Typo3 10.4
14 vulnérabilités sur 3 paquets ont été trouvés
1 paquets abandonnés ont été trouvés
14 vulnérabilités sur 3 paquets ont été trouvés
11 typo3/cms-core —— v10.4.37 +
high TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
Versions affectées : =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56Versions patchées : 8.7.57 9.5.46 10.4.43 11.5.35 12.4.11 13.0.1 https://github.com/advisories/GHSA-rj3x-wvc6-5j66
high TYPO3 Install Tool vulnerable to Code Execution
Versions affectées : =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56Versions patchées : 8.7.57 9.5.46 10.4.43 11.5.35 12.4.11 13.0.1 https://github.com/advisories/GHSA-5w2h-59j3-8x5w
medium TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController
Versions affectées : >=13.0.0,<=13.1.0|>=12.0.0,<=12.4.14|>=11.0.0,<=11.5.36|>=10.0.0,<=10.4.44|>=9.0.0,<=9.5.47Versions patchées : 9.5.48 10.4.45 11.5.37 12.4.15 13.1.1 https://github.com/advisories/GHSA-hw6c-6gwq-3m3m
medium TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module
Versions affectées : >=13.0.0,<=13.1.0|>=12.0.0,<=12.4.14|>=11.0.0,<=11.5.36|>=10.0.0,<=10.4.44|>=9.0.0,<=9.5.47Versions patchées : 9.5.48 10.4.45 11.5.37 12.4.15 13.1.1 https://github.com/advisories/GHSA-v6mw-h7w6-59w3
medium TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key
Versions affectées : =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56Versions patchées : 8.7.57 9.5.46 10.4.43 11.5.35 12.4.11 13.0.1 https://github.com/advisories/GHSA-h47m-3f78-qp9g
medium TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
Versions affectées : =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56Versions patchées : 8.7.57 9.5.46 10.4.43 11.5.35 12.4.11 13.0.1 https://github.com/advisories/GHSA-wf85-8hx9-gj7c
medium TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords
Versions affectées : =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56Versions patchées : 8.7.57 9.5.46 10.4.43 11.5.35 12.4.11 13.0.1 https://github.com/advisories/GHSA-38r2-5695-334w
medium TYPO3-CORE-SA-2023-006: Weak Authentication in Session Handling
Versions affectées : >=8.0.0,<8.7.55|>=9.0.0,<9.5.44|>=10.0.0,<10.4.41|>=11.0.0,<11.5.33|>=12.0.0,<12.4.8Versions patchées : 8.7.55 9.5.44 10.4.41 11.5.33 12.4.8 https://typo3.org/security/advisory/typo3-core-sa-2023-006
medium TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController
Versions affectées : >=13.0.0,<=13.1.0|>=12.0.0,<=12.4.14|>=11.0.0,<=11.5.36|>=10.0.0,<=10.4.44|>=9.0.0,<=9.5.47Versions patchées : 9.5.48 10.4.45 11.5.37 12.4.15 13.1.1 https://github.com/advisories/GHSA-36g8-62qv-5957
medium Path Traversal in TYPO3 File Abstraction Layer Storages
Versions affectées : =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56Versions patchées : https://github.com/advisories/GHSA-w6x2-jg8h-p6mp
low Information Disclosure due to Out-of-scope Site Resolution
Versions affectées : >=12.0.0,<12.4.4|>=11.0.0,<11.5.30|>=10.0.0,<10.4.39|>=9.4.0,<9.5.42Versions patchées : 9.5.42 10.4.39 11.5.30 12.4.4 https://github.com/advisories/GHSA-jq6g-4v5m-wm9r
1 typo3/cms-rte-ckeditor —— v10.4.37 +
medium Cross-Site Scripting in CKEditor4 WordCount Plugin
Versions affectées : >=11.0.0,<11.5.30|>=10.0.0,<10.4.39|>=9.5.0,<9.5.42Versions patchées : 9.5.42 10.4.39 11.5.30 https://github.com/advisories/GHSA-m8fw-p3cr-6jqc
2 typo3/cms-backend —— v10.4.37 +
low Information Disclosure in TYPO3 Page Tree
Versions affectées : <11.5.40|>=12.0.0,<12.4.21|>=13.0.0,<13.3.1Versions patchées : 13.3.1 12.4.21 11.5.40 https://github.com/advisories/GHSA-rf5m-h8q9-9w6q
low Denial of Service in TYPO3 Bookmark Toolbar
Versions affectées : >=10.0.0,<=10.4.45|>=11.0.0,<=11.5.39|>=12.0.0,<12.4.20|=13.0.0Versions patchées : 13.3.1 12.4.21 11.5.40 10.4.46 https://github.com/advisories/GHSA-ffcv-v6pw-qhrp
1 paquets abandonnés ont été trouvés
Paquet abandonné | Remplacement suggéré |
---|---|
symfony/inflector | EnglishInflector from the String component |