Описание
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| typo3-src | fixed | 4.5.40+dfsg1-1 | package | |
| typo3-src | end-of-life | wheezy | package | |
| typo3-src | end-of-life | squeeze | package |
Примечания
https://review.typo3.org/#/c/35222/
https://review.typo3.org/gitweb?p=Packages/TYPO3.CMS.git;a=commitdiff;h=63ae7ddd11d284a121f23ce86282e3149bc16f96
EPSS
Связанные уязвимости
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.
EPSS