Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00NTc2LXBnaDItZzM0as4AA5P1
derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module
The existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the RedirectResponse from the $this->redirect() function was never handled.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00NTc2LXBnaDItZzM0as4AA5P1
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 3 months ago
Updated: 3 months ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-4576-pgh2-g34j, CVE-2024-24751
References:
- https://github.com/derhansen/sf_event_mgt/security/advisories/GHSA-4576-pgh2-g34j
- https://github.com/derhansen/sf_event_mgt/commit/a08c2cd48695c07e462d15eeb70434ddc0206e4c
- https://nvd.nist.gov/vuln/detail/CVE-2024-24751
- https://github.com/advisories/GHSA-4576-pgh2-g34j
Blast Radius: 2.1
Affected Packages
packagist:derhansen/sf_event_mgt
Dependent packages: 3Dependent repositories: 3
Downloads: 174,894 total
Affected Version Ranges: >= 7.0.0, < 7.4.0
Fixed in: 7.4.0
All affected versions: 7.0.0, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.2.0, 7.3.0, 7.3.1, 7.3.2, 7.3.3
All unaffected versions: 1.2.0, 1.4.0, 1.4.1, 1.5.0, 1.6.0, 1.6.1, 1.7.0, 1.7.1, 1.8.0, 1.8.1, 2.0.0, 2.1.0, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.2.0, 5.3.0, 5.4.0, 5.4.1, 5.4.2, 5.5.0, 5.6.0, 5.6.1, 5.7.0, 5.8.0, 5.9.0, 5.9.1, 5.9.2, 6.0.0, 6.0.1, 6.1.0, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.3.0, 6.3.1, 6.4.0, 6.4.1, 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.6.0, 6.6.1, 6.6.2, 7.4.0, 7.4.1, 7.4.2, 7.4.3