CVE-2022-23500
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-23500
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23500.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-23500
- Aliases
- Published
- 2022-12-14T07:07:05Z
- Modified
- 2025-10-14T19:03:58.931889Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- TYPO3 subject to Uncontrolled Recursion resulting in Denial of Service
- Details
-
TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This vulnerability is very similar, but not identical, to the one described in CVE-2021-21359. This issue is patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20 or 12.1.1.
- References
Affected packages
Git / github.com/TYPO3/typo3
Affected ranges
- Type
- GIT
- Repo
- https://github.com/TYPO3/typo3
- Events
- Type
- GIT
- Repo
- https://github.com/TYPO3/typo3
- Events
- Type
- GIT
- Repo
- https://github.com/TYPO3/typo3
- Events
Affected versions
v10.*
v10.0.0
v10.1.0
v10.2.0
v10.3.0
v10.4.0
v10.4.1
v10.4.10
v10.4.11
v10.4.12
v10.4.13
v10.4.14
v10.4.15
v10.4.16
v10.4.17
v10.4.18
v10.4.19
v10.4.2
v10.4.20
v10.4.21
v10.4.22
v10.4.23
v10.4.24
v10.4.25
v10.4.26
v10.4.27
v10.4.28
v10.4.29
v10.4.3
v10.4.30
v10.4.31
v10.4.32
v10.4.4
v10.4.5
v10.4.6
v10.4.7
v10.4.8
v10.4.9
v11.*
v11.0.0
v11.1.0
v11.2.0
v11.3.0
v11.4.0
v11.5.0
v11.5.1
v11.5.10
v11.5.11
v11.5.12
v11.5.13
v11.5.14
v11.5.15
v11.5.16
v11.5.17
v11.5.18
v11.5.19
v11.5.2
v11.5.3
v11.5.4
v11.5.5
v11.5.6
v11.5.7
v11.5.8
v11.5.9
v12.*
v12.0.0