Lucene search

GitHub Advisory DatabaseGHSA-7733-HJV6-4H47

HistoryOct 08, 2020 - 7:55 p.m.

Cross-Site Scripting in ternary conditional operator

2020-10-0819:55:53

CWE-79

CWE-601

GitHub Advisory Database

github.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

45.9%

JSON

> ### Meta
> * CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C(5.0)
> * CWE-79

:information_source: This vulnerability has been fixed in May 2019 already, CVE and GHSA were assigned later in October 2020

Problem

It has been discovered that the Fluid Engine (package typo3fluid/fluid) is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like the following.

{showFullName ? fullName : defaultValue}

Solution

Update to versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 of this typo3fluid/fluid package that fix the problem described.

Updated versions of this package are bundled in following TYPO3 (typo3/cms-core) releases:

TYPO3 v8.7.25 (using typo3fluid/fluid v2.5.5)
TYPO3 v9.5.6 (using typo3fluid/fluid v2.6.1)

Credits

Thanks to Bill Dagou who reported this issue and to TYPO3 core merger Claus Due who fixed the issue.

References

TYPO3-CORE-SA-2019-013

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionRange<9.5.6

typo3cms_poll_system_extensionRange<8.7.25

typo3cms_poll_system_extensionRange<9.5.6

typo3cms_poll_system_extensionRange<8.7.25

typo3fluidfluidRange<2.6.1

typo3fluidfluidRange<2.5.5

typo3fluidfluidRange<2.4.1

typo3fluidfluidRange<2.3.5

typo3fluidfluidRange<2.2.1

typo3fluidfluidRange<2.1.4

typo3fluidfluidRange<2.0.5

CPENameOperatorVersion
typo3/cmslt9.5.6
typo3/cmslt8.7.25
typo3/cms-corelt9.5.6
typo3/cms-corelt8.7.25
typo3fluid/fluidlt2.6.1
typo3fluid/fluidlt2.5.5
typo3fluid/fluidlt2.4.1
typo3fluid/fluidlt2.3.5
typo3fluid/fluidlt2.2.1
typo3fluid/fluidlt2.1.4

Name	Operator	Version
typo3/cms	lt	9.5.6
typo3/cms	lt	8.7.25
typo3/cms-core	lt	9.5.6
typo3/cms-core	lt	8.7.25
typo3fluid/fluid	lt	2.6.1
typo3fluid/fluid	lt	2.5.5
typo3fluid/fluid	lt	2.4.1
typo3fluid/fluid	lt	2.3.5
typo3fluid/fluid	lt	2.2.1
typo3fluid/fluid	lt	2.1.4

Rows per page:

1-10 of 111

References

github.com/advisories/GHSA-7733-hjv6-4h47

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-15241.yaml

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-15241.yaml

github.com/FriendsOfPHP/security-advisories/blob/master/typo3fluid/fluid/CVE-2020-15241.yaml

github.com/TYPO3/Fluid/commit/9ef6a8ffff2e812025fc0701b4ce72eea6911a3d

github.com/TYPO3/Fluid/security/advisories/GHSA-7733-hjv6-4h47

nvd.nist.gov/vuln/detail/CVE-2020-15241

typo3.org/security/advisory/typo3-core-sa-2019-013

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

45.9%

JSON

Related for GHSA-7733-HJV6-4H47