typo3/cms-core vulnerabilities

The core library of TYPO3.

Latest version: v9.5.5

View on Packagist.org
Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the typo3/cms-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability Vulnerable versions Snyk patch Published
  • M
Information Disclosure
>=8.0.0, <8.7.23,>=9.0.0, <9.5.4 Not available 22 Jan, 2019
  • M
Broken Access Control
>=8.0.0, <8.7.23,>=9.0.0, <9.5.4 Not available 22 Jan, 2019
  • M
Cross-Site Scripting (XSS)
>=8.0.0, <8.7.23,>=9.0.0, <9.5.4 Not available 22 Jan, 2019
  • M
Cross-Site Scripting (XSS)
>=8.0.0, <8.7.23,>=9.0.0, <9.5.4 Not available 22 Jan, 2019
  • M
Cross-Site Scripting (XSS)
>=9.0.0, <9.5.4 Not available 22 Jan, 2019
  • H
Arbitrary Code Execution
>=8.0.0, <8.7.23,>=9.0.0, <9.5.4 Not available 22 Jan, 2019
  • H
Security Misconfiguration
>=8.0.0, <8.7.23,>=9.0.0, <9.5.4 Not available 22 Jan, 2019
  • M
Cross-Site Scripting (XSS)
>=8.0.0, <8.7.21,>=7.0.0, <7.6.32,>=9.0.0, <9.5.2 Not available 12 Dec, 2018
  • M
Cross-site Scripting (XSS)
>=8.0.0, <8.7.21,>=7.5.0, <7.6.32,>=9.0.0, <9.5.2 Not available 12 Dec, 2018
  • M
Information Exposure
>=8.0.0, <8.7.21,>=7.0.0, <7.6.32,>=9.0.0, <9.5.2 Not available 12 Dec, 2018
  • H
Denial of Service (DOS)
>=8.0.0, <8.7.21,>=7.0.0, <7.6.32,>=9.0.0, <9.5.2 Not available 12 Dec, 2018
  • M
Denial of Service (DOS)
>=8.0.0, <8.7.21 Not available 12 Dec, 2018
  • M
Cross-Site Scripting (XSS)
>=8.5.0, <8.7.21,>=9.0.0, <9.5.2 Not available 12 Dec, 2018
  • H
Insecure Deserialization
>=8.5.0, <8.7.17,>=9.0.0, <9.3.2 Not available 23 Jul, 2018
  • H
Arbitrary Code Execution
>=8.0.0, <8.7.17,>=9.0.0, <9.3.2 Not available 23 Jul, 2018
  • H
SQL Injection
>=8.5.0, <8.7.17,>=9.0.0, <9.3.2 Not available 19 Jul, 2018
  • M
Authentication Bypass
>=8.0.0, <8.7.17,>=9.0.0, <9.3.2 Not available 19 Jul, 2018