Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12NHZtLWdqMngtNnFobc4AAgWB
DCE extension for Typo3 Discloses Environment Information
The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request.
Permalink: https://github.com/advisories/GHSA-v4vm-gj2x-6qhmJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NHZtLWdqMngtNnFobc4AAgWB
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: over 1 year ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Percentage: 0.00211
EPSS Percentile: 0.59518
Identifiers: GHSA-v4vm-gj2x-6qhm, CVE-2014-8328
References:
- https://nvd.nist.gov/vuln/detail/CVE-2014-8328
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97673
- http://typo3.org/extensions/repository/view/dce
- http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-015/
- https://github.com/advisories/GHSA-v4vm-gj2x-6qhm
Affected Packages
packagist:t3/dce
Dependent packages: 2Dependent repositories: 3
Downloads: 328,065 total
Affected Version Ranges: < 0.11.5
Fixed in: 0.11.5
All affected versions:
All unaffected versions: 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.3.8, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.4.10, 1.4.11, 1.5.0, 1.5.1, 1.5.2, 1.6.0, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.1.0, 2.2.0, 2.2.1, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.7.6, 2.7.7, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.9.0, 2.9.1, 2.9.2, 2.9.3, 2.9.4, 2.9.5, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4