CVE-2014-8328 – t3/dce

Package

Manager: composer
Name: t3/dce
Vulnerable Version: >=0 <0.11.5

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00324 pctl0.54837

Details

DCE extension for Typo3 Discloses Environment Information The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request.

Metadata

Created: 2022-05-17T19:57:24Z
Modified: 2023-08-15T22:34:06Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v4vm-gj2x-6qhm/GHSA-v4vm-gj2x-6qhm.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-v4vm-gj2x-6qhm
Finding: F308
Auto approve: 1