Описание
TYPO3 Information Disclosure of Installed Extensions
It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party extensions.
Ссылки
- https://github.com/TYPO3/typo3/commit/889ed77d2905d8b17afd31c723a23240c978823f
- https://github.com/TYPO3/typo3/commit/c81cca9e419e7aaed551b9b9a8d012ba7bffb287
- https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-01-22-1.yaml
- https://typo3.org/security/advisory/typo3-core-sa-2019-001
Пакеты
Наименование
typo3/cms
composer
Затронутые версииВерсия исправления
>= 8.0.0, < 8.7.23
8.7.23
Наименование
typo3/cms
composer
Затронутые версииВерсия исправления
>= 9.0.0, < 9.5.4
9.5.4
5.3 Medium
CVSS3
Дефекты
CWE-200
5.3 Medium
CVSS3
Дефекты
CWE-200