{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54268?format=json","vulnerability_id":"VCID-7cr6-ywt3-dqf8","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nThe vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper.","aliases":[{"alias":"CVE-2021-28381"},{"alias":"GHSA-wq4r-8342-jmc9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80143?format=json","purl":"pkg:composer/fluidtypo3/vhs@5.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@5.1.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/296035?format=json","purl":"pkg:composer/fluidtypo3/vhs@1.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@1.8.3"},{"url":"http://public2.vulnerablecode.io/api/packages/296036?format=json","purl":"pkg:composer/fluidtypo3/vhs@1.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@1.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/296037?format=json","purl":"pkg:composer/fluidtypo3/vhs@2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@2.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/296038?format=json","purl":"pkg:composer/fluidtypo3/vhs@2.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@2.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/296039?format=json","purl":"pkg:composer/fluidtypo3/vhs@2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@2.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/296040?format=json","purl":"pkg:composer/fluidtypo3/vhs@2.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@2.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/296041?format=json","purl":"pkg:composer/fluidtypo3/vhs@2.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@2.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/296042?format=json","purl":"pkg:composer/fluidtypo3/vhs@2.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@2.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/296043?format=json","purl":"pkg:composer/fluidtypo3/vhs@2.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@2.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/296044?format=json","purl":"pkg:composer/fluidtypo3/vhs@2.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@2.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/296045?format=json","purl":"pkg:composer/fluidtypo3/vhs@2.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@2.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/296046?format=json","purl":"pkg:composer/fluidtypo3/vhs@2.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@2.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/296047?format=json","purl":"pkg:composer/fluidtypo3/vhs@2.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@2.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/296048?format=json","purl":"pkg:composer/fluidtypo3/vhs@2.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@2.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/296049?format=json","purl":"pkg:composer/fluidtypo3/vhs@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@3.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/296050?format=json","purl":"pkg:composer/fluidtypo3/vhs@3.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@3.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/296051?format=json","purl":"pkg:composer/fluidtypo3/vhs@3.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@3.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/296052?format=json","purl":"pkg:composer/fluidtypo3/vhs@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@4.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/296053?format=json","purl":"pkg:composer/fluidtypo3/vhs@4.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@4.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/296054?format=json","purl":"pkg:composer/fluidtypo3/vhs@4.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@4.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/296055?format=json","purl":"pkg:composer/fluidtypo3/vhs@4.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@4.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/296056?format=json","purl":"pkg:composer/fluidtypo3/vhs@4.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@4.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/296057?format=json","purl":"pkg:composer/fluidtypo3/vhs@4.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@4.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/296058?format=json","purl":"pkg:composer/fluidtypo3/vhs@4.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@4.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/296059?format=json","purl":"pkg:composer/fluidtypo3/vhs@4.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@4.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/296060?format=json","purl":"pkg:composer/fluidtypo3/vhs@5.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@5.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/296061?format=json","purl":"pkg:composer/fluidtypo3/vhs@5.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@5.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/296062?format=json","purl":"pkg:composer/fluidtypo3/vhs@5.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7cr6-ywt3-dqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/fluidtypo3/vhs@5.1.0"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28381","reference_id":"","reference_type":"","scores":[{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58896","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28381"},{"reference_url":"https://typo3.org/security/advisory/typo3-ext-sa-2021-001","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/security/advisory/typo3-ext-sa-2021-001"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28381","reference_id":"CVE-2021-28381","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28381"},{"reference_url":"https://github.com/advisories/GHSA-wq4r-8342-jmc9","reference_id":"GHSA-wq4r-8342-jmc9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wq4r-8342-jmc9"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":89,"name":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","description":"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":"5.4 - 10.0","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7cr6-ywt3-dqf8"}