GHSA-jxg5-35fj-ccwf

Source

https://github.com/advisories/GHSA-jxg5-35fj-ccwf

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jxg5-35fj-ccwf/GHSA-jxg5-35fj-ccwf.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-jxg5-35fj-ccwf

Aliases

CVE-2016-5091

Published

2022-05-17T03:02:43Z

Modified

2023-11-08T03:58:30.964280Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Extbase for TYPO3 allows RCE

Details

Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.

Database specific

{
    "nvd_published_at": "2017-01-23T21:59:00Z",
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-31T21:01:24Z"
}

References

Affected packages

Packagist / typo3/cms-extbase

Package

Name: typo3/cms-extbase
Purl: pkg:composer/typo3/cms-extbase

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.2.24

Packagist / typo3/cms-extbase

Package

Name: typo3/cms-extbase
Purl: pkg:composer/typo3/cms-extbase

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0

Fixed

7.6.8

Packagist / typo3/cms-extbase

Package

Name: typo3/cms-extbase
Purl: pkg:composer/typo3/cms-extbase

Affected ranges

Affected versions

8.*

8.1.1