An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wMmpoLTk1amctMnc1Nc4AA3Hv
Information Disclosure in typo3/cms-install tool
The login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-based scenarios only - “classic” non-composer installations are not affected.
Update to TYPO3 version 12.4.8 that fixes the problem described above.
Thanks to Markus Klein who reported and fixed the issue.
Source: GitHub Advisory Database
Published: 14 days ago
Updated: 14 days ago
CVSS Score: 3.7
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-p2jh-95jg-2w55, CVE-2023-47126
Fixed in: 12.4.8