TYPO3 Denial of Service in Frontend Record Registration

2024-06-0718:30:35

CWE-770

GitHub Advisory Database

github.com

typo3

record registration

denial of service

frontend

vulnerability

database

7.1 High

AI Score

Confidence

High

JSON

TYPO3’s built-in record registration functionality (aka basic shopping cart) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual session-data records in the database.

Affected configurations

Vulners

Node

typo3typo3Range<8.7.21

typo3typo3Range<7.6.32

CPENameOperatorVersion
typo3/cmslt8.7.21
typo3/cmslt7.6.32

CPE	Name	Operator	Version
	typo3/cms	lt	8.7.21
	typo3/cms	lt	7.6.32

References

github.com/advisories/GHSA-g585-crjf-vhwq

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-7.yaml

github.com/TYPO3/typo3/commit/05011d1248c54d00960e344fd920a6246da92415

github.com/TYPO3/typo3/commit/fc2b4b9fb978088267f83e73cd401d4371dd40e3

typo3.org/security/advisory/typo3-core-sa-2018-012

7.1 High

AI Score

Confidence

High

JSON