5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
typo3/cms-core is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to a lack of cryptographic HMAC-signature on the frame HTTP query parameter in the ShowImageController
, which allows attackers to generate an arbitrary number of thumbnail images on the server side which can potentially leads to a denial of service by exhausting server resources.
github.com/TYPO3/typo3/commit/05c95fed869a1a6dcca06c7077b83b6ea866ff14
github.com/TYPO3/typo3/commit/1e70ebf736935413b0531004839362b4fb0755a5
github.com/TYPO3/typo3/commit/dbcb8551b902a0ed4b545cb62cc5e389f24b6024
github.com/TYPO3/typo3/commit/df7909b6a1cf0f12a42994d0cc3376b607746142
github.com/TYPO3/typo3/security/advisories/GHSA-36g8-62qv-5957
typo3.org/security/advisory/typo3-core-sa-2024-010
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%