0.001 Low
EPSS
Percentile
34.8%
typo3/cms-core is vulnerable to open redirect. The vulnerability exists through the missing check in GeneralUtility::sanitizeLocalUrl() that allowed any URLs that starts with // to be considered a local url, and hence allowed to be redirected.
GeneralUtility::sanitizeLocalUrl()
//
github.com/TYPO3/TYPO3.CMS/commit/6f17455d0b5d5ffa4d50580802e0ba514dae999b
github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp
packagist.org/packages/typo3/cms-core
typo3.org/security/advisory/typo3-core-sa-2021-001