TYPO3 Denial of Service in Online Media Asset Handling

2024-06-0719:56:24

CWE-770

GitHub Advisory Database

github.com

typo3

dos

online media asset

handling

denial of service

backend

resource consumption

dysfunction

vulnerability

backend user

server write access

7 High

AI Score

Confidence

High

JSON

Online Media Asset Handling (*.youtube and *.vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a dysfunctional backend component. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability.

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionRange<9.5.2

typo3cms_poll_system_extensionRange<8.7.21

typo3cms_poll_system_extensionRange<7.6.32

CPENameOperatorVersion
typo3/cmslt9.5.2
typo3/cmslt8.7.21
typo3/cmslt7.6.32

Name	Operator	Version
typo3/cms	lt	9.5.2
typo3/cms	lt	8.7.21
typo3/cms	lt	7.6.32

References

github.com/advisories/GHSA-f3wf-q4fj-3gxf

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-6.yaml

github.com/TYPO3/typo3/commit/054799caf53b28ff92e00aff957fab88c45a7509

github.com/TYPO3/typo3/commit/16567366e2a25c0cbed7208c3be9eda962e28c9b

github.com/TYPO3/typo3/commit/7a5155e0137d01db7e5723849f0493ad5b0c98ac

typo3.org/security/advisory/typo3-core-sa-2018-011

7 High

AI Score

Confidence

High

JSON