Cross-Site Scripting in third party library mso/idna-convert

2024-06-0515:02:40

CWE-79

GitHub Advisory Database

github.com

third party library

file exposure

composer installation

typo3_src

information security

AI Score

Confidence

Low

JSON

Make sure to not expose the vendor directory to the publicly accessible document root. In composer managed installation, make sure to configure a dedicated web folder. In general it is recommended to not expose the complete typo3_src sources folder in the document root.

Affected configurations

Vulners

Node

typo3typo3_cmsRange8.0.0–8.2.1

typo3typo3_cmsRange7.6.0–7.6.10

VendorProductVersionCPE
typo3typo3_cms*cpe:2.3:a:typo3:typo3_cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
typo3	typo3_cms	*	cpe:2.3:a:typo3:typo3_cms::::::::

References

github.com/advisories/GHSA-qmwf-j7g7-f5jw

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2016-07-19-7.yaml

typo3.org/security/advisory/typo3-core-sa-2016-020

AI Score

Confidence

Low

JSON