GHSA-vxmc-qg5x-pvfx

Source

https://github.com/advisories/GHSA-vxmc-qg5x-pvfx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-vxmc-qg5x-pvfx/GHSA-vxmc-qg5x-pvfx.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-vxmc-qg5x-pvfx

Aliases

CVE-2022-47410

Published

2022-12-14T21:30:16Z

Modified

2025-04-21T23:42:10.850744Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data

Details

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations.

Database specific

{
    "nvd_published_at": "2022-12-14T21:15:00Z",
    "cwe_ids": [
        "CWE-200",
        "CWE-668"
    ],
    "github_reviewed_at": "2025-04-21T22:51:49Z",
    "severity": "HIGH",
    "github_reviewed": true
}

References

Affected packages

Packagist / fixpunkt/fp-newsletter

Package

Name: fixpunkt/fp-newsletter
Purl: pkg:composer/fixpunkt/fp-newsletter

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-vxmc-qg5x-pvfx/GHSA-vxmc-qg5x-pvfx.json"

Packagist / fixpunkt/fp-newsletter

Package

Name: fixpunkt/fp-newsletter
Purl: pkg:composer/fixpunkt/fp-newsletter

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.2.0

Fixed

2.1.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-vxmc-qg5x-pvfx/GHSA-vxmc-qg5x-pvfx.json"

Packagist / fixpunkt/fp-newsletter

Package

Name: fixpunkt/fp-newsletter
Purl: pkg:composer/fixpunkt/fp-newsletter

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.2.6

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-vxmc-qg5x-pvfx/GHSA-vxmc-qg5x-pvfx.json"