GHSA-47m6-46mj-p235
Suggest an improvement- Source
- https://github.com/advisories/GHSA-47m6-46mj-p235
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-47m6-46mj-p235/GHSA-47m6-46mj-p235.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-47m6-46mj-p235
- Aliases
- Published
- 2022-09-16T18:50:12Z
- Modified
- 2023-11-01T04:59:28.658242Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
- Details
-
Meta
- CVSS:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C(5.7)
Problem
Due to a parsing issue in upstream package <code>masterminds/html5</code>, malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows to by-pass the cross-site scripting mechanism of
typo3/html-sanitizer.Solution
Update to
typo3/html-sanitizerversions 1.0.7 or 2.0.16 that fix the problem described.Credits
Thanks to David Klein who reported this issue, and to TYPO3 security team member Oliver Hader who fixed the issue.
- CVSS:
- Database specific
{ "nvd_published_at": "2022-09-13T17:15:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed_at": "2022-09-16T18:50:12Z", "github_reviewed": true }- References
-
- https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-47m6-46mj-p235
- https://nvd.nist.gov/vuln/detail/CVE-2022-36020
- https://github.com/TYPO3/html-sanitizer/commit/60bfdc7f9b394d0236e16ee4cea8372a7defa493
- https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36020.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36020.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/html-sanitizer/CVE-2022-36020.yaml
- https://github.com/TYPO3/html-sanitizer
- https://packagist.org/packages/masterminds/html5
- https://packagist.org/packages/typo3/html-sanitizer
- https://typo3.org/security/advisory/typo3-core-sa-2022-011
Affected packages
Packagist
typo3/html-sanitizer
Package
- Name
- typo3/html-sanitizer
- Purl
- pkg:composer/typo3/html-sanitizer
typo3/html-sanitizer
typo3/cms-core
Package
- Name
- typo3/cms-core
- Purl
- pkg:composer/typo3/cms-core
Affected versions
v10.*
v10.0.0
v10.1.0
v10.2.0
v10.2.1
v10.2.2
v10.3.0
v10.4.0
v10.4.1
v10.4.2
v10.4.3
v10.4.4
v10.4.5
v10.4.6
v10.4.7
v10.4.8
v10.4.9
v10.4.10
v10.4.11
v10.4.12
v10.4.13
v10.4.14
v10.4.15
v10.4.16
v10.4.17
v10.4.18
v10.4.19
v10.4.20
v10.4.21
v10.4.22
v10.4.23
v10.4.24
v10.4.25
v10.4.26
v10.4.27
v10.4.28
v10.4.29
v10.4.30
v10.4.31
typo3/cms-core
typo3/cms
Package
- Name
- typo3/cms
- Purl
- pkg:composer/typo3/cms
Affected versions
v10.*
v10.0.0
v10.1.0
v10.2.0
v10.2.1
v10.2.2
v10.3.0
v10.4.0
v10.4.1
v10.4.2
v10.4.3
v10.4.4
v10.4.5
v10.4.6
v10.4.7
v10.4.8
v10.4.9
v10.4.10
v10.4.11
v10.4.12
v10.4.13
v10.4.14
v10.4.15
v10.4.16
v10.4.17
v10.4.18
v10.4.19
v10.4.20
v10.4.21
v10.4.22
v10.4.23
v10.4.24
v10.4.25
v10.4.26
v10.4.27
v10.4.28
v10.4.29
v10.4.30
v10.4.31