Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/47012?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47012?format=api", "vulnerability_id": "VCID-uua1-9rt1-dfbz", "summary": "Improper Access Control\nTYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.", "aliases": [ { "alias": "CVE-2024-25120" }, { "alias": "GHSA-wf85-8hx9-gj7c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68934?format=api", "purl": "pkg:composer/typo3/cms-core@8.7.57", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.57" }, { "url": "http://public2.vulnerablecode.io/api/packages/68935?format=api", "purl": "pkg:composer/typo3/cms-core@9.5.46", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.46" }, { "url": "http://public2.vulnerablecode.io/api/packages/68936?format=api", "purl": "pkg:composer/typo3/cms-core@10.4.43", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.43" }, { "url": "http://public2.vulnerablecode.io/api/packages/68937?format=api", "purl": "pkg:composer/typo3/cms-core@11.5.35", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.35" }, { "url": "http://public2.vulnerablecode.io/api/packages/68938?format=api", "purl": "pkg:composer/typo3/cms-core@12.4.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/68939?format=api", "purl": "pkg:composer/typo3/cms-core@13.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.0.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56072?format=api", "purl": "pkg:composer/typo3/cms-core@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1knh-es99-dubw" }, { "vulnerability": "VCID-1prg-c74k-37ec" }, { "vulnerability": "VCID-2m67-xdxz-ryc2" }, { "vulnerability": "VCID-2rhr-8vaz-hqfj" }, { "vulnerability": "VCID-3hta-35zx-zuc4" }, { "vulnerability": "VCID-6ffw-r4k7-5qf8" }, { "vulnerability": "VCID-6q7t-kdrg-8qc3" }, { "vulnerability": "VCID-6rgp-dzw1-kycx" }, { "vulnerability": "VCID-7ch1-q9f4-a7bt" }, { "vulnerability": "VCID-7r4g-gxc6-hubh" }, { "vulnerability": "VCID-82ds-xda8-5ye4" }, { "vulnerability": "VCID-8sek-v483-8ueu" }, { "vulnerability": "VCID-b92x-56ng-3ygy" }, { "vulnerability": "VCID-bzqv-s7g3-wff9" }, { "vulnerability": "VCID-cg7w-xkyg-abgj" }, { "vulnerability": "VCID-cv9x-ea8e-pufu" }, { "vulnerability": "VCID-daz8-j1ns-rkgt" }, { "vulnerability": "VCID-e8ze-umec-a7hx" }, { "vulnerability": "VCID-e9jc-8mpp-fkgh" }, { "vulnerability": "VCID-hfcx-1kuh-p3ez" }, { "vulnerability": "VCID-hnyk-614g-yuhy" }, { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-k8r2-2ak8-qkak" }, { "vulnerability": "VCID-n56h-zuzr-ruhf" }, { "vulnerability": "VCID-nyw8-q5ef-2fcv" }, { "vulnerability": "VCID-pwh8-c992-vqav" }, { "vulnerability": "VCID-qr1u-kcn9-cuf6" }, { "vulnerability": "VCID-qxab-9uwr-yqhv" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-uaf3-fyst-u7gm" }, { "vulnerability": "VCID-uncp-sa58-ufdd" }, { "vulnerability": "VCID-uq77-aax5-k7d8" }, { "vulnerability": "VCID-uua1-9rt1-dfbz" }, { "vulnerability": "VCID-w94g-xxea-23fb" }, { "vulnerability": "VCID-wm4a-hcvt-vkbk" }, { "vulnerability": "VCID-y3zj-acc7-jkau" }, { "vulnerability": "VCID-z2bk-m2kw-h3c9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/68928?format=api", "purl": "pkg:composer/typo3/cms-core@8.7.56", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7r4g-gxc6-hubh" }, { "vulnerability": "VCID-uua1-9rt1-dfbz" }, { "vulnerability": "VCID-w94g-xxea-23fb" }, { "vulnerability": "VCID-y3zj-acc7-jkau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.56" }, { "url": "http://public2.vulnerablecode.io/api/packages/56073?format=api", "purl": "pkg:composer/typo3/cms-core@9.