typo3/cms-core is vulnerable to Denial of Service (DoS). The vulnerability is due to improper session validation, which allows attackers to create an arbitrary amount of individual session-data records in the database, which results in Denial of Service.