logo

Database

Inadequate file size control In typo3/cms-core

Description

TYPO3 Denial of Service in Online Media Asset Handling Online Media Asset Handling (*.youtube and *.vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a dysfunctional backend component. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GCVE-GHSA-29m4-mx89-3mjg

References

1. https://github.com/TYPO3-CMS/core/commit/9b2ecd2a402a76e17b78f78ed2ac9b7fff36d2012. https://github.com/TYPO3-CMS/core/commit/aa2dcb340bc7f2b815c8eee02cf54e100f82f3e73. https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2018-12-11-6.yaml4. https://typo3.org/security/advisory/typo3-core-sa-2018-011

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.