Lucene search

GitHub Advisory DatabaseGHSA-34JQ-548X-M2X9

HistoryAug 30, 2021 - 5:22 p.m.

Improper Resource Shutdown or Release in TYPO3 extension

2021-08-3017:22:57

CWE-404

GitHub Advisory Database

github.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.7%

JSON

Wrong usage of the TYPO3 FAL API results in copies of processed files being saved to the /var/transient/ folder of a TYPO3 website on every frontend request. This can result in Denial of Service, since the webspace may be filled up with image files simply by crafting a large amount of requests to the website.

Affected configurations

Vulners

Node

webcoastdeferred-image-processingRange<1.0.2

CPENameOperatorVersion
webcoast/deferred-image-processinglt1.0.2

CPE	Name	Operator	Version
	webcoast/deferred-image-processing	lt	1.0.2

References

github.com/advisories/GHSA-34jq-548x-m2x9

nvd.nist.gov/vuln/detail/CVE-2021-38623

typo3.org/security/advisory/typo3-ext-sa-2021-009

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.7%

JSON

Related for GHSA-34JQ-548X-M2X9