CVE-2020-11066 – typo3/cms-core

Package

Manager: composer
Name: typo3/cms-core
Vulnerable Version: >=9.0.0 <9.5.17 || >=10.0.0 <10.4.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H

EPSS: 0.00528 pctl0.66235

Details

Class destructors causing side-effects when being unserialized in TYPO3 CMS Calling unserialize() on malicious user-submitted content can result in the following scenarios: - trigger deletion of arbitrary directory in file system (if writable for web server) - trigger message submission via email using identity of web site (mail relay) Another insecure deserialization vulnerability is required to actually exploit mentioned aspects. Update to TYPO3 versions 9.5.17 or 10.4.2 that fix the problem described. ### References * https://typo3.org/security/advisory/typo3-core-sa-2020-004

Metadata

Created: 2020-05-13T23:18:38Z
Modified: 2021-01-08T20:16:34Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/05/GHSA-2rxh-h6h9-qrqc/GHSA-2rxh-h6h9-qrqc.json
CWE IDs: ["CWE-1321", "CWE-915"]
Alternative ID: GHSA-2rxh-h6h9-qrqc
Finding: F390
Auto approve: 1