TYPO3 Arbitrary Shell Execution in Swiftmailer library

2024-05-3018:59:33

CWE-20

GitHub Advisory Database

github.com

typo3

swiftmailer

arbitrary shell execution

configuration option

sendmail

AI Score

7.9

Confidence

High

JSON

The swiftmailer library in use allows to execute arbitrary shell commands if the “From” header comes from a non-trusted source and no “Return-Path” is configured. Affected are only TYPO3 installation the configuration option

$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport']

is set to “sendmail”. Installations with the default configuration are not affected.

Affected configurations

Vulners

Node

typo3typo3_cmsRange4.5.0–4.5.37

typo3typo3_cmsRange4.7.0–4.7.20

typo3typo3_cmsRange6.1.0–6.1.12

typo3typo3_cmsRange6.2.0–6.2.6

VendorProductVersionCPE
typo3typo3_cms*cpe:2.3:a:typo3:typo3_cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
typo3	typo3_cms	*	cpe:2.3:a:typo3:typo3_cms::::::::

References

github.com/advisories/GHSA-45xg-4w5x-j429

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2014-10-22-2.yaml

github.com/TYPO3/typo3/commit/313c4bba53dd78803a9ee97c1f6f1d450a521521

github.com/TYPO3/typo3/commit/6af37574e063929eaab066dd9920b1fa8815da12

github.com/TYPO3/typo3/commit/dbdd9f22b7cebf43f2e4abdb2a6a8a9f32af8f61

github.com/TYPO3/typo3/commit/ead183c5acf25b7e1121adee5a5860bd9b5f05a2

typo3.org/security/advisory/typo3-core-sa-2014-002

AI Score

7.9

Confidence

High

JSON