CVE-2019-11832 – typo3/cms-core

Package

Manager: composer
Name: typo3/cms-core
Vulnerable Version: >=8.0.0 <8.7.25 || >=9.0.0 <9.5.6

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00898 pctl0.74772

Details

TYPO3 Image Processing susceptible to Code Execution TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 is susceptible to remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick. For a successful exploit, the GhostScript binary `gs` must be available on the server system.

Metadata

Created: 2022-05-24T21:59:47Z
Modified: 2024-02-20T15:13:51Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3w4h-r27h-4r2w/GHSA-3w4h-r27h-4r2w.json
CWE IDs: ["CWE-20", "CWE-94"]
Alternative ID: GHSA-3w4h-r27h-4r2w
Finding: F184
Auto approve: 1