GHSA-3w4h-r27h-4r2w
Suggest an improvement- Source
- https://github.com/advisories/GHSA-3w4h-r27h-4r2w
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3w4h-r27h-4r2w/GHSA-3w4h-r27h-4r2w.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-3w4h-r27h-4r2w
- Aliases
- Published
- 2022-05-24T21:59:47Z
- Modified
- 2024-02-20T15:42:03.012636Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- TYPO3 Image Processing susceptible to Code Execution
- Details
-
TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 is susceptible to remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick. For a successful exploit, the GhostScript binary
gsmust be available on the server system. - Database specific
{ "nvd_published_at": "2019-05-09T05:29:00Z", "cwe_ids": [ "CWE-20", "CWE-94" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-02-20T15:13:51Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-11832
- https://github.com/github/advisory-database/pull/3530
- https://github.com/TYPO3/typo3/commit/2c04eeac44733fda491f92c697f88c1337d19c79
- https://github.com/TYPO3/typo3/commit/51fdb774a57ee30e8d60c0e33b4a0b92d775739e
- https://github.com/TYPO3/typo3/commit/e845d90b82b2f72ab12a9e37f15082297832beca
- https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-11832.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-11832.yaml
- https://github.com/TYPO3/typo3
- https://typo3.org/security/advisory/typo3-core-sa-2019-012
Affected packages
Packagist / typo3/cms-core
Package
- Name
- typo3/cms-core
- Purl
- pkg:composer/typo3/cms-core
Packagist / typo3/cms-core
Package
- Name
- typo3/cms-core
- Purl
- pkg:composer/typo3/cms-core
Packagist / typo3/cms
Package
- Name
- typo3/cms
- Purl
- pkg:composer/typo3/cms
Affected versions
8.*
8.0.0
8.0.1
8.1.0
8.1.1
8.1.2
8.2.0
8.2.1
8.3.0
8.3.1
8.4.0
8.4.1
8.5.0
8.5.1
8.6.0
8.6.1
8.7.0
8.7.1
8.7.2
v8.*
v8.7.3
v8.7.4
v8.7.5
v8.7.6
v8.7.7
v8.7.8
v8.7.9
v8.7.10
v8.7.11
v8.7.12
v8.7.13
v8.7.14
v8.7.15
v8.7.16
v8.7.17
v8.7.18
v8.7.19
v8.7.20
v8.7.21
v8.7.22
v8.7.23
v8.7.24
Packagist / typo3/cms
Package
- Name
- typo3/cms
- Purl
- pkg:composer/typo3/cms