GHSA-p9jg-9w87-6rg4

Source

https://github.com/advisories/GHSA-p9jg-9w87-6rg4

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p9jg-9w87-6rg4/GHSA-p9jg-9w87-6rg4.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-p9jg-9w87-6rg4

Aliases

CVE-2013-4320

Published

2022-05-17T04:43:27Z

Modified

2023-11-08T03:57:22.205125Z

Summary

TYPO3 Improper Access Management in the File Abstraction Layer

Details

The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.

Database specific

{
    "nvd_published_at": "2014-05-20T14:55:00Z",
    "cwe_ids": [
        "CWE-284"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-28T23:35:04Z"
}

References

Affected packages

Packagist / typo3/cms-core

Package

Name: typo3/cms-core
Purl: pkg:composer/typo3/cms-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0

Fixed

6.0.9

Packagist / typo3/cms-core

Package

Name: typo3/cms-core
Purl: pkg:composer/typo3/cms-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.1

Fixed

6.1.4