Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1oang1LXY5eGctN2gyNc4AA8j2
TYPO3 Denial of Service in Frontend Record Registration
TYPO3’s built-in record registration functionality (aka “basic shopping cart”) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual session-data records in the database.
Permalink: https://github.com/advisories/GHSA-hjx5-v9xg-7h25JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oang1LXY5eGctN2gyNc4AA8j2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 3 months ago
Updated: 3 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-hjx5-v9xg-7h25
References:
- https://github.com/TYPO3-CMS/core/commit/5a44f93e9233e8f72159f9a67db26ed4bd5a10e0
- https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2018-12-11-7.yaml
- https://typo3.org/security/advisory/typo3-core-sa-2018-012
- https://github.com/advisories/GHSA-hjx5-v9xg-7h25
Blast Radius: 26.9
Affected Packages
packagist:typo3/cms-core
Dependent packages: 3,067Dependent repositories: 3,856
Downloads: 7,844,286 total
Affected Version Ranges: >= 7.0.0, < 7.6.32, >= 8.0.0, < 8.7.21
Fixed in: 7.6.32, 8.7.21
All affected versions: 8.7.7, 8.7.8, 8.7.9, 8.7.10, 8.7.11, 8.7.12, 8.7.13, 8.7.14, 8.7.15, 8.7.16, 8.7.17, 8.7.18, 8.7.19, 8.7.20
All unaffected versions: 8.7.21, 8.7.22, 8.7.23, 8.7.24, 8.7.25, 8.7.26, 8.7.27, 8.7.28, 8.7.29, 8.7.30, 8.7.31, 8.7.32, 9.0.0, 9.1.0, 9.2.0, 9.2.1, 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.4.0, 9.5.0, 9.5.1, 9.5.2, 9.5.3, 9.5.4, 9.5.5, 9.5.6, 9.5.7, 9.5.8, 9.5.9, 9.5.10, 9.5.11, 9.5.12, 9.5.13, 9.5.14, 9.5.15, 9.5.16, 9.5.17, 9.5.18, 9.5.19, 9.5.20, 9.5.21, 9.5.22, 9.5.23, 9.5.24, 9.5.25, 9.5.26, 9.5.27, 9.5.28, 9.5.29, 9.5.30, 9.5.31, 10.0.0, 10.1.0, 10.2.0, 10.2.1, 10.2.2, 10.3.0, 10.4.0, 10.4.1, 10.4.2, 10.4.3, 10.4.4, 10.4.5, 10.4.6, 10.4.7, 10.4.8, 10.4.9, 10.4.10, 10.4.11, 10.4.12, 10.4.13, 10.4.14, 10.4.15, 10.4.16, 10.4.17, 10.4.18, 10.4.19, 10.4.20, 10.4.21, 10.4.22, 10.4.23, 10.4.24, 10.4.25, 10.4.26, 10.4.27, 10.4.28, 10.4.29, 10.4.30, 10.4.31, 10.4.32, 10.4.33, 10.4.34, 10.4.35, 10.4.36, 10.4.37, 11.0.0, 11.1.0, 11.1.1, 11.2.0, 11.3.0, 11.3.1, 11.3.2, 11.3.3, 11.4.0, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.5.11, 11.5.12, 11.5.13, 11.5.14, 11.5.15, 11.5.16, 11.5.17, 11.5.18, 11.5.19, 11.5.20, 11.5.21, 11.5.22, 11.5.23, 11.5.24, 11.5.25, 11.5.26, 11.5.27, 11.5.28, 11.5.29, 11.5.30, 11.5.31, 11.5.32, 11.5.33, 11.5.34, 11.5.35, 11.5.36, 11.5.37, 11.5.38, 11.5.39, 12.0.0, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.2.0, 12.3.0, 12.4.0, 12.4.1, 12.4.2, 12.4.3, 12.4.4, 12.4.5, 12.4.6, 12.4.7, 12.4.8, 12.4.9, 12.4.10, 12.4.11, 12.4.12, 12.4.13, 12.4.14, 12.4.15, 12.4.16, 12.4.17, 12.4.18, 12.4.19, 13.0.0, 13.0.1, 13.1.0, 13.1.1, 13.2.0, 13.2.1