Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-f837-rs5d-jbbp

Summary

Authentication Bypass in TYPO3 Frontend
Due to late TCA initialization the authentication service fails to restrict frontend user according to the validation rules. Therefore it is possible to authenticate restricted (e.g. disabled) frontend users.

Aliases

alias	GHSA-mh3r-6cp5-hc2j

Fixed_packages

url pkg:composer/typo3/cms@8.6.1

purl pkg:composer/typo3/cms@8.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-9saf-w56y-pugz

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bn3p-39sv-6fdg

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e564-zdku-9fc6

vulnerability	VCID-emqq-kwjg-3kfk

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-h7cg-64er-uya9

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-je4q-svfw-hqda

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-jqe4-8hzb-mfea

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-mctp-nf36-7qdn

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-q52p-xfj8-gygd

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-sy7r-d6pv-yba9

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-w1wb-mq2y-dfca

vulnerability	VCID-wy45-2gmr-fkfg

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-ygw4-jdqu-4fbt

vulnerability	VCID-yz6t-ge1y-qfgr

vulnerability	VCID-zmwv-gwq3-fkej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.6.1

Affected_packages

url pkg:composer/typo3/cms@8.2.0

purl pkg:composer/typo3/cms@8.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-2vpx-fqb6-aqfa

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-5dxs-cdht-27hw

vulnerability	VCID-5hm4-ms5p-uuae

vulnerability	VCID-66ru-n2df-b3ay

vulnerability	VCID-727q-h3ey-6yc9

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8jcy-3kje-fqeh

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-9saf-w56y-pugz

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bn3p-39sv-6fdg

vulnerability	VCID-d6c2-upx1-e7cd

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e564-zdku-9fc6

vulnerability	VCID-emqq-kwjg-3kfk

vulnerability	VCID-eutz-mj58-audb

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-f837-rs5d-jbbp

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-gk79-jtuz-myh6

vulnerability	VCID-h217-xe8x-nua3

vulnerability	VCID-h7cg-64er-uya9

vulnerability	VCID-h7hf-sf2q-73ay

vulnerability	VCID-hg2n-xera-jkdh

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-hzma-cduk-3uhp

vulnerability	VCID-jeqr-9tfu-f7b2

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-jqe4-8hzb-mfea

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-ks1q-a8x2-uqht

vulnerability	VCID-m3nc-xbb4-yubr

vulnerability	VCID-mctp-nf36-7qdn

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-q52p-xfj8-gygd

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-sy7r-d6pv-yba9

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-vq15-t92r-5bhx

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-wy45-2gmr-fkfg

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xh68-defe-f7ce

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-ygw4-jdqu-4fbt

vulnerability	VCID-yn6z-9v7k-x7br

vulnerability	VCID-yz6t-ge1y-qfgr

vulnerability	VCID-zmwv-gwq3-fkej

vulnerability	VCID-zrz3-3dnf-tbay

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.2.0

References

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-02-28-1.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-02-28-1.yaml

reference_url

https://github.com/advisories/GHSA-mh3r-6cp5-hc2j

reference_id

GHSA-mh3r-6cp5-hc2j

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mh3r-6cp5-hc2j

Weaknesses

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f837-rs5d-jbbp

Vulnerability Instance