myhc-dyh9-xygg
29
vulnerability VCID-n1gz-y615-cbbk
30
vulnerability VCID-r3az-g422-gqf9
31
vulnerability VCID-rzx5-nv6h-qqhg
32
vulnerability VCID-sdjb-gp4t-vbgt
33
vulnerability VCID-tgyt-axv1-c7ag
34
vulnerability VCID-uq77-aax5-k7d8
35
vulnerability VCID-uua1-9rt1-dfbz
36
vulnerability VCID-w94g-xxea-23fb
37
vulnerability VCID-x3n3-tsjh-8kby
38
vulnerability VCID-y3zj-acc7-jkau
39
vulnerability VCID-ygw1-vqxg-z3h3
40
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.0.0
5
url pkg:composer/typo3/cms-core@10.4.40
purl pkg:composer/typo3/cms-core@10.4.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bzqv-s7g3-wff9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.40
6
url pkg:composer/typo3/cms-core@11.0.0
purl pkg:composer/typo3/cms-core@11.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-3hta-35zx-zuc4
3
vulnerability VCID-6a22-c7x5-sqe2
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-6urp-p9mn-cffv
6
vulnerability VCID-7r4g-gxc6-hubh
7
vulnerability VCID-7snt-7hyt-1fbx
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-9tpm-8udy-c3cd
10
vulnerability VCID-a1g9-pyz5-9fca
11
vulnerability VCID-an3r-c2yp-1bbd
12
vulnerability VCID-bzqv-s7g3-wff9
13
vulnerability VCID-c46m-ht19-ybc4
14
vulnerability VCID-etcc-43a3-a7ek
15
vulnerability VCID-ev4k-5k1d-2bhu
16
vulnerability VCID-fgkd-jp96-cbcs
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-fsx8-7qjz-2ubw
19
vulnerability VCID-gxsd-4nd9-gqgn
20
vulnerability VCID-j8hk-bqnb-gycp
21
vulnerability VCID-jp1p-rfxa-hyd9
22
vulnerability VCID-myhc-dyh9-xygg
23
vulnerability VCID-p3nb-urds-euf3
24
vulnerability VCID-rzx5-nv6h-qqhg
25
vulnerability VCID-sdjb-gp4t-vbgt
26
vulnerability VCID-uq77-aax5-k7d8
27
vulnerability VCID-uua1-9rt1-dfbz
28
vulnerability VCID-w94g-xxea-23fb
29
vulnerability VCID-x3n3-tsjh-8kby
30
vulnerability VCID-y3zj-acc7-jkau
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.0.0
7
url pkg:composer/typo3/cms-core@11.5.32
purl pkg:composer/typo3/cms-core@11.5.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bzqv-s7g3-wff9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.32
8
url pkg:composer/typo3/cms-core@12.0.0
purl pkg:composer/typo3/cms-core@12.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hta-35zx-zuc4
1
vulnerability VCID-5e9k-tfy9-ufcx
2
vulnerability VCID-6a22-c7x5-sqe2
3
vulnerability VCID-7r4g-gxc6-hubh
4
vulnerability VCID-7snt-7hyt-1fbx
5
vulnerability VCID-9tpm-8udy-c3cd
6
vulnerability VCID-an3r-c2yp-1bbd
7
vulnerability VCID-bzqv-s7g3-wff9
8
vulnerability VCID-etcc-43a3-a7ek
9
vulnerability VCID-fgkd-jp96-cbcs
10
vulnerability VCID-gxsd-4nd9-gqgn
11
vulnerability VCID-myhc-dyh9-xygg
12
vulnerability VCID-p3nb-urds-euf3
13
vulnerability VCID-rzx5-nv6h-qqhg
14
vulnerability VCID-uua1-9rt1-dfbz
15
vulnerability VCID-w94g-xxea-23fb
16
vulnerability VCID-x3n3-tsjh-8kby
17
vulnerability VCID-y3zj-acc7-jkau
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.0.0
9
url pkg:composer/typo3/cms-core@12.4.7
purl pkg:composer/typo3/cms-core@12.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bzqv-s7g3-wff9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.7
References
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2023-47127.yaml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2023-47127.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019
3
reference_url https://typo3.org/security/advisory/typo3-core-sa-2023-006
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2023-006
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-47127
reference_id CVE-2023-47127
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-47127
5
reference_url https://github.com/advisories/GHSA-3vmm-7h4j-69rm
reference_id GHSA-3vmm-7h4j-69rm
reference_type
scores
url https://github.com/advisories/GHSA-3vmm-7h4j-69rm
6
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm
reference_id GHSA-3vmm-7h4j-69rm
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 287
name Improper Authentication
description When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 302
name Authentication Bypass by Assumed-Immutable Data
description The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-bzqv-s7g3-wff9