Lucene search

K

Veracode Vulnerability DatabaseVERACODE:38491

HistoryDec 15, 2022 - 5:42 a.m.

Information Disclosure

2022-12-1505:42:44

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

14

typo3

information disclosure

vulnerability

yaml

placeholder expressions

site configuration backend module

attacker

sensitive information

EPSS

0.001

Percentile

38.7%

typo3 is vulnerable to information disclosure. The vulnerability exists because the library does not properly handle user-submitted YAML placeholder expressions in the site configuration backend module which allows an attacker to access sensitive information of the system. .

References

github.com/TYPO3-CMS/core/commit/3cc015cf2e7827aebe77e5c60653268077049839

github.com/TYPO3-CMS/core/commit/874e3193a12b9e75025ca3ae76b899c1fa6d4d98

github.com/TYPO3-CMS/core/commit/bed9651c5b2ee6ab4e1287b107e1c50793364d2a

github.com/TYPO3/typo3/commit/091735d63701224fcba913376a54578438bb194c

github.com/TYPO3/typo3/commit/49a3b33ee6b47f9160863da1d83fdf80d1998577

github.com/TYPO3/typo3/commit/e271621f627906265f8cc50287f2f03713c651fe

github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr

EPSS

0.001

Percentile

38.7%

Related for VERACODE:38491

osv3 github1 openvas1 cvelist1 friendsofphp2 prion1 nvd1 nessus2 ubuntucve1 cve1 freebsd1