CVE-2024-55892 – typo3/cms-core

Package

Manager: composer
Name: typo3/cms-core
Vulnerable Version: >=9.0.0 <9.5.49 || >=10.0.0 <10.4.48 || >=11.0.0 <11.5.42 || >=12.0.0 <12.4.25 || >=13.0.0 <13.4.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00051 pctl0.15726

Details

TYPO3 Potential Open Redirect via Parsing Differences ### Problem Applications that use `TYPO3\CMS\Core\Http\Uri` to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the validation checks. ### Solution Update to TYPO3 versions 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS that fix the problem described. ### Credits Thanks to Sam Mush and Christian Eßl who reported this issue and to TYPO3 core & security team member Benjamin Franzke who fixed the issue. ### References * [TYPO3-CORE-SA-2025-002](https://typo3.org/security/advisory/typo3-core-sa-2025-002)

Metadata

Created: 2025-01-14T15:24:20Z
Modified: 2025-01-15T15:26:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-2fx5-pggv-6jjr/GHSA-2fx5-pggv-6jjr.json
CWE IDs: ["CWE-601"]
Alternative ID: GHSA-2fx5-pggv-6jjr
Finding: F156
Auto approve: 1