GHSA-hvwx-qh2h-xcfj

Source

https://github.com/advisories/GHSA-hvwx-qh2h-xcfj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-hvwx-qh2h-xcfj/GHSA-hvwx-qh2h-xcfj.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hvwx-qh2h-xcfj

Aliases

CVE-2022-23499

Published

2022-12-13T16:59:12Z

Modified

2023-11-08T04:08:19.452526Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

TYPO3 HTML Sanitizer vulnerable to Cross-Site Scripting

Details

Problem

Due to a parsing issue in the upstream package masterminds/html5, malicious markup used in a sequence with special HTML CDATA sections cannot be filtered and sanitized. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer.

Besides that, the upstream package masterminds/html5 provides HTML raw text elements (script, style, noframes, noembed and iframe) as DOMText nodes, which were not processed and sanitized further. None of the mentioned elements were defined in the default builder configuration, that's why only custom behaviors, using one of those tag names, were vulnerable to cross-site scripting.

Solution

Update to typo3/html-sanitizer versions 1.5.0 or 2.1.1 that fix the problem described.

Database specific

{
    "nvd_published_at": "2022-12-13T21:15:00Z",
    "github_reviewed_at": "2022-12-13T16:59:12Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Packagist / typo3/html-sanitizer

Package

Name: typo3/html-sanitizer
Purl: pkg:composer/typo3/html-sanitizer

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.5.0

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

Packagist / typo3/html-sanitizer

Package

Name: typo3/html-sanitizer
Purl: pkg:composer/typo3/html-sanitizer

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.1.1

Affected versions

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.7

v2.0.8

v2.0.9

v2.0.10

v2.0.11

v2.0.12

v2.0.13

v2.0.14

v2.0.15

v2.0.16

v2.1.0

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

10.0.0

Fixed

10.4.33

Affected versions

v10.*

v10.0.0

v10.1.0

v10.2.0

v10.2.1

v10.2.2

v10.3.0

v10.4.0

v10.4.1

v10.4.2

v10.4.3

v10.4.4

v10.4.5

v10.4.6

v10.4.7

v10.4.8

v10.4.9

v10.4.10

v10.4.11

v10.4.12

v10.4.13

v10.4.14

v10.4.15

v10.4.16

v10.4.17

v10.4.18

v10.4.19

v10.4.20

v10.4.21

v10.4.22

v10.4.23

v10.4.24

v10.4.25

v10.4.26

v10.4.27

v10.4.28

v10.4.29

v10.4.30

v10.4.31

v10.4.32

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

11.0.0

Fixed

11.5.20

Affected versions

v11.*

v11.0.0

v11.1.0

v11.1.1

v11.2.0

v11.3.0

v11.3.1

v11.3.2

v11.3.3

v11.4.0

v11.5.0

v11.5.1

v11.5.2

v11.5.3

v11.5.4

v11.5.5

v11.5.6

v11.5.7

v11.5.8

v11.5.9

v11.5.10

v11.5.11

v11.5.12

v11.5.13

v11.5.14

v11.5.15

v11.5.16

v11.5.17

v11.5.18

v11.5.19

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12.0.0

Fixed

12.1.1

Affected versions

v12.*

v12.0.0

v12.1.0