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1knh-es99-dubw" }, { "vulnerability": "VCID-1prg-c74k-37ec" }, { "vulnerability": "VCID-23ss-xwrm-1qcu" }, { "vulnerability": "VCID-2m67-xdxz-ryc2" }, { "vulnerability": "VCID-2rhr-8vaz-hqfj" }, { "vulnerability": "VCID-3hta-35zx-zuc4" }, { "vulnerability": "VCID-6ffw-r4k7-5qf8" }, { "vulnerability": "VCID-6q7t-kdrg-8qc3" }, { "vulnerability": "VCID-6rgp-dzw1-kycx" }, { "vulnerability": "VCID-7ch1-q9f4-a7bt" }, { "vulnerability": "VCID-7r4g-gxc6-hubh" }, { "vulnerability": "VCID-82ds-xda8-5ye4" }, { "vulnerability": "VCID-8sek-v483-8ueu" }, { "vulnerability": "VCID-a1g9-pyz5-9fca" }, { "vulnerability": "VCID-bzqv-s7g3-wff9" }, { "vulnerability": "VCID-cf9m-qdyj-eyav" }, { "vulnerability": "VCID-cv9x-ea8e-pufu" }, { "vulnerability": "VCID-daz8-j1ns-rkgt" }, { "vulnerability": "VCID-e8ze-umec-a7hx" }, { "vulnerability": "VCID-e9jc-8mpp-fkgh" }, { "vulnerability": "VCID-efrn-3w2z-xyaf" }, { "vulnerability": "VCID-hfcx-1kuh-p3ez" }, { "vulnerability": "VCID-hnyk-614g-yuhy" }, { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-k8r2-2ak8-qkak" }, { "vulnerability": "VCID-n56h-zuzr-ruhf" }, { "vulnerability": "VCID-nyw8-q5ef-2fcv" }, { "vulnerability": "VCID-pwh8-c992-vqav" }, { "vulnerability": "VCID-qr1u-kcn9-cuf6" }, { "vulnerability": "VCID-qxab-9uwr-yqhv" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-uaf3-fyst-u7gm" }, { "vulnerability": "VCID-uncp-sa58-ufdd" }, { "vulnerability": "VCID-uq77-aax5-k7d8" }, { "vulnerability": "VCID-uua1-9rt1-dfbz" }, { "vulnerability": "VCID-v7b1-x8hy-2kcg" }, { "vulnerability": "VCID-w94g-xxea-23fb" }, { "vulnerability": "VCID-wm4a-hcvt-vkbk" }, { "vulnerability": "VCID-x5jb-yj3d-qbdf" }, { "vulnerability": "VCID-y3zj-acc7-jkau" }, { "vulnerability": "VCID-z2bk-m2kw-h3c9" }, { "vulnerability": "VCID-zbm9-cx69-wqg3" }, { "vulnerability": "VCID-zhcb-h8ph-7uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/68929?format=api", "purl": "pkg:composer/typo3/cms-core@9.5.45", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7r4g-gxc6-hubh" }, { "vulnerability": "VCID-uua1-9rt1-dfbz" }, { "vulnerability": "VCID-w94g-xxea-23fb" }, { "vulnerability": "VCID-y3zj-acc7-jkau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.45" }, { "url": "http://public2.vulnerablecode.io/api/packages/58460?format=api", "purl": "pkg:composer/typo3/cms-core@10.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rhr-8vaz-hqfj" }, { "vulnerability": "VCID-3hta-35zx-zuc4" }, { "vulnerability": "VCID-6a22-c7x5-sqe2" }, { "vulnerability": "VCID-7r4g-gxc6-hubh" }, { "vulnerability": "VCID-9tpm-8udy-c3cd" }, { "vulnerability": "VCID-a1g9-pyz5-9fca" }, { "vulnerability": "VCID-bzqv-s7g3-wff9" }, { "vulnerability": "VCID-gxsd-4nd9-gqgn" }, { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-uq77-aax5-k7d8" }, { "vulnerability": "VCID-uua1-9rt1-dfbz" }, { "vulnerability": "VCID-w94g-xxea-23fb" }, { "vulnerability": "VCID-y3zj-acc7-jkau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/68930?format=api", "purl": "pkg:composer/typo3/cms-core@10.4.42", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7r4g-gxc6-hubh" }, { "vulnerability": "VCID-uua1-9rt1-dfbz" }, { "vulnerability": "VCID-w94g-xxea-23fb" }, { "vulnerability": "VCID-y3zj-acc7-jkau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.42" }, { "url": "http://public2.vulnerablecode.io/api/packages/58462?format=api", "purl": "pkg:composer/typo3/cms-core@11.