GHSA-48ww-8h7g-4hwq

Source

https://github.com/advisories/GHSA-48ww-8h7g-4hwq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-48ww-8h7g-4hwq/GHSA-48ww-8h7g-4hwq.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-48ww-8h7g-4hwq

Aliases

CVE-2010-3667

Published

2022-04-21T01:57:47Z

Modified

2024-02-06T23:56:35.637090Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

TYPO3 is vulnerable to Spam Abuse in the native form content element

Details

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element. An attacker could abuse the form to send mails to arbitrary email addresses.

Database specific

{
    "nvd_published_at": "2019-11-04T22:15:00Z",
    "cwe_ids": [
        "CWE-20"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-06T23:33:25Z"
}

References

Affected packages

Packagist / typo3/cms-frontend

Package

Name: typo3/cms-frontend
Purl: pkg:composer/typo3/cms-frontend

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.1.14

Packagist / typo3/cms-frontend

Package

Name: typo3/cms-frontend
Purl: pkg:composer/typo3/cms-frontend

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.2.0

Fixed

4.2.13

Packagist / typo3/cms-frontend

Package

Name: typo3/cms-frontend
Purl: pkg:composer/typo3/cms-frontend

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.4

Packagist / typo3/cms-frontend

Package

Name: typo3/cms-frontend
Purl: pkg:composer/typo3/cms-frontend

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.1