VulnerableCode Package Details - pkg:composer/typo3/cms@3.3.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-au4n-kuzg-h3es Aliases: CVE-2009-0815 GHSA-c22j-84c7-cm77	TYPO3 leaks a hash secret in an error message The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.	4.0.12 Affected by 0 other vulnerabilities. 4.1.10 Affected by 0 other vulnerabilities. 4.2.6 Affected by 0 other vulnerabilities.
VCID-ye9t-zkkn-9bc2 Aliases: CVE-2009-0816 GHSA-jg55-3q6h-2ccf	Typo3 Backend XSS Vulnerability An Information Disclosure vulnerability in jumpUrl mechanism, used to track access on web pages and provided files, allows a remote attacker to read arbitrary files on a host. The expected value of a mandatory hash secret, intended to invalidate such requests, is exposed to remote users allowing them to bypass access control by providing the correct value. There's no authentication required to exploit this vulnerability. The vulnerability allows to read any file, the web server user account has access to.	4.0.12 Affected by 0 other vulnerabilities. 4.1.10 Affected by 0 other vulnerabilities. 4.2.6 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-au4n-kuzg-h3es
Aliases:
CVE-2009-0815
GHSA-c22j-84c7-cm77

TYPO3 leaks a hash secret in an error message The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.

4.0.12
Affected by 0 other vulnerabilities.

4.1.10
Affected by 0 other vulnerabilities.

4.2.6
Affected by 0 other vulnerabilities.

VCID-ye9t-zkkn-9bc2
Aliases:
CVE-2009-0816
GHSA-jg55-3q6h-2ccf

Typo3 Backend XSS Vulnerability An Information Disclosure vulnerability in jumpUrl mechanism, used to track access on web pages and provided files, allows a remote attacker to read arbitrary files on a host. The expected value of a mandatory hash secret, intended to invalidate such requests, is exposed to remote users allowing them to bypass access control by providing the correct value. There's no authentication required to exploit this vulnerability. The vulnerability allows to read any file, the web server user account has access to.

4.0.12
Affected by 0 other vulnerabilities.

4.1.10
Affected by 0 other vulnerabilities.

4.2.6
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-01T18:13:06.058462+00:00	GitLab Importer	Affected by	VCID-au4n-kuzg-h3es	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2009-0815.yml	36.1.3
2025-07-01T18:13:04.831736+00:00	GitLab Importer	Affected by	VCID-ye9t-zkkn-9bc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2009-0816.yml	36.1.3
2025-07-01T14:31:50.009152+00:00	GHSA Importer	Affected by	VCID-ye9t-zkkn-9bc2	https://github.com/advisories/GHSA-jg55-3q6h-2ccf	36.1.3
2025-07-01T14:31:49.967647+00:00	GHSA Importer	Affected by	VCID-au4n-kuzg-h3es	https://github.com/advisories/GHSA-c22j-84c7-cm77	36.1.3