4 matches found
CVE-2026-49738 TYPO3 CMS - Broken Access Control in File Abstraction Layer
The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator...
User can bypass their approved redeem allowance
Lines of code Vulnerability details Impact The caller can bypass the allowance check by exploiting the exchange rate calculation and drain funds from the contract up to the full balance owned by msg.sender, not just the amount approved in the allowance. Proof of Concept The issue is that...
Call to safeApprove without checking previous allowance in burnFees could result in locked funds
Lines of code Vulnerability details Impact Using this deprecated function can lead to unintended reverts and potentially the locking of funds. A deeper discussion on the deprecation of this function is in OZ issue 2219 OpenZeppelin/openzeppelin-contracts2219. Proof Of Concept Refer to the burnFee...
redeemToken can fail for certain tokens
Handle cmichel Vulnerability details The SwappableYieldSource.redeemToken function transfers tokens from the contract back to the sender, however, it uses the ERC20.transferFromaddressthis, msg.sender, redeemableBalance function for this. Some deposit token implementations might fail as...