2 matches found
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the JSON Web Services published to OSGi. An attacker can gain unauthorized access to restricted service operations by invoking classes directly, which causes Service Access Policies to be executed. Remediatio...
Arbitrary Code Injection
Overview typo3/cms is a free open source Content Management Framework. Affected versions of this package are vulnerable to Arbitrary Code Injection via the File Abstraction Layer FAL when renaming a file, by using unspecified characters in the file extension. Note: This is only exploitable if the...