CVE-2012-1605 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=4.6 <4.6.7 || >=4.4.0 <4.4.14 || >=4.5.0 <4.5.14

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0094 pctl0.75341

Details

Typo3 Extbase Framework Unsafe Deserialization The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."

Metadata

Created: 2022-05-17T05:23:50Z
Modified: 2023-08-29T23:30:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7jfm-px59-99w8/GHSA-7jfm-px59-99w8.json
CWE IDs: ["CWE-502"]
Alternative ID: GHSA-7jfm-px59-99w8
Finding: F096
Auto approve: 1