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rhr-8vaz-hqfj" }, { "vulnerability": "VCID-3hta-35zx-zuc4" }, { "vulnerability": "VCID-6a22-c7x5-sqe2" }, { "vulnerability": "VCID-7r4g-gxc6-hubh" }, { "vulnerability": "VCID-9tpm-8udy-c3cd" }, { "vulnerability": "VCID-a1g9-pyz5-9fca" }, { "vulnerability": "VCID-bzqv-s7g3-wff9" }, { "vulnerability": "VCID-fsx8-7qjz-2ubw" }, { "vulnerability": "VCID-gxsd-4nd9-gqgn" }, { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-uq77-aax5-k7d8" }, { "vulnerability": "VCID-uua1-9rt1-dfbz" }, { "vulnerability": "VCID-w94g-xxea-23fb" }, { "vulnerability": "VCID-y3zj-acc7-jkau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/68931?format=api", "purl": "pkg:composer/typo3/cms-core@11.5.34", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7r4g-gxc6-hubh" }, { "vulnerability": "VCID-uua1-9rt1-dfbz" }, { "vulnerability": "VCID-w94g-xxea-23fb" }, { "vulnerability": "VCID-y3zj-acc7-jkau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.34" }, { "url": "http://public2.vulnerablecode.io/api/packages/63852?format=api", "purl": "pkg:composer/typo3/cms-core@12.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hta-35zx-zuc4" }, { "vulnerability": "VCID-6a22-c7x5-sqe2" }, { "vulnerability": "VCID-7r4g-gxc6-hubh" }, { "vulnerability": "VCID-9tpm-8udy-c3cd" }, { "vulnerability": "VCID-bzqv-s7g3-wff9" }, { "vulnerability": "VCID-gxsd-4nd9-gqgn" }, { "vulnerability": "VCID-uua1-9rt1-dfbz" }, { "vulnerability": "VCID-w94g-xxea-23fb" }, { "vulnerability": "VCID-y3zj-acc7-jkau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/68932?format=api", "purl": "pkg:composer/typo3/cms-core@12.4.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7r4g-gxc6-hubh" }, { "vulnerability": "VCID-uua1-9rt1-dfbz" }, { "vulnerability": "VCID-w94g-xxea-23fb" }, { "vulnerability": "VCID-y3zj-acc7-jkau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/68933?format=api", "purl": "pkg:composer/typo3/cms-core@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hta-35zx-zuc4" }, { "vulnerability": "VCID-7r4g-gxc6-hubh" }, { "vulnerability": "VCID-9tpm-8udy-c3cd" }, { "vulnerability": "VCID-uua1-9rt1-dfbz" }, { "vulnerability": "VCID-w94g-xxea-23fb" }, { "vulnerability": "VCID-y3zj-acc7-jkau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.0.0" } ], "references": [ { "reference_url": "https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/2de87ff113ba24333ab7cbb8078588743f8958d6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/2de87ff113ba24333ab7cbb8078588743f8958d6" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/33f4d279b82bca0a509227a17065244c6156e68f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/33f4d279b82bca0a509227a17065244c6156e68f" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/ae0dfc4c058a90c10eedb3f49cfaf33164d21cdd", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/commit/ae0dfc4c058a90c10eedb3f49cfaf33164d21cdd" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2024-005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2024-005" }, { "reference_url": "https://github.com/advisories/GHSA-wf85-8hx9-gj7c", "reference_id": "GHSA-wf85-8hx9-gj7c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wf85-8hx9-gj7c" }, { "reference_url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c", "reference_id": "GHSA-wf85-8hx9-gj7c", "reference_type": "", "scores": [], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 200, "name": "Exposure of Sensitive Information to an Unauthorized Actor", "description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information." }, { "cwe_id": 284, "name": "Improper Access Control", "description": "The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uua1-9rt1-dfbz" }