GHSA-v4vm-gj2x-6qhm

Suggest an improvement
Source
https://github.com/advisories/GHSA-v4vm-gj2x-6qhm
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v4vm-gj2x-6qhm/GHSA-v4vm-gj2x-6qhm.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-v4vm-gj2x-6qhm
Aliases
  • CVE-2014-8328
Published
2022-05-17T19:57:24Z
Modified
2023-11-08T03:57:45.721180Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
DCE extension for Typo3 Discloses Environment Information
Details

The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request.

Database specific 
{
    "nvd_published_at": "2020-02-03T14:15:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-15T22:34:06Z"
}
References

Affected packages

Packagist / t3/dce

Package

Name
t3/dce
Purl
pkg:composer/t3/dce

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.11.5