Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01OThwLXJ2NnAtZzdxY84AAiZx
sr_freecap for Typo3 RCE Vulnerability
The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote Code Execution.
Permalink: https://github.com/advisories/GHSA-598p-rv6p-g7qcJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01OThwLXJ2NnAtZzdxY84AAiZx
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 2 years ago
Updated: 8 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-598p-rv6p-g7qc, CVE-2019-16699
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-16699
- https://extensions.typo3.org/extension/sr_freecap
- https://typo3.org/security/advisory/typo3-ext-sa-2019-018/
- https://github.com/advisories/GHSA-598p-rv6p-g7qc
Affected Packages
packagist:sjbr/sr-freecap
Dependent packages: 10Dependent repositories: 3
Downloads: 104,651 total
Affected Version Ranges: < 2.4.6, >= 2.5.0, < 2.5.3
Fixed in: 2.4.6, 2.5.3
All affected versions: 2.3.1, 2.4.0, 2.4.4, 2.4.5, 2.5.0, 2.5.1, 2.5.2
All unaffected versions: 2.4.6, 2.5.3, 2.5.4, 2.6.0, 2.6.1, 2.6.2, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 12.4.0, 12.4.1, 12.4.2, 12.4.3, 12.4.4