GHSA-2rxh-h6h9-qrqc

Source

https://github.com/advisories/GHSA-2rxh-h6h9-qrqc

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/05/GHSA-2rxh-h6h9-qrqc/GHSA-2rxh-h6h9-qrqc.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-2rxh-h6h9-qrqc

Aliases

Published

2020-05-13T23:18:38Z

Modified

2024-02-16T08:11:20.960820Z

Severity

8.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H CVSS Calculator

Summary

Class destructors causing side-effects when being unserialized in TYPO3 CMS

Details

Calling unserialize() on malicious user-submitted content can result in the following scenarios: - trigger deletion of arbitrary directory in file system (if writable for web server) - trigger message submission via email using identity of web site (mail relay)

Another insecure deserialization vulnerability is required to actually exploit mentioned aspects.

Update to TYPO3 versions 9.5.17 or 10.4.2 that fix the problem described.

References

https://typo3.org/security/advisory/typo3-core-sa-2020-004

Database specific

{
    "nvd_published_at": "2020-05-14T00:15:00Z",
    "cwe_ids": [
        "CWE-1321",
        "CWE-915"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2020-05-13T23:17:19Z"
}

References

Affected packages

Packagist / typo3/cms-core

Package

Name: typo3/cms-core
Purl: pkg:composer/typo3/cms-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9.0.0

Fixed

9.5.17

Affected versions

v9.*

v9.0.0

v9.1.0

v9.2.0

v9.2.1

v9.3.0

v9.3.1

v9.3.2

v9.3.3

v9.4.0

v9.5.0

v9.5.1

v9.5.2

v9.5.3

v9.5.4

v9.5.5

v9.5.6

v9.5.7

v9.5.8

v9.5.9

v9.5.10

v9.5.11

v9.5.12

v9.5.13

v9.5.14

v9.5.15

v9.5.16

Packagist / typo3/cms-core

Package

Name: typo3/cms-core
Purl: pkg:composer/typo3/cms-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

10.0.0

Fixed

10.4.2

Affected versions

v10.*

v10.0.0

v10.1.0

v10.2.0

v10.2.1

v10.2.2

v10.3.0

v10.4.0

v10.4.1

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

10.0.0

Fixed

10.4.2

Affected versions

v10.*

v10.0.0

v10.1.0

v10.2.0

v10.2.1

v10.2.2

v10.3.0

v10.4.0

v10.4.1

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9.0.0

Fixed

9.5.17

Affected versions

v9.*

v9.0.0

v9.1.0

v9.2.0

v9.2.1

v9.3.0

v9.3.1

v9.3.2

v9.3.3

v9.4.0

v9.5.0

v9.5.1

v9.5.2

v9.5.3

v9.5.4

v9.5.5

v9.5.6

v9.5.7

v9.5.8

v9.5.9

v9.5.10

v9.5.11

v9.5.12

v9.5.13

v9.5.14

v9.5.15

v9.5.16