Описание
Contao discloses sensitive information in the front end search index
Impact
Protected content elements that are rendered as fragments are indexed and become publicly available in the front end search.
Patches
Update to Contao 4.13.56, 5.3.38 or 5.6.1.
Workarounds
Disable the front end search.
For more information
If you have any questions or comments about this advisory, open an issue in contao/contao.
Пакеты
contao/core-bundle
>= 4.9.14, < 4.13.56
4.13.56
contao/contao
>= 4.9.14, < 4.13.56
4.13.56
contao/core-bundle
>= 5.0.0-RC1, < 5.3.38
5.3.38
contao/core-bundle
>= 5.4.0-RC1, < 5.6.1
5.6.1
contao/contao
>= 5.0.0-RC1, < 5.3.38
5.3.38
contao/contao
>= 5.4.0-RC1, < 5.6.1
5.6.1
Связанные уязвимости
Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. A workaround involves disabling the front end search.