Lucene search
GitHub_MCVELIST:CVE-2024-34358HistoryMay 14, 2024 - 2:26 p.m.
CVE-2024-34358 TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController
2024-05-1414:26:36
CWE-347
CWE-200
GitHub_M
raw.githubusercontent.com
2
typo3
showimagecontroller
cryptographic
hmac-signature
vulnerability
cve-2024-34358
thumbnail images
server side
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the ShowImageController (_eID tx_cms_showpic_) lacks a cryptographic HMAC-signature on the frame HTTP query parameter (e.g. /index.php?eID=tx_cms_showpic?file=3&...&frame=12345). This allows adversaries to instruct the system to produce an arbitrary number of thumbnail images on the server side. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 fix the problem described.
Related
osv
osv
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController
2024-05-14 20:13:34
CVE-2024-34358
2024-05-14 16:17:25
github
github
nessus
nessus
veracode
veracode
Uncontrolled Resource Consumption
2024-05-15 04:00:31
cve
cve
CVE-2024-34358
2024-05-14 16:17:25