<p>Upgrade <code>typo3/cms-core</code> to version 8.7.27, 9.5.8 or higher.</p>

=9.0.0, <9.5.8

Snyk CVSS

Attack Complexity Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PHP-TYPO3CMSCORE-1535114
published 30 Jul 2021
disclosed 30 Jul 2021
credit Florian Weiss

Report a new vulnerability Found a mistake?

Introduced: 30 Jul 2021

CWE-200 Open this link in a new tab

How to fix?

Upgrade typo3/cms-core to version 8.7.27, 9.5.8 or higher.

Overview

typo3/cms-core is a free open source enterprise content management system.

Affected versions of this package are vulnerable to Information Disclosure. The element information component used to display properties of a certain record is susceptible to information disclosure. The list of references from or to the record is not properly checked for the backend user’s permissions. A valid backend user account is needed in order to exploit this vulnerability.

References

Typo3 Security Advisory