Описание
TYPO3 Security Misconfiguration in Install Tool Cookie
It has been discovered that cookies created in the Install Tool are not hardened to be submitted only via HTTP. In combination with other vulnerabilities such as cross-site scripting it can lead to hijacking an active and valid session in the Install Tool.
Пакеты
Наименование
typo3/cms-core
composer
Затронутые версииВерсия исправления
>= 8.0.0, < 8.7.21
8.7.21
Наименование
typo3/cms-core
composer
Затронутые версииВерсия исправления
>= 9.0.0, < 9.5.2
9.5.2
Наименование
typo3/cms-core
composer
Затронутые версииВерсия исправления
>= 7.0.0, < 7.6.32
7.6.32
7.5 High
CVSS3
Дефекты
CWE-1004
7.5 High
CVSS3
Дефекты
CWE-1004