Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/58115?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58115?format=api", "vulnerability_id": "VCID-aeeg-apyz-huda", "summary": "TYPO3 Improper Access Management in the File Abstraction Layer\nThe File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.", "aliases": [ { "alias": "CVE-2013-4320" }, { "alias": "GHSA-p9jg-9w87-6rg4" } ], "fixed_packages": [], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55272?format=api", "purl": "pkg:composer/typo3/cms-core@6.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3gdb-nxp2-afgk" }, { "vulnerability": "VCID-75re-n41m-y3et" }, { "vulnerability": "VCID-8ahj-xadv-xbhr" }, { "vulnerability": "VCID-aeeg-apyz-huda" }, { "vulnerability": "VCID-bbrf-qfw6-w3fx" }, { "vulnerability": "VCID-ftr5-c6nt-gbh4" }, { "vulnerability": "VCID-mz1q-ugmv-4ban" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@6.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/993528?format=api", "purl": "pkg:composer/typo3/cms-core@6.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-75re-n41m-y3et" }, { "vulnerability": "VCID-8ahj-xadv-xbhr" }, { "vulnerability": "VCID-aeeg-apyz-huda" }, { "vulnerability": "VCID-bbrf-qfw6-w3fx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@6.1.0" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4320", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.31857", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32379", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32205", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32084", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32372", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32521", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32557", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.3238", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32429", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32456", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.3246", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32422", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32394", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.3243", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32408", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4320" }, { "reference_url": "https://github.com/TYPO3-CMS/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3-CMS/core" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4320", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4320" }, { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003" }, { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003/" }, { "reference_url": "https://github.com/advisories/GHSA-p9jg-9w87-6rg4", "reference_id": "GHSA-p9jg-9w87-6rg4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p9jg-9w87-6rg4" } ], "weaknesses": [ { "cwe_id": 284, "name": "Improper Access Control", "description": "The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 264, "name": "Permissions, Privileges, and Access Controls", "description": "Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aeeg-apyz-huda" }