Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1najQ4LXc3NHctOGd2bc4AA5cs

Moderate
Permalink JSON

Path Traversal in TYPO3 Core

Affected Packages Affected Versions Fixed Versions
packagist:typo3/cms >= 8.0.0, < 8.4.1, >= 7.6.0, < 7.6.13, >= 6.2.0, < 6.2.29 8.4.1, 7.6.13, 6.2.29
380 Dependent packages
407 Dependent repositories
1,865,029 Downloads total

Affected Version Ranges

All affected versions

6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.10-rc1, 6.2.11, 6.2.12, 6.2.13, 6.2.14, 6.2.15, 6.2.16, 6.2.17, 6.2.18, 6.2.19, 6.2.20, 6.2.21, 6.2.22, 6.2.23, 6.2.24, 6.2.25, 6.2.26, 6.2.27, 6.2.28, 7.6.0, 7.6.1, 7.6.2, 7.6.3, 7.6.4, 7.6.5, 7.6.6, 7.6.7, 7.6.8, 7.6.9, 7.6.10, 7.6.11, 7.6.12, 8.0.0, 8.0.1, 8.1.0, 8.1.1, 8.1.2, 8.2.0, 8.2.1, 8.3.0, 8.3.1, 8.4.0

All unaffected versions

6.2.29, 6.2.30, 6.2.31, 7.0.0, 7.0.1, 7.0.2, 7.1.0, 7.2.0, 7.3.0, 7.3.1, 7.4.0, 7.5.0, 7.6.13, 7.6.14, 7.6.15, 7.6.16, 7.6.17, 7.6.18, 7.6.19, v7.6.20, v7.6.21, v7.6.22, v7.6.23, v7.6.24, v7.6.25, v7.6.26, v7.6.27, v7.6.28, v7.6.29, v7.6.30, v7.6.31, v7.6.32, 8.4.1, 8.5.0, 8.5.1, 8.6.0, 8.6.1, 8.7.0, 8.7.1, 8.7.2, v8.7.3, v8.7.4, v8.7.5, v8.7.6, v8.7.7, v8.7.8, v8.7.9, v8.7.10, v8.7.11, v8.7.12, v8.7.13, v8.7.14, v8.7.15, v8.7.16, v8.7.17, v8.7.18, v8.7.19, v8.7.20, v8.7.21, v8.7.22, v8.7.23, v8.7.24, v8.7.25, v8.7.26, v8.7.27, v8.7.28, v8.7.29, v8.7.30, v8.7.31, v8.7.32, v9.0.0, v9.1.0, v9.2.0, v9.2.1, v9.3.0, v9.3.1, v9.3.2, v9.3.3, v9.4.0, v9.5.0, v9.5.1, v9.5.2, v9.5.3, v9.5.4, v9.5.5, v9.5.6, v9.5.7, v9.5.8, v9.5.9, v9.5.10, v9.5.11, v9.5.12, v9.5.13, v9.5.14, v9.5.15, v9.5.16, v9.5.17, v9.5.18, v9.5.19, v9.5.20, v9.5.21, v9.5.22, v9.5.23, v9.5.24, v9.5.25, v9.5.26, v9.5.27, v9.5.28, v9.5.29, v9.5.30, v9.5.31, v10.0.0, v10.1.0, v10.2.0, v10.2.1, v10.2.2, v10.3.0, v10.4.0, v10.4.1, v10.4.2, v10.4.3, v10.4.4, v10.4.5, v10.4.6, v10.4.7, v10.4.8, v10.4.9, v10.4.10, v10.4.11, v10.4.12, v10.4.13, v10.4.14, v10.4.15, v10.4.16, v10.4.17, v10.4.18, v10.4.19, v10.4.20, v10.4.21, v10.4.22, v10.4.23, v10.4.24, v10.4.25, v10.4.26, v10.4.27, v10.4.28, v10.4.29, v10.4.30, v10.4.31, v10.4.32, v10.4.33, v10.4.34, v10.4.35, v10.4.36, v10.4.37, v11.0.0, v11.1.0, v11.1.1, v11.2.0, v11.3.0, v11.3.1, v11.3.2, v11.3.3, v11.4.0, v11.5.0, v11.5.1, v11.5.2, v11.5.3, v11.5.4, v11.5.5, v11.5.6, v11.5.7, v11.5.8, v11.5.9, v11.5.10, v11.5.11, v11.5.12, v11.5.13, v11.5.14, v11.5.15, v11.5.16, v11.5.17, v11.5.18, v11.5.19, v11.5.20, v11.5.21, v11.5.22, v11.5.23, v11.5.24, v11.5.25, v11.5.26, v11.5.27, v11.5.28, v11.5.29, v11.5.30, v11.5.31, v11.5.32, v11.5.33, v11.5.34, v11.5.35, v11.5.36, v11.5.37, v11.5.38, v11.5.39, v11.5.40, v11.5.41, v12.0.0, v12.1.0, v12.1.1, v12.1.2, v12.1.3, v12.2.0, v12.3.0, v12.4.0, v12.4.1, v12.4.2, v12.4.3, v12.4.4, v12.4.5, v12.4.6, v12.4.7, v12.4.8, v12.4.9, v12.4.10, v12.4.11, v12.4.12, v12.4.13, v12.4.14, v12.4.15, v12.4.16, v12.4.17, v12.4.18, v12.4.19, v12.4.20, v12.4.21, v12.4.22, v12.4.23, v12.4.24, v12.4.25, v12.4.26, v12.4.27, v12.4.28, v12.4.29, v12.4.30, v12.4.31, v12.4.32, v12.4.33, v12.4.34, v13.0.0, v13.0.1, v13.1.0, v13.1.1, v13.2.0, v13.2.1, v13.3.0, v13.3.1, v13.4.0, v13.4.1, v13.4.2, v13.4.3, v13.4.4, v13.4.5, v13.4.6, v13.4.7, v13.4.8, v13.4.9, v13.4.10, v13.4.11, v13.4.12, v13.4.13, v13.4.14, v13.4.15

Due to a too loose type check in an API method, attackers could bypass the directory traversal check by providing an invalid UTF-8 encoding sequence.

References:

Identifiers

GHSA-gj48-w74w-8gvm

Risk

Severity

Moderate

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

over 1 year ago

Updated

over 1 year ago

API

JSON