GHSA-7jfm-px59-99w8

Source

https://github.com/advisories/GHSA-7jfm-px59-99w8

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7jfm-px59-99w8/GHSA-7jfm-px59-99w8.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7jfm-px59-99w8

Aliases

CVE-2012-1605

Published

2022-05-17T05:23:50Z

Modified

2023-11-08T03:57:04.090435Z

Summary

Typo3 Extbase Framework Unsafe Deserialization

Details

The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."

Database specific

{
    "nvd_published_at": "2012-09-04T20:55:00Z",
    "cwe_ids": [
        "CWE-502"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-29T23:30:37Z"
}

References

Affected packages

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.6

Fixed

4.6.7

Database specific

{
    "last_known_affected_version_range": "<= 4.6.6"
}

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.14

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.5.0

Fixed

4.5.14