Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12NHZtLWdqMngtNnFobc4AAgWB
DCE extension for Typo3 Discloses Environment Information
The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request.
Permalink: https://github.com/advisories/GHSA-v4vm-gj2x-6qhmJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NHZtLWdqMngtNnFobc4AAgWB
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 9 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-v4vm-gj2x-6qhm, CVE-2014-8328
References:
- https://nvd.nist.gov/vuln/detail/CVE-2014-8328
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97673
- http://typo3.org/extensions/repository/view/dce
- http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-015/
- https://github.com/advisories/GHSA-v4vm-gj2x-6qhm
Affected Packages
packagist:t3/dce
Dependent packages: 2Dependent repositories: 3
Downloads: 275,400 total
Affected Version Ranges: < 0.11.5
Fixed in: 0.11.5
All affected versions:
All unaffected versions: 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.3.8, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.4.10, 1.4.11, 1.5.0, 1.5.1, 1.5.2, 1.6.0, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.1.0, 2.2.0, 2.2.1, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.7.6, 2.7.7, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.9.0, 2.9.1, 2.9.2, 2.9.3, 2.9.4, 2.9.5, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.1.3