TYPO3 Disclosure of Information about Installed Extensions

2024-05-3018:13:02

CWE-200

GitHub Advisory Database

github.com

requirejs

package loading

information disclosure

attack

installed extensions

AI Score

6.7

Confidence

Low

JSON

It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party extensions.

Affected configurations

Vulners

Node

typo3cms-coreRange9.0.0–9.5.4

typo3cms-coreRange8.0.0–8.7.23

VendorProductVersionCPE
typo3cms-core*cpe:2.3:a:typo3:cms-core:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
typo3	cms-core	*	cpe:2.3:a:typo3:cms-core::::::::

References

github.com/advisories/GHSA-p2h4-7fp3-cmh8

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2019-01-22-1.yaml

github.com/TYPO3-CMS/core/commit/7960334bba1223a681283158f67a999334e88cf1

github.com/TYPO3-CMS/core/commit/9453d8a8763fffa76deb6a16f6b99c0ab6f3d8f1

typo3.org/security/advisory/typo3-core-sa-2019-001

AI Score

6.7

Confidence

Low

JSON