Fluid Attacks Database

Description

XML External Entity (XXE) Processing in TYPO3 Core All XML processing within the TYPO3 CMS are vulnerable to XEE processing. This can lead to load internal and/or external (file) content within an XML structure. Furthermore it is possible to inject arbitrary files for an XML Denial of Service attack. For more information on that topic see https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	typo3/cms	>=6.2.0 <6.2.19 \|\| >=7.6.0 <7.6.4	6.2.19, 7.6.4

Aliases

1. GCVE-GHSA-qffc-gwpp-m2xr

References

1. https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2016-02-23-1.yaml2. https://typo3.org/security/advisory/typo3-core-sa-2016-005

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.