Online Media Asset Handling (*.youtube
and *.vimeo
files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a dysfunctional backend component. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability.
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-6.yaml
github.com/TYPO3/typo3
github.com/TYPO3/typo3/commit/054799caf53b28ff92e00aff957fab88c45a7509
github.com/TYPO3/typo3/commit/16567366e2a25c0cbed7208c3be9eda962e28c9b
github.com/TYPO3/typo3/commit/7a5155e0137d01db7e5723849f0493ad5b0c98ac
typo3.org/security/advisory/typo3-core-sa-2018